Surprising ccna security 210 260

Exam Code: ccna security 210 260 book (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Network Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass cisco ccna security 210 260 Exam.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 210-260 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/210-260-exam-dumps.html

Q11. Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) 

A. QoS 

B. traffic classification 

C. access lists 

D. policy maps 

E. class maps 

F. Cisco Express Forwarding 

Answer: A,B 


Q12. Which statement about application blocking is true? 

A. It blocks access to specific programs. 

B. It blocks access to files with specific extensions. 

C. It blocks access to specific network addresses. 

D. It blocks access to specific network services. 

Answer:


Q13. What is the purpose of the Integrity component of the CIA triad? 

A. to ensure that only authorized parties can modify data 

B. to determine whether data is relevant 

C. to create a process for accessing data 

D. to ensure that only authorized parties can view data 

Answer:


Q14. Refer to the exhibit. 

What type of firewall would use the given configuration line? 

A. a stateful firewall 

B. a personal firewall 

C. a proxy firewall 

D. an application firewall 

E. a stateless firewall 

Answer:


Q15. How does a zone-based firewall implementation handle traffic between interfaces in the same zone? 

A. Traffic between two interfaces in the same zone is allowed by default. 

B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. 

C. Traffic between interfaces in the same zone is always blocked. 

D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair. 

Answer:


Q16. What is the only permitted operation for processing multicast traffic on zone-based firewalls? 

A. Only control plane policing can protect the control plane against multicast traffic. 

B. Stateful inspection of multicast traffic is supported only for the self-zone. 

C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. 

D. Stateful inspection of multicast traffic is supported only for the internal zone. 

Answer:


Q17. Which statement about Cisco ACS authentication and authorization is true? 

A. ACS servers can be clustered to provide scalability. 

B. ACS can query multiple Active Directory domains. 

C. ACS uses TACACS to proxy other authentication servers. 

D. ACS can use only one authorization profile to allow or deny requests. 

Answer:


Q18. Refer to the exhibit. 

What is the effect of the given command sequence? 

A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

Answer:


Q19. Which three statements about host-based IPS are true? (Choose three.) 

A. It can view encrypted files. 

B. It can have more restrictive policies than network-based IPS. 

C. It can generate alerts based on behavior at the desktop level. 

D. It can be deployed at the perimeter. 

E. It uses signature-based policies. 

F. It works with deployed firewalls. 

Answer: A,B,C 


Q20. Which two statements about Telnet access to the ASA are true? (Choose two). 

A. You may VPN to the lowest security interface to telnet to an inside interface. 

B. You must configure an AAA server to enable Telnet. 

C. You can access all interfaces on an ASA using Telnet. 

D. You must use the command virtual telnet to enable Telnet. 

E. Best practice is to disable Telnet and use SSH. 

Answer: A,E