This page was exported from Free Download Lead2pass VCE And PDF Dumps [ https://www.pass4sureshared.com ] Export date:Thu Mar 28 8:33:58 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Free Sharing Of Cisco 210-260 Brain Dumps From Lead2pass (81-100) --------------------------------------------------- 2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Good news, Lead2pass has updated the 210-260 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 210-260 exam easily. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html QUESTION 81What is an advantage of placing an IPS on the inside of a network? A.    It can provide higher throughput.B.    It receives traffic that has already been filtered.C.    It receives every inbound packet.D.    It can provide greater security.Answer: B QUESTION 82Which three statements about Cisco host-based IPS soluations are true? (Choose three.) A.    It can view encrypted files.B.    It can have more restrictive policies than network-based IPS.C.    It can generate alerts based on behavior at the desktop level.D.    It can be deployed at the perimeter.E.    It uses signature-based policies.F.    It works with deployed firewalls. Answer: ABCExplanation:The key word here is 'Cisco', and Cisco's host-based IPS, CSA, is NOT signature-based and CAN view encrypted files. QUESTION 83Which syslog severity level is level number 7? A.    WarningB.    InformationalC.    NotificationD.    Debugging Answer: DExplanation:The list of severity Levels:0 Emergency: system is unusable1 Alert: action must be taken immediately2 Critical: critical conditions3 Error: error conditions4 Warning: warning conditions5 Notice: normal but significant condition6 Informational: informational messages7 Debug: debug-level messages QUESTION 84Which type of mirroring does SPAN technology perform? A.    Remote mirroring over Layer 2B.    Remote mirroring over Layer 3C.    Local mirroring over Layer 2D.    Local mirroring over Layer 3 Answer: C QUESTION 85Which tasks is the session management path responsible for? (Choose three.) A.    Verifying IP checksumsB.    Performing route lookupC.    Performing session lookupD.    Allocating NAT translationsE.    Checking TCP sequence numbersF.    Checking packets against the access list Answer: BDFExplanation:http://blog.ipexpert.com/a-closer-look-at-stateful-inspection-on-the-cisco-asa/ QUESTION 86Which network device does NTP authenticate? A.    Only the time sourceB.    Only the client deviceC.    The firewall and the client deviceD.    The client device and the time source Answer: A QUESTION 87What hash type does Cisco use to validate the integrity of downloaded images? A.    Sha1B.    Sha2C.    Md5D.    Md1 Answer: C QUESTION 88Which option is the most effective placement of an IPS device within the infrastructure? A.    Inline, behind the internet router and firewallB.    Inline, before the internet router and firewallC.    Promiscuously, after the Internet router and before the firewallD.    Promiscuously, before the Internet router and the firewall Answer: A QUESTION 89If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.) A.    The user will be prompted to authenticate using the enable passwordB.    Authentication attempts to the router will be deniedC.    Authentication will use the router`s local databaseD.    Authentication attempts will be sent to the TACACS+ server Answer: AD QUESTION 90Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors? A.    SDEEB.    SyslogC.    SNMPD.    CSM Answer: A QUESTION 91Which type of address translation should be used when a Cisco ASA is in transparent mode? A.    Static NATB.    Dynamic NATC.    OverloadD.    Dynamic PAT Answer: A QUESTION 92Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.) A.    The passwordB.    The hashC.    The keyD.    The transform set Answer: BC QUESTION 93What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure? A.    5 secondsB.    10 secondsC.    15 secondsD.    20 seconds Answer: AExplanation:Router(config)#tacacs-server timeout ?<1-1000> Wait time (default 5 seconds) QUESTION 94Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.) A.    EAPB.    ASCIIC.    PAPD.    PEAPE.    MS-CHAPv1F.    MS-CHAPv2 Answer: CEFExplanation:The ASA supports the following authentication methods with RADIUS servers:PAP - For all connection types.CHAP and MS-CHAPv1 - For L2TP-over-IPsec connections.MS-CHAPv2 - For L2TP-over-IPsec connections, and for regular IPsec remote access connections when the password management feature is enabled. You can also use MS-CHAPv2 with clientless connections.Authentication Proxy modes - For RADIUS-to Active-Directory, RADIUS-to-RSA/SDI, RADIUS- to-Token serverhttp://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_radius.html#77318 QUESTION 95Which command initializes a lawful intercept view? A.    username cisco1 view lawful-intercept password ciscoB.    parser view cisco li-viewC.    li-view cisco user cisco1 password ciscoD.    parser view li-view inclusive Answer: CExplanation:Before you initialize a lawful intercept view, ensure that the privilege level is set to 15 via the privilege command.SUMMARY STEPS1. enable view2. configure terminal3. li-view li-password user username password password4. username lawful-intercept [name] [privilege privilege-level| view view-name] password password5. parser view view-name6. secret 5 encrypted-password7. name new-name QUESTION 96Which security measures can protect the control plane of a Cisco router? (Choose two.) A.    CCPrB.    Parser viewsC.    Access control listsD.    Port securityE.    CoPP Answer: AEExplanation:Table 10-3 Three Ways to Secure the Control PlaneUsing CoPP or CPPr, you can specify which types of management traffic are acceptable at which levels.For example, you could decide and configure the router to believe that SSH is acceptable at 100 packets per second, syslog is acceptable at 200 packets per second, and so on. Traffic that exceeds the thresholds can be safely dropped if it is not from one of your specific management stations. You can specify all those details in the policy.You learn more about control plane security in Chapter 13, "Securing Routing Protocols and the Control Plane."Selective Packet Discard (SPD) provides the ability toAlthough not necessarily a security feature,prioritize certain types of packets (for example, routing protocol packets and Layer 2 keepalive messages, route processor [RP]). SPD provides priority of critical control plane traffic which are received by theover traffic that is less important or, worse yet, is being sent maliciously to starve the CPU of resources required for the RP. QUESTION 97Which statement about extended access lists is true? A.    Extended access lists perform filtering that is based on source and destination and are most effective when applied to the destinationB.    Extended access lists perform filtering that is based on source and destination and are most effective when applied to the sourceC.    Extended access lists perform filtering that is based on destination and are most effective when applied to the sourceD.    Extended access lists perform filtering that is based on source and are most effective when applied to the destination Answer: BExplanation:Standard ACL1) Able Restrict, deny & filter packets by Host Ip or subnet only.2) Best Practice is put Std. ACL restriction near from Source Host/Subnet (Interface-In-bound).3) No Protocol based restriction. (Only HOST IP).Extended ACL1) More flexible then Standard ACL.2) You can filter packets by Host/Subnet as well as Protocol/TCPPort/UDPPort.3) Best Practice is put restriction near form Destination Host/Subnet. (Interface-Outbound) QUESTION 98Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.) A.    FTPB.    SSHC.    TelnetD.    AAAE.    HTTPSF.    HTTP Answer: BE QUESTION 99What are the primary attack methods of VLAN hopping? (Choose two.) A.    VoIP hoppingB.    Switch spoofingC.    CAM-table overflowD.    Double tagging Answer: BD QUESTION 100How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration? A.    Issue the command anyconnect keep-installer under the group policy or username webvpn modeB.    Issue the command anyconnect keep-installer installed in the global configurationC.    Issue the command anyconnect keep-installer installed under the group policy or username webvpn modeD.    Issue the command anyconnect keep-installer installer under the group policy or username webvpn mode Answer: C Once there are some changes on 210-260 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition. 210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk 2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass: https://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-27 03:41:06 Post date GMT: 2017-07-27 03:41:06 Post modified date: 2017-07-27 03:41:06 Post modified date GMT: 2017-07-27 03:41:06 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com