210-260 Dumps 210-260 Exam Questions 210-260 New Questions 210-260 PDF 210-260 VCE Cisco

[Lead2pass Official] Ensure Pass 210-260 Exam By Training Lead2pass New PDF Dumps (261-280)

2017 September Cisco Official New Released 210-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Our dumps have been reviewed and approved by industry experts and individuals who have taken and passed 210-260 exam. Lead2pass will have you prepared to take 210-260 test with high confidence and pass easily. Whether you are looking for 210-260 study guide, 210-260 exam questions, 210-260 exam dump or 210-260 test, Lead2pass.com has you covered.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html

QUESTION 261
HIPS and NIPS
You need to place these 7 options into HIPS and NIPS. Each section has 4 choices which means one out of these 7 options goes into both.

 

Answer:

 

QUESTION 262
Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own?

A.    white hat hacker
B.    hacktivist
C.    phreaker
D.    script kiddy

Answer: D

QUESTION 263
When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)

A.    pass
B.    police
C.    inspect
D.    drop
E.    queue
F.    shape

Answer: ACD

QUESTION 264
Which four tasks are required when you configure Cisco IOS IPS using the Cisco Configuration Professional IPS wizard? (Choose four.)

A.    Select the interface(s) to apply the IPS rule.
B.    Select the traffic flow direction that should be applied by the IPS rule.
C.    Add or remove IPS alerts actions based on the risk rating.
D.    Specify the signature file and the Cisco public key.
E.    Select the IPS bypass mode (fail-open or fail-close).
F.    Specify the configuration location and select the category of signatures to be applied to the selected interface(s).

Answer: ABDF

QUESTION 265
Refer to the exhibit. All ports on switch 1 have a primary VLAN of 300. Which devices can host 1 reach?

 

A.    Host 2
B.    Server
C.    Host 4
D.    Other devices within VLAN 303

Answer: B

QUESTION 266
What is the effect of the ASA command crypto isakmp nat-traversal?

A.    It opens port 4500 only on the outside interface.
B.    It opens port 500 only on the inside interface.
C.    It opens port 500 only on the outside interface.
D.    It opens port 4500 on all interfaces that are IPSec enabled.

Answer: D

QUESTION 267
What is true about the Cisco IOS Resilient Configuration feature?

A.    The feature can be disabled through a remote session
B.    There is additional space required to secure the primary Cisco IOS Image file
C.    The feature automatically detects image and configuration version mismatch
D.    Remote storage is used for securing files

Answer: C

QUESTION 268
Which two characteristics apply to an Intrusion Prevention System (IPS) ? Choose two

A.    Does not add delay to the original traffic.
B.    Cabled directly inline with the flow of the network traffic.
C.    Can drop traffic based on a set of rules.
D.    Runs in promoscous mode.
E.    Cannot drop the packet on its own

Answer: BC
Explanation:
+ Position in the network flow: Directly inline with the flow of network traffic and every packet goes through the sensor on its way through the network.
+ Mode: Inline mode
+ The IPS can drop the packet on its own because it is inline. The IPS can also request assistance from
another device to block future packets just as the IDS does.

QUESTION 269
What information does the key length provide in an encryption algorithm?

A.    the packet size
B.    the number of permutations
C.    the hash block size
D.    the cipher block size

Answer: C

QUESTION 270
Which type of layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?

A.    BPDU attack
B.    DHCP Starvation
C.    CAM table overflow
D.    MAC address spoofing

Answer: D

QUESTION 271
What feature defines a campus area network?

A.    It has a single geographic location.
B.    It has limited or restricted Internet access.
C.    It has a limited number of segments.
D.    it lacks external connectivity.

Answer: A

QUESTION 272
A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0.
By default, without any access list configured, which five types of traffic are permitted? (Choose five.)

A.    outbound traffic initiated from the inside to the DMZ
B.    outbound traffic initiated from the DMZ to the outside
C.    outbound traffic initiated from the inside to the outside
D.    inbound traffic initiated from the outside to the DMZ
E.    inbound traffic initiated from the outside to the inside
F.    inbound traffic initiated from the DMZ to the inside
G.    HTTP return traffic originating from the inside network and returning via the outside interface
H.    HTTP return traffic originating from the inside network and returning via the DMZ interface
I.    HTTP return traffic originating from the DMZ network and returning via the inside interface
J.    HTTP return traffic originating from the outside network and returning via the inside interface

Answer: ABCGH
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html

QUESTION 273
Which type of Cisco ASA access list entry can be configured to match multiple entries in a single statement?

A.    nested object-class
B.    class-map
C.    extended wildcard matching
D.    object groups

Answer: D

QUESTION 274
What are two well-known security terms? (Choose Two)

A.    Phishing.
B.    BPDU guard
C.    LACP
D.    ransomeware
E.    hair-pinning

Answer: AD

QUESTION 275
How to verify that TACACS+ connectivity to a device?

A.    You successfully log in to the device by using the local credentials.
B.    You connect to the device using SSH and receive the login prompt.
C.    You successfully log in to the device by using ACS credentials.
D.    You connect via console port and receive the login prompt.

Answer: B

QUESTION 276
Which two actions can a zone-based firewall take when looking at traffic? (Choose two)

A.    Filter
B.    Forward
C.    Drop
D.    Broadcast
E.    Inspect

Answer: CE

QUESTION 277
What technology can you use to provide data confidentiality, data integrity and data origin authentication on your network?

A.    Certificate Authority
B.    IKE
C.    IPSec
D.    Data Encryption Standards

Answer: C

QUESTION 278
In which type of attack does an attacker send email messages that ask the recipient to click a link such as https://www.cisco.net.cc/securelogon?

A.    phishing
B.    pharming
C.    solicitation
D.    secure transaction

Answer: A

QUESTION 279
When is the default deny all policy an exception in zone-based firewalls?

A.    When traffic traverses two interfaces in in the same zone
B.    When traffic terminates on the router via the self zone
C.    When traffic sources from the router via the self zone
D.    When traffic traverses two interfaces in different zones

Answer: A

QUESTION 280
In which configuration mode do you configure the ip ospf authentication-key 1 command?

A.    Interface
B.    routing process
C.    global
D.    privileged

Answer: A

At Lead2pass we verify that 100% of the 210-260 exam questions in exam test prep package are real questions from a recent version of the 210-260 test you are about to take. We have a wide library of 210-260 exam dumps.

210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYUk3WWFWOEhsSU0

2017 Cisco 210-260 exam dumps (All 362 Q&As) from Lead2pass:

https://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed]