210-260 Exam Questions - Online Test
210-260 Premium VCE File
150 Lectures, 20 Hours
Q1. If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. root guard
B. EtherChannel guard
C. loop guard
D. BPDU guard
Answer: A
Q2. Scenario
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.
To access ASDM, click the ASA icon in the topology diagram.
Note: Not all ASDM functionalities are enabled in this simulation.
To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. Both Certificate and AAA with LOCAL database
E. Both Certificate and AAA with RADIUS server
Cisco 210-260 : Practice Test
Answer: A
Explanation:
This can be seen from the Connection Profiles Tab of the Remote Access VPN configuration, where the alias of test is being used,
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.16.10 AM.png
Q3. Scenario
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.
To access ASDM, click the ASA icon in the topology diagram.
Note: Not all ASDM functionalities are enabled in this simulation.
To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.
Which two statements regarding the ASA VPN configurations are correct? (Choose two)
A. The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1.
B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method.
C. The Inside-SRV bookmark references the https://192.168.1.2 URL
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside-SRV bookmark has not been applied to the Sales group policy
Answer: B,C
Explanation:
For B:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.38.21 AM.png For C, Navigate to the Bookmarks tab:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.40.14 AM.png Then hit “edit” and you will see this:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.41.54 AM.png Not A, as this is listed under the Identity Certificates, not the CA certificates:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.34.54 AM.png Note E:
Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.26.56 AM.png
Q4. How does a zone-based firewall implementation handle traffic between interfaces in the same zone?
A. Traffic between two interfaces in the same zone is allowed by default.
B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command.
C. Traffic between interfaces in the same zone is always blocked.
D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.
Answer: A
Q5. Which two statements about Telnet access to the ASA are true? (Choose two).
A. You may VPN to the lowest security interface to telnet to an inside interface.
B. You must configure an AAA server to enable Telnet.
C. You can access all interfaces on an ASA using Telnet.
D. You must use the command virtual telnet to enable Telnet.
E. Best practice is to disable Telnet and use SSH.
Answer: A,E
Q6. Refer to the exhibit.
What is the effect of the given command sequence?
A. It configures IKE Phase 1.
B. It configures a site-to-site VPN tunnel.
C. It configures a crypto policy with a key size of 14400.
D. It configures IPSec Phase 2.
Answer: A
Q7. If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?
A. The trunk port would go into an error-disabled state.
B. A VLAN hopping attack would be successful.
C. A VLAN hopping attack would be prevented.
D. The attacked VLAN will be pruned.
Answer: C
Q8. Which Sourcefire logging action should you choose to record the most detail about a connection?
A. Enable logging at the end of the session.
B. Enable logging at the beginning of the session.
C. Enable alerts via SNMP to log events off-box.
D. Enable eStreamer to log events off-box.
Answer: A
Q9. In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity?
A. gratuitous ARP
B. ARP poisoning
C. IP spoofing
D. MAC spoofing
Answer: D
Q10. In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)
A. TACACS uses TCP to communicate with the NAS.
B. TACACS can encrypt the entire packet that is sent to the NAS.
C. TACACS supports per-command authorization.
D. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
E. TACACS uses UDP to communicate with the NAS.
F. TACACS encrypts only the password field in an authentication packet.
Answer: A,B,C
- [2021-New] Cisco 642-998 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 300-208 Dumps With Update Exam Questions (2-11)
- [2021-New] Cisco 210-060 Dumps With Update Exam Questions (21-30)
- [2021-New] Cisco 210-260 Dumps With Update Exam Questions (7-16)
- [2021-New] Cisco 300-320 Dumps With Update Exam Questions (91-100)
- [2021-New] Cisco 400-201 Dumps With Update Exam Questions (1-10)
- [2021-New] Cisco 400-051 Dumps With Update Exam Questions (51-60)
- [2021-New] Cisco 400-251 Dumps With Update Exam Questions (61-70)
- [2021-New] Cisco 300-075 Dumps With Update Exam Questions (81-90)
- [2021-New] Cisco 300-115 Dumps With Update Exam Questions (21-30)