210-260 Exam Questions - Online Test
210-260 Premium VCE File
150 Lectures, 20 Hours
P.S. Accurate 210-260 practice are available on Google Drive, GET MORE: https://drive.google.com/open?id=15-c9rTF9Mlkw5H3RVg0ANt7WlKNsZNZm
New Cisco 210-260 Exam Dumps Collection (Question 5 - Question 14)
Q5. Which type of attack is directed against the network directly:
A. Denial of Service
B. phishing
C. trojan horse
Answer: A
Q6. In which three ways does the RADIUS protocol differ from TACACS? (Choose three.)
A. RADIUS uses UDP to communicate with the NAS.
B. RADIUS encrypts only the password field in an authentication packet.
C. RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
D. RADIUS uses TCP to communicate with the NAS.
E. RADIUS can encrypt the entire packet that is sent to the NAS.
F. RADIUS supports per-command authorization.
Answer: A,B,C
Q7. If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?
A. The trunk port would go into an error-disabled state.
B. A VLAN hopping attack would be successful.
C. A VLAN hopping attack would be prevented.
D. The attacked VLAN will be pruned.
Answer: C
Q8. Refer to the exhibit.
What is the effect of the given command?
A. It merges authentication and encryption methods to protect traffic that matches an ACL.
B. It configures the network to use a different transform set between peers.
C. It configures encryption for MD5 HMAC.
D. It configures authentication as AES 256.
Answer: A
Q9. Which Firepower Management Center feature detects and blocks exploits and hack attempts?
A. intrusion prevention
B. advanced malware protection
C. content blocker
D. file control
Answer: D
Q10. How does a zone paid handle traffic if the policy definition of the zone pair is missing?
A. It permits all traffic without logging.
B. it drops all traffic
C. it permits and logs all traffic
D. it inspects all traffic
Answer: B
Q11. In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity?
A. gratuitous ARP
B. ARP poisoning
C. IP spoofing
D. MAC spoofing
Answer: D
Q12. Which tasks is the session management path responsible for? (Choose three.)
A. Verifying IP checksums
B. Performing route lookup
C. Performing session lookup
D. Allocating NAT translations
E. Checking TCP sequence numbers
F. Checking packets against the access list
Answer: B,D,F
Q13. You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution.
Where in the network would be the best place to deploy Cisco IOS IPS?
A. Inside the firewall of the corporate headquarters Internet connection
B. At the entry point into the data center
C. Outside the firewall of the corporate headquarters Internet connection
D. At remote branch offices
Answer: D
Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.html
Product Overview
In today's business environment, network intruders and attackers can come from outside or
inside the network.
They can launch distributed denial-of-service attacks, they can attack Internet connections, and they can exploit network and host vulnerabilities. At the same time, Internet worms and viruses can spread across the world in a matter of minutes. There is often no time to wait for human intervention-the network itself must possess the intelligence to recognize and mitigate these attacks, threats, exploits, worms and viruses.
Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection-based solution that enables Cisco IOS Software to effectively mitigate a wide range of network attacks. While it is common practice to defend against attacks by inspecting traffic at data centers and corporate headquarters, distributing the network level defense to stop malicious traffic close to its entry point at branch or telecommuter offices is also critical. Cisco IOS IPS: Major Use Cases and Key Benefits
IOS IPS helps to protect your network in 5 ways:
Key Benefits:
u2022 Provides network-wide, distributed protection from many attacks, exploits, worms and viruses exploiting vulnerabilities in operating systems and applications.
u2022 Eliminates the need for a standalone IPS device at branch and telecommuter offices as well as small and medium-sized business networks.
u2022 Unique, risk rating based signature event action processor dramatically improves the ease of management of IPS policies.
u2022 Offers field-customizable worm and attack signature set and event actions.
u2022 Offers inline inspection of traffic passing through any combination of router LAN and WAN
interfaces in both directions.
u2022 Works with Cisco IOSu00ae Firewall, control-plane policing, and other Cisco IOS Software security features to protect the router and networks behind the router.
u2022 Supports more than 3700 signatures from the same signature database available for Cisco Intrusion Prevention System (IPS) appliances.
Q14. What is the Cisco preferred countermeasure to mitigate CAM overflows?
A. Port security
B. Dynamic port security
C. IP source guard
D. Root guard
Answer: B
Recommend!! Get the Accurate 210-260 dumps in VCE and PDF From Thedumpscentre, Welcome to download: http://www.thedumpscentre.com/210-260-dumps/ (New 387 Q&As Version)
- [2021-New] Cisco 400-251 Dumps With Update Exam Questions (81-90)
- [2021-New] Cisco 400-101 Dumps With Update Exam Questions (31-40)
- [2021-New] Cisco 400-051 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 100-105 Dumps With Update Exam Questions (131-140)
- Up To Date 200-150 Discount Pack 2021
- [2021-New] Cisco 200-355 Dumps With Update Exam Questions (10-19)
- How Many Questions Of 700-150 Exams
- [2021-New] Cisco 300-320 Dumps With Update Exam Questions (9-18)
- [2021-New] Cisco 640-916 Dumps With Update Exam Questions (81-87)
- [2021-New] Cisco 200-125 Dumps With Update Exam Questions (141-150)