The only 210 260 iins resources for you

Exam Code: ccna security 210 260 official cert guide pdf download (Practice Exam Latest Test Questions VCE PDF)
Exam Name: IINS Implementing Cisco Network Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass examcollection 210 260 Exam.

P.S. Top Quality 210-260 bootcamp are available on Google Drive, GET MORE: https://drive.google.com/open?id=1vkyWuCceSS4_Yw83isWjMHMxw-tsQUcW


New Cisco 210-260 Exam Dumps Collection (Question 8 - Question 17)

Q1. Which IOS command do you enter to test authentication against a AAA server?

A. dialer aaa suffix <suffix> password <password>

B. ppp authentication chap pap test

C. aaa authentication enable default test group tacacs+

D. test aaa-server authentication dialergroup username <user> password.

Answer: D


Q2. When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)

A. pass

B. police

C. inspect

D. drop

E. queue

F. shape

Answer: A,C,D

Explanation:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml

Zone-Based Policy Firewall Actions

ZFW provides three actions for traffic that traverses from one zone to another:

Drop u2014 This is the default action for all traffic, as applied by the "class class-default" that terminates every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic.

Traffic that is handled by the drop action is "silently" dropped (i.e., no notification of the drop is sent to the relevant end-host) by the ZFW, as opposed to an ACL's behavior of sending an ICMP u201chost unreachableu201d message to the host that sent the denied traffic. Currently, there is not an option to change the "silent drop" behavior. The log option can be added with drop for syslog notification that traffic was dropped by the firewall.

Pass u2014 This action allows the router to forward traffic from one zone to another. The pass action does not track the state of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must be applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application traffic is better handled in the ZFW with the inspect action.

Inspectu2014The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet zone in the earlier example network is inspected, the router maintains connection or session information for TCP and User Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to private zone connection requests. Also, inspect can provide application inspection and control for certain service protocols that might carry vulnerable or sensitive application traffic.

Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume transferred, and source and destination addresses.


Q3. Which wildcard mask is associated with a subnet mask of /27?

A. 0.0.0.31

B. 0.0.027

C. 0.0.0.224

D. 0.0.0.255

Answer: A


Q4. In which three ways does the RADIUS protocol differ from TACACS? (Choose three.)

A. RADIUS uses UDP to communicate with the NAS.

B. RADIUS encrypts only the password field in an authentication packet.

C. RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.

D. RADIUS uses TCP to communicate with the NAS.

E. RADIUS can encrypt the entire packet that is sent to the NAS.

F. RADIUS supports per-command authorization.

Answer: A,B,C


Q5. Which option is the default value for the Diffieu2013Hellman group when configuring a site-to- site VPN on an ASA device?

A. Group 1

B. Group 2

C. Group 5

D. Group 7

Answer: B


Q6. Which four tasks are required when you configure Cisco IOS IPS using the Cisco Configuration Professional IPS wizard? (Choose four.)

A. Select the interface(s) to apply the IPS rule.

B. Select the traffic flow direction that should be applied by the IPS rule.

C. Add or remove IPS alerts actions based on the risk rating.

D. Specify the signature file and the Cisco public key.

E. Select the IPS bypass mode (fail-open or fail-close).

F. Specify the configuration location and select the category of signatures to be applied to the selected interface(s).

Answer: A,B,D,F

Explanation:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd8066d265.html

Step 11. At the `Select Interfaces' screen, select the interface and the direction that IOS IPS will be applied to, then click `Next' to continue.

Step 12. At the `IPS Policies Wizard' screen, in the `Signature File' section, select the first radio button "Specify the signature file you want to use with IOS IPS", then click the "..." button to bring up a dialog box to specify the location of the signature package file, which will be the directory specified in Step 6. In this example, we use tftp to download the signature package to the router.

Step 13. In the `Configure Public Key' section, enter `realm-cisco.pub' in the `Name' text field, then copy and paste the following public key's key-string in the `Key' text field. This public key can be downloaded from

Cisco.com at: http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-v5sigup. Click `Next' to continue.

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3

6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001


Q7. Which command is used to verify that a VPN connection is established between two endpoints and that the connection is passing?

A. Firewall#sh crypto ipsec sa

B. Firewall#sh crypto isakmp sa

C. Firewall#debug crypto isakmp

D. Firewall#sh crypto session

Answer: A


Q8. Which of the following commands result in a secure bootset? (Choose all that apply.)

A. secure boot-set

B. secure boot-config

C. secure boot-files

D. secure boot-image

Answer: B,D


Q9. Which two authentication types does OSPF support? (Choose two.)

A. plaintext

B. MD5

C. HMAC

D. AES 256

E. SHA-1

F. DES

Answer: A,B


Q10. # nat (inside,outside) dynamic interface

Refer to the above. Which translation technique does this configuration result in?

A. Static NAT

B. Dynamic NAT

C. Dynamic PAT

D. Twice NAT

Answer: C


Recommend!! Get the Top Quality 210-260 dumps in VCE and PDF From Certifytools, Welcome to download: https://www.certifytools.com/210-260-exam.html (New 310 Q&As Version)