web analytics
[2017 New] 2017 New 210-260 Exam PDF Ensure 210-260 Certification Exam Pass 100% (61-80) - Latest Dumps PDF Free Download In Lead2pass

[2017 New] 2017 New 210-260 Exam PDF Ensure 210-260 Certification Exam Pass 100% (61-80)

2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Good news, Lead2pass has updated the 210-260 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 210-260 exam easily.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/210-260.html

QUESTION 61
For what reason would you configure multiple security contexts on the ASA firewall?

A.    To enable the use of VFRs on routers that are adjacently connected
B.    To provide redundancy and high availability within the organization
C.    To enable the use of multicast routing and QoS through the firewall
D.    To seperate different departments and business units

Answer: D

QUESTION 62
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection.

A.    split tunneling
B.    hairpinning
C.    tunnel mode
D.    transparent mode

Answer: A

QUESTION 63
When is the best time to perform an anti-virus signature update?

A.    When the local scanner has detected a new virus
B.    When a new virus is discovered in the wild
C.    Every time a new update is available
D.    When the system detects a browser hook

Answer: C

QUESTION 64
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?

A.    It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.
B.    It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.
C.    It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.
D.    It configures the device to generate a new authentication key and transmit it to other devices at 23:59 00 local time on December 31, 2013.
E.    It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.
F.    It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely.

Answer: B

QUESTION 65
Which Statement about personal firewalls is true?

A.    They are resilient against kernal attacks
B.    They can protect email messages and private documents in a similar way to a VPN
C.    They can protect the network against attacks
D.    They can protect a system by denying probing requests

Answer: D

QUESTION 66
Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?

 

A.    ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1
B.    IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5
C.    IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5
D.    IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets

Answer: B

QUESTION 67
Which statement about a PVLAN isolated port configured on a switch is true?

A.    The isolated port can communicate only with the promiscous port
B.    The isolated port can communicate with other isolated ports and the promiscuous port
C.    The isolated port can communicate only with community ports
D.    The isolated port can communicate only with other isolated ports

Answer: A

QUESTION 68
Which three statements about host-based IPS are true? (Choose three)

A.    It can view encrypted files
B.    It can be deployed at the perimeter
C.    It uses signature-based policies
D.    It can have more restrictive policies than network-based IPS
E.    It works with deployed firewalls
F.    It can generate alerts based on behavior at the desktop level.

Answer: ADF
Explanation:
The key word here is ‘Cisco’, and Cisco’s host-based IPS, CSA, is NOT signature-based and CAN view encrypted files.

QUESTION 69
What type of security support is provided by the Open Web Application Security Project?

A.    Education about common Web site vulnerabilities
B.    A wb site security framework
C.    A security discussion forum for Web site developers
D.    Scoring of common vulnerabilities and exposures

Answer: A

QUESTION 70
Refer to the exhibit. Which statement about the device time is true?

 

A.    The time is authoritative because the clock is in sync
B.    The time is authoritative, but the NTP process has lost contact with its servers
C.    The clock is out of sync
D.    NTP is configured incorrectly
E.    The time is not authoritative

Answer: B

QUESTION 71
In what type of attack does an attacker virtually change a devices burned in address in an attempt to circumvent access lists and mask the device’s true identity?

A.    gratuitous ARP
B.    ARP poisoning
C.    IP Spoofing
D.    MAC Spoofing

Answer: D

QUESTION 72
How does a zone-based firewall implementation handle traffic between Interfaces in the same Zone?

A.    traffic between interfaces in the same zone is blocked unless yoc configure the same-security permit command
B.    Traffic between interfaces in the same zone is always blocked
C.    Traffic between two interfaces in the same zone is allowed by default
D.    Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair

Answer: C

QUESTION 73
An attacker installs a rogue switch that sends superior BPDUs on your network.
What is a possible result of this activity?

A.    The switch could offer fake DHCP addresses.
B.    The switch could become the root bridge.
C.    The switch could be allowed to join the VTP domain
D.    The switch could become a transparent bridge.

Answer: B

QUESTION 74
Which two next generation encrytption algorithms does Cisco recommend? (Choose two)

A.    AES
B.    3DES
C.    DES
D.    MD5
E.    DH-1024
F.    SHA-384

Answer: AF

QUESTION 75
In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

A.    when a matching TCP connection is found
B.    when the firewall requires strict HTTP inspection
C.    when the firewall receives a FIN packet
D.    when matching ACL entries are configured
E.    when the firewall requires HTTP inspection
F.    when matching NAT entries are configured

Answer: ADF

QUESTION 76
Which two features do CoPP and CPPr use to protect the control plane? (Choose two)

A.    QoS
B.    traffic classification
C.    access lists
D.    policy maps
E.    class maps
F.    Cisco Express Forwarding

Answer: AB

QUESTION 77
What is an advantage of implementing a Trusted Platform Module for disk encryption?

A.    It provides hardware authentication
B.    It allows the hard disk to be transferred to another device without requiring re-encryption.dis
C.    it supports a more complex encryption algorithm than other disk-encryption technologies.
D.    it can protect against single poins of failure.

Answer: A

QUESTION 78
Refer to the exhibit. What is the effect of the given command sequence?

 

A.    It configures IKE Phase 1
B.    It configures a site-to-site VPN Tunnel
C.    It configures a crypto policy with a key size of 14400
D.    It configures IPSec Phase 2

Answer: A

QUESTION 79
A specific URL has been identified as containing malware. What action can you take to block users from accidentaly visiting the URL and becoming infected with malware?

A.    Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the routers local URL list
B.    Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewalls local URL list
C.    Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router.
D.    Enable URL filtering on the perimeter router and add the URLs you want to block to the routers local URL list
E.    Create a whitelist that contains the URls you want to allow and activate the whitelist on the perimeter router.

Answer: D

QUESTION 80
If you change the native VLAN on the port to an unused VLAN, what happens if an attacker attempts a double tagging attack?

A.    The trunk port would go into an error-disable state.
B.    A VLAN hopping attack would be successful
C.    A VLAN hopping attack would be prevented
D.    the attacked VLAN will be pruned

Answer: C

Once there are some changes on 210-260 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition.

210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk

2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass:

http://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed]

Comments are closed.