[Lead2pass Official] New Lead2pass Cisco 210-260 New Questions Free Download (301-320)
2017 September Cisco Official New Released 210-260 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Thank you so much Lead2pass. You helped me passing my 210-260 exam easily, 90% of the exam questions from the dump appeared in my exam. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html 8 1 QUESTION 301 Which type of PVLAN port allows communication from all port types? A. isolated B. community C. in-line D. promiscuous Answer: D QUESTION 302 Which three options are common examples of AAA implementation on Cisco routers? (Choose three.) A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections B. authenticating administrator access to the router console port, auxiliary port, and vty ports C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates D. tracking Cisco NetFlow accounting statistics E. securing the router by locking down all unused services F. performing router commands authorization using TACACS+ Answer: ABF Explanation: http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.htm 2 l Need for AAA Services Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes. AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+. The information can also be stored locally on the access server or router. Remote security servers, such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which define the access rights with the appropriate user. All authorization methods must be defined through AAA. QUESTION 303 Which type of encryption technology has the broadest platform support to protect operating systems? A. software B. hardware C. middleware D. file-level Answer: A QUESTION 304 Refer to the exhibit. Which statement about this output is true? A. The user logged into the router with the incorrect username and password. B. The login failed because there was no default enable password. C. The login failed because the password entered was incorrect. D. The user logged in and was given privilege level 15. Answer: C Explanation: http://www.cisco.com/en/US/docs/ios/12_2/debug/command/reference/dbfaaa.html 3 QUESTION 305 You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution. Where in the network would be the best place to deploy Cisco IOS IPS? A. Inside the firewall of the corporate headquarters Internet connection B. At the entry point into the data center C. Outside the firewall of the corporate headquarters Internet connection D. At remote branch offices Answer: D Explanation: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_ 4 sheet0900aecd803137cf.html QUESTION 306 Which two characteristics of the TACACS+ protocol are true? (Choose two.) A. uses UDP ports 1645 or 1812 B. separates AAA functions C. encrypts the body of every packet D. offers extensive accounting capabilities E. is an open RFC standard protocol Answer: BC Explanation: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml 5 QUESTION 307 What is a benefit of a web application firewall? A. It blocks known vulnerabilities without patching applications. B. It simplifies troubleshooting. C. It accelerates web traffic. D. It supports all networking protocols. Answer: A QUESTION 308 Which filter uses in Web reputation to prevent from Web Based Attacks? (Choose two) A. outbreak filter B. buffer overflow filter C. bayesian overflow filter D. web reputation E. exploit filtering Answer: AD QUESTION 309 Which option is the default value for the Diffie¬Hellman group when configuring a site-to- site VPN on an ASA device? A. Group 1 B. Group 2 C. Group 5 D. Group 7 Answer: B QUESTION 310 Which option is the resulting action in a zone-based policy firewall configuration with these conditions? A. no impact to zoning or policy B. no policy lookup (pass) C. drop D. apply default policy Answer: C Explanation: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-zone- 6 pol-fw.html QUESTION 311 Referring to CIA, where would a hash-only make more sense. A. Data at Rest B. ... C. ... D. ... Answer: A QUESTION 312 Phishing method on the phone. A. vishing B. ... C. ... D. ... Answer: A QUESTION 313 At which Layer Data Center Operate A. Data Center B. ... C. ... D. ... Answer: A QUESTION 314 How can you stop reconnaissance attack with cdp. A. disable CDP on edge ports (computers) B. ... C. ... D. ... Answer: A QUESTION 315 For Protecting FMC what/which is used. A. AMP B. ... C. ... D. ... Answer: A QUESTION 316 What ips feature that is less secure among than the other option permit a better throughput ? A. Promiscuous B. ... C. ... D. ... Answer: A QUESTION 317 To confirm that AAA authentication working. A. test aaa command B. ... C. ... D. ... Answer: A QUESTION 318 Zone based firewall A. enable zones first / zones must be made before applying interfaces. B. ... C. ... D. ... Answer: A QUESTION 319 Which ports need to be active for AAA server to integrate with Microsoft AD? A. 445 & 389 B. 1812 Answer: A QUESTION 320 What does the command crypto isakmp nat-traversal do? A. Enables udp port 4500 on all IPsec enabled interfaces B. Rebooting the ASA the global command Answer: A Suggestion, read 210-260 questions carefully try to understand or guess what they're asking for. Hope everyone passes. 210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYUk3WWFWOEhsSU0 7 2017 Cisco 210-260 exam dumps (All 362 Q&As) from Lead2pass: https://www.lead2pass.com/210-260.html 8 1 [100% Exam Pass Guaranteed]
|