210-260 Exam Questions
99 real 210-260 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1Cisco Firewall Technologies
Which statement about communication over failover interfaces is true?
failover interfacestateful failoverASA HAclear text - Question #2VPN
Which three ESP fields can be encrypted during transmission? (Choose three)
ESP fieldsIPsec encryptionpacket structureVPN - Question #3Secure Access
According to Cisco best practices, which three protocols should the default ACL allow an access port to enable wired BYOD devices to supply valid credentials and connect to the net...
BYODACLwired access802.1x - Question #4Secure Access
Refer to the exhibit. If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?
802.1xsupplicantwebauthauthentication fallback - Question #5IPS
Which SOURCEFIRE logging action should you choose to record the most detail about a connection.
Sourcefireconnection loggingsession loggingIPS - Question #6Security Concepts
What type of algorithm uses the same key to encryp and decrypt data?
symmetric encryptioncryptographyencryption algorithmskey management - Question #7Cisco Firewall Technologies
If a packet matches more than one class map in an individual feature type's policy map, how does the ASA handle the packet?
ASA policy mapclass mapMPFpacket processing - Question #8IPS
You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP address Reputation. A user calls and is not able to access a c...
SourcefireSecurity IntelligenceIP reputationwhitelist - Question #9Secure Access
Which EAP method uses protected Access Credentials?
EAP-FASTProtected Access CredentialsEAP methodsauthentication - Question #10Security Concepts
In which two situations should you use out-of-band management? (Choose two)
out-of-band managementROMMONnetwork managementdevice failure - Question #11Secure Routing and Switching
What features can protect the data plane? (Choose three.)
data planeACLantispoofingDHCP snooping - Question #12VPN
How many crypto map sets can you apply to a router interface?
crypto mapIPsecrouter interfaceVPN configuration - Question #13Secure Routing and Switching
What is the transition order of STP states on a Layer 2 switch interface?
STP statesLayer 2spanning treeswitching - Question #14IPS
Which sensor mode can deny attackers inline?
IPS inline modeIDSsensor modeattack denial - Question #15IPS
Which options are filtering options used to display SDEE message types?
SDEEIPS loggingmessage filteringevent types - Question #16Security Concepts
When a company puts a security policy in place, what is the effect on the company's business?
security policyrisk managementbusiness impactcompliance - Question #17Secure Routing and Switching
Which wildcard mask is associated with a subnet mask of /27?
wildcard masksubnet maskACLIP addressing - Question #18Secure Routing and Switching
Which statements about reflexive access lists are true?
reflexive ACLsession filteringextended ACLUDP TCP sessions - Question #19IPS
Which actions can a promiscuous IPS take to mitigate an attack?
promiscuous IPSIPS actionsattack mitigationIDS mode - Question #20Security Concepts
Which Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts?
Cisco Security ManagerHealth and Performance Monitordevice monitoringalerts - Question #21Secure Access
Which command is needed to enable SSH support on a Cisco Router?
SSH configurationcrypto keyRSACisco IOS - Question #22Secure Access
In which three ways does the TACACS protocol differ from RADIUS? (Choose three)
TACACSRADIUSAAA protocolsauthentication - Question #23VPN
Scenario In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN conf...
Clientless SSL VPNuser authenticationASA ASDMconnection profile - Question #24VPN
Scenario In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN conf...
Clientless SSL VPNgroup policyASA ASDMconnection profile - Question #25VPN
Scenario In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN conf...
SSL VPNgroup policyASA ASDMVPN access methods - Question #26VPN
Scenario In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN conf...
group policytunneling protocolsIPsec IKEv1SSL VPN - Question #28Security Concepts
What is the purpose of the Integrity component of the CIA triad?
CIA triadintegritydata protectionsecurity fundamentals - Question #29Secure Access
Which two statements about Telnet access to the ASA are true? (Choose two).
TelnetASA management accessSSH best practiceinterface access - Question #30Security Concepts
Which protocol provides security to Secure Copy?
Secure CopySCPSSHfile transfer security - Question #31VPN
A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take...
Clientless SSL VPNRDP plug-inportal troubleshootingVPN gateway - Question #32Cisco Firewall Technologies
Which security zone is automatically defined by the system?
security zoneszone-based firewallself zoneZPF - Question #33VPN
What are purposes of the Internet Key Exchange in an IPsec VPN? (Choose two.)
IKEIPsecsecurity associationsmutual authentication - Question #34Secure Routing and Switching
Which address block is reserved for locally assigned unique local addresses?
IPv6 addressingunique local addressesULAFD00::/8 - Question #35Secure Access
What is a possible reason for the error message? Router(config)#aaa server?% Unrecognized command
AAA configurationaaa new-modelIOS CLIRADIUS - Question #36VPN
Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)
smart tunnelsClientless SSL VPNport forwardingASA - Question #37Secure Routing and Switching
Which option describes information that must be considered when you apply an access list to a physical interface?
access listaccess groupinterface ACLtraffic direction - Question #38VPN
Which source port does IKE use when NAT has been detected between two VPN gateways?
IKENAT-TNAT traversalUDP 4500 - Question #39VPN
Which of the following are features of IPsec transport mode? (Choose three.)
IPsec transport modepayload encryptionunicastend-to-end IPsec - Question #40Secure Routing and Switching
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
Layer 3 interfaceno switchportSVIrouted port - Question #41VPN
Which command verifies phase 1 of an IPsec VPN on a Cisco router?
IPsec VPNIKE Phase 1ISAKMPshow commands - Question #42IPS
What is the purpose of a honeypot IPS?
honeypotIPSattack intelligencethreat detection - Question #43Cisco Firewall Technologies
Which type of firewall can act on the behalf of the end device?
proxy firewallfirewall typesapplication proxynetwork security - Question #44VPN
Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as command. What does the given output show?
IPsec troubleshootingISAKMP SAIKE Phase 1QM_IDLE state - Question #45Security Concepts
What type of attack was the Stuxnet virus?
Stuxnetcyber warfaremalwareattack classification - Question #46VPN
Which type of secure connectivity does an extranet provide?
extranetVPN typessite-to-site VPNpartner connectivity - Question #47Secure Routing and Switching
After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to a...
secure boot-imageIOS image protectionrouter hardeningCisco IOS resilience - Question #48Content and Endpoint Security
What is a reason for an organization to deploy a personal firewall?
personal firewallhost-based securityendpoint protectiondesktop firewall - Question #49IPS
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
FirePOWER preprocessorrate-based preventionSYN floodIPS engine - Question #50VPN
What VPN feature allows traffic to exit the security appliance through the same interface it entered?
hairpinningVPN traffic flowsame-interface routingASA VPN - Question #51IPS
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
IPS response actionsinline modedeny connectionattack mitigation