★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/210-260-dumps.html


Exam Code: 210-260 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Network Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 210-260 Exam.

2021 Feb ccna security training:

Q21. Which three statements about host-based IPS are true? (Choose three.) 

A. It can view encrypted files. 

B. It can have more restrictive policies than network-based IPS. 

C. It can generate alerts based on behavior at the desktop level. 

D. It can be deployed at the perimeter. 

E. It uses signature-based policies. 

F. It works with deployed firewalls. 

Answer: A,B,C 


Q22. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

Which two statements regarding the ASA VPN configurations are correct? (Choose two) 

A. The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1. 

B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method. 

C. The Inside-SRV bookmark references the https://192.168.1.2 URL 

D. Only Clientless SSL VPN access is allowed with the Sales group policy 

E. AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface 

F. The Inside-SRV bookmark has not been applied to the Sales group policy 

Answer: B,C 

Explanation: 

For B: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.38.21 AM.png For C, Navigate to the Bookmarks tab: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.40.14 AM.png Then hit “edit” and you will see this: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.41.54 AM.png Not A, as this is listed under the Identity Certificates, not the CA certificates: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.34.54 AM.png Note E: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.26.56 AM.png 


Q23. Refer to the exhibit. 

What is the effect of the given command sequence? 

A. It configures IKE Phase 1. 

B. It configures a site-to-site VPN tunnel. 

C. It configures a crypto policy with a key size of 14400. 

D. It configures IPSec Phase 2. 

Answer:


Q24. What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command? 

A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely. 

B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely. 

C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013. 

D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59:00 local time on December 31, 2013. 

E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely. 

F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely. 

Answer:


Q25. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show? 

A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. 

B. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5. 

C. IPSec Phase 1 is down due to a QM_IDLE state. 

D. IPSec Phase 2 is down due to a QM_IDLE state. 

Answer:


Leading cisco ccna security exam:

Q26. In which two situations should you use out-of-band management? (Choose two.) 

A. when a network device fails to forward packets 

B. when you require ROMMON access 

C. when management applications need concurrent access to the device 

D. when you require administrator access from multiple locations 

Cisco 210-260 : Practice Test 

E. when the control plane fails to respond 

Answer: A,B 


Q27. What type of packet creates and performs network operations on a network device? 

A. control plane packets 

B. data plane packets 

C. management plane packets 

D. services plane packets 

Answer:


Q28. What is the only permitted operation for processing multicast traffic on zone-based firewalls? 

A. Only control plane policing can protect the control plane against multicast traffic. 

B. Stateful inspection of multicast traffic is supported only for the self-zone. 

C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. 

D. Stateful inspection of multicast traffic is supported only for the internal zone. 

Answer:


Q29. What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? 

A. split tunneling 

B. hairpinning 

C. tunnel mode 

D. transparent mode 

Answer:


Q30. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show? 

A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5. 

B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1. 

C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5. 

D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets. 

Answer: