210-260 Exam Questions
99 real 210-260 exam questions with expert-verified answers and explanations. Page 2 of 2.
- Question #52Secure Access
Which statement about Cisco ACS authentication and authorization is true?
Cisco ACSAAATACACS+ACS scalability - Question #53Cisco Firewall Technologies
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
zone-based firewallmulticast trafficcontrol plane policingZBF limitations - Question #54Secure Access
What is one requirement for locking a wired or wireless device from ISE?
Cisco ISEMDM integrationdevice lockNAC - Question #55Cisco Firewall Technologies
Refer to the exhibit. What type of firewall would use the given cofiguration line?
stateful firewallfirewall typesstateful inspectionconnection tracking - Question #56Secure Routing and Switching
What are two default Cisco IOS privilege levels? (Choose two)
IOS privilege levelsrole-based CLI accessrouter hardeningAAA - Question #57VPN
What is the effect of the given command sequence?
IPSeccrypto ACLVPN policyIKE - Question #58Security Concepts
Which tool can an attacker use to attempt a DDos attack?
DDoS attackbotnetattack toolsthreat landscape - Question #59VPN
how does the Cisco ASA use Active Directory to authorize VPN users?
Cisco ASAActive DirectoryVPN authorizationLDAP attributes - Question #60Content and Endpoint Security
Which statement about application blocking is true?
application blockingcontent filteringprogram access controlendpoint security - Question #61Cisco Firewall Technologies
For what reason would you configure multiple security contexts on the ASA firewall?
ASA security contextsmulti-context modevirtual firewallnetwork segmentation - Question #62VPN
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?
hairpinningVPN traffic routingsplit tunnelingremote access VPN - Question #63Content and Endpoint Security
When is the best time to perform an anti-virus signature update?
antivirus signaturessignature updatesendpoint securitymalware protection - Question #64Secure Routing and Switching
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
key chain authenticationsend-lifetimerouting protocol authenticationkey management - Question #65Content and Endpoint Security
Which Statement about personal firewalls is true?
personal firewallhost-based firewallendpoint protectionprobing defense - Question #66VPN
Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?
show crypto ipsec saIPSec Phase 2site-to-site VPNSA troubleshooting - Question #67Secure Routing and Switching
Which statement about a PVLAN isolated port configured on a switch is true?
private VLANisolated portpromiscuous portPVLAN traffic rules - Question #68Secure Access
Within an 802.1X enabled network with the Auth Fail feature configured, when does a switch port get placed into a restricted VLAN?
802.1XAuth Fail VLANrestricted VLANport authentication - Question #69Security Concepts
What type of security support is provided by the Open Web Application Security Project?
OWASPweb application securityvulnerability educationsecurity frameworks - Question #70Secure Routing and Switching
Refer to the exhibit. Which statement about the device time is true?
NTPclock synchronizationstratumtime authority - Question #71Secure Routing and Switching
In what type of attack does an attacker virtually change a devices burned in address in an attempt to circumvent access lists and mask the device's true identity?
MAC spoofingburned-in addresslayer 2 attackidentity masking - Question #72Cisco Firewall Technologies
How does a zone-based firewall implementation handle traffic between Interfaces in the same Zone?
zone-based firewallsame-zone trafficZBF policyintra-zone behavior - Question #73Secure Routing and Switching
An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?
STP attackroot bridge electionsuperior BPDUrogue switch - Question #74Security Concepts
Which two next generation encryption algorithms does Cisco recommend? (Choose two)
next-generation encryptionAESSHA-384encryption algorithm selection - Question #75Cisco Firewall Technologies
In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).
ASA HTTP inspectionstateful inspectionACL permitNAT translation - Question #76Secure Routing and Switching
Which two features are commonly used CoPP and CPPr to protect the control plane? (Choose two.)
CoPPCPPrcontrol plane protectiontraffic classification - Question #77Content and Endpoint Security
What is an advantage of implementing a Trusted Platform Module for disk encryption?
TPMdisk encryptionhardware authenticationendpoint security - Question #78VPN
Refer to the exhibit. What is the effect of the given command sequence?
IKE Phase 1ISAKMP policycrypto mapsite-to-site VPN - Question #79Content and Endpoint Security
A specific URL has been identified as containing malware. What action can you take to block users from accidentaly visiting the URL and becoming infected with malware?
URL filteringblacklistmalware blockingperimeter router - Question #80Secure Routing and Switching
If you change the native VLAN on the port to an unused VLAN, what happens if an attacker attempts a double tagging attack?
double tagging attacknative VLANVLAN hopping802.1Q defense - Question #81IPS
What is an advantage of placing an IPS on the inside of a network?
IPS placementinside deploymenttraffic filteringnetwork architecture - Question #82IPS
Which three statements about Cisco host-based IPS soluations are true? (Choose three.)
host-based IPSHIPS capabilitiesencrypted file inspectiondesktop monitoring - Question #83Security Concepts
Which syslog severity level is level number 7?
syslogseverity levelsloggingdebugging - Question #84Secure Routing and Switching
Which type of mirroring does SPAN technology perform?
SPANport mirroringtraffic monitoringLayer 2 - Question #85Cisco Firewall Technologies
Which tasks is the session management path responsible for? (Choose three.)
session management pathASA packet processingNATroute lookup - Question #86Security Concepts
Which network device does NTP authenticate?
NTPtime source authenticationnetwork time protocol - Question #87Security Concepts
What hash type does Cisco use to validate the integrity of downloaded images?
MD5image integrityhash verificationsoftware validation - Question #88IPS
Which option is the most effective placement of an IPS device within the infrastructure?
IPS placementinline modeinternet routerfirewall positioning - Question #89Secure Access
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)
AAA authenticationTACACS+fallback behaviorenable password - Question #90IPS
Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?
SDEEIPS Manager Expressalert protocolsensor management - Question #91Cisco Firewall Technologies
Which type of address translation should be used when a Cisco ASA is in transparent mode?
ASA transparent modestatic NATaddress translationfirewall modes - Question #92Security Concepts
Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)
HMACmessage authenticationhashintegrity key - Question #93Secure Access
What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?
TACACS+timeout intervalAAA configurationserver timeout - Question #94Secure Access
Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.)
RADIUSauthentication protocolsASA firewallMS-CHAP - Question #95Secure Access
Which command initializes a lawful intercept view?
lawful interceptli-viewCLI viewparser view - Question #96Secure Routing and Switching
Which security measures can protect the control plane of a Cisco router? (Choose two.)
control plane protectionCoPPCCPrrouter hardening - Question #97Secure Routing and Switching
Which statement about extended access lists is true?
extended ACLaccess control listsource destination filteringACL placement - Question #98Security Concepts
Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.)
encryption protocolsSSHHTTPSdata confidentiality - Question #99Secure Routing and Switching
What are the primary attack methods of VLAN hopping? (Choose two.)
VLAN hoppingswitch spoofingdouble taggingLayer 2 attacks - Question #100VPN
How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration?
AnyConnectpermanent client installationgroup policySSL VPN configuration