100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CCNA Security 210-260 Exam $17.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CCNA Security 210-260
  4.  
  5. CCNA Security 210-260

Exam (elaborations)

CCNA Security 210-260 Exam
 2 views  0 purchase
  • Course
  • CCNA Security 210-260
  • Institution
  • CCNA Security 210-260

CCNA Security 210-260 Exam

Preview 4 out of 35  pages

Document information

  • September 10, 2024
  • 35
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • ccna security 210 260 exam

Written for

  • CCNA Security 210-260
  • CCNA Security 210-260

Seller

avatar-seller
leonardmuriithi061

Reviews received

Content preview

CCNA Security 210-260 Exam

Which statement about communication over failover interfaces is true?
A. All information that is sent over the failover interface is sent as clear text, but the
Stateful failover link is encrypted by default.
B. All information that is sent over the failover and Stateful failover interfaces is
encrypted by default
C. All information that is sent over the failover and Stateful failover interfaces is sent
as clear text by default - ANSWER C. All information that is sent over the failover
and Stateful failover interfaces is sent as clear text by default

Which three ESP fields can be encrypted during transmission? (Choose three)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header - ANSWER D. Padding
E. Pad Length
F. Next Header

According to Cisco best practices, which three protocols should the default ACL
allow an
access port to enable wired BYOD devices to supply valid credentials and connect to
the
network? (Choose three)
A. BOOTP (DHCP)
B. TFTP
C. DNS
D. MAB
E. HTTP
F. 802.1x - ANSWER A. BOOTP (DHCP)
B. TFTP
C. DNS

Which SOURCEFIRE logging action should you choose to record the most detail
about a
connection?
A. Enable logging at the beginning of the session
B. Enable logging at the end of the session
C. Enable alerts via SNMP to log events off-box
D. Enable eStreamer to log events off-box - ANSWER B. Enable logging at the end
of the session

What type of algorithm uses the same key to encrypt and decrypt data?
A. a symmetric algorithm
B. an asymmetric algorithm
C. a Public Key infrastructure algorithm

,D. an IP Security algorithm - ANSWER A. a symmetric algorithm

If a packet matches more than one class map in an individual feature type's policy
map, how does the ASA handle the packet?
A. The ASA will apply the actions from only the most specific matching class map it
finds for the feature type
B. The ASA will apply the actions from all matching class maps it finds for the feature
type
C. The ASA will apply the actions from only the last matching class map it finds for
the feature type.
D. The ASA will apply the actions from only the first matching class map it finds for
the feature type - ANSWER D. The ASA will apply the actions from only the first
matching class map it finds for the feature type.

You have implemented a Source fire IPS and configured it to block certain
addresses utilizing Security Intelligence IP address Reputation. A user calls and is
not able to access a certain
IP address. What action can you take to allow the user access to the IP address?

A. Create a custom blacklist to allow traffic
B. Create a white list and add the appropriate IP address to allow traffic.
C. Create a user based access control rule to allow the traffic.
D. Create a network based access control rule to allow the traffic.
E. Create a rule to bypass inspection to allow the traffic - ANSWER B. Create a
white list and add the appropriate IP address to allow traffic.

Which EAP method uses protected Access Credentials?
A. EAP-TLS
B. EAP-PEAP
C. EAP-FAST (replace PEAP)
D. EAP-GTC - ANSWER C. EAP-FAST (replace PEAP)

In which two situations should you use out-of-band management? (Choose two)
A. when a network device fails to forward packets
B. when management applications need concurrent access to the device
C. when you require ROMMON access
D. when you require administrator access from multiple locations
E. when the control plane fails to respond - ANSWER A. when a network device fails
to forward packets
C. when you require ROMMON access

What features can protect the data plane? (Choose three.)
A. policing
B. ACLs
C. IPS
D. Antispoofing (Antispoofing is a technique for identifying and dropping packets that
have a false source address)
E. QoS
F. DHCP-snooping - ANSWER B. ACLs

,D. Antispoofing (Antispoofing is a technique for identifying and dropping packets that
have a false source address)
F. DHCP-snooping

How many crypto map sets can you apply to a router interface?
A. 3
B. 2
C. 4
D. 1 - ANSWER D. 1

What is the transition order of STP states on a Layer 2 switch interface?
A. listening, learning, blocking, forwarding, disabled
B. listening, blocking, learning, forwarding, disabled
C. blocking, listening, learning, forwarding, disabled
D. forwarding, listening, learning, blocking, disabled - ANSWER C. blocking,
listening, learning, forwarding, disabled

Which sensor mode can deny attackers inline?
A. IPS
B. fail-close
C. IDS
D. fail-open - ANSWER A. IPS

Which options are filtering options used to display SDEE message types?
A. Stop
B. none
C. error
D. all - ANSWER C. error
D. all

When a company puts a security policy in place, what is the effect on the company's
business?
A. Minimizing risk
B. Minimizing total cost of ownership
C. Minimizing liability
D. Maximizing compliance - ANSWER A. Minimizing risk

Which wildcard mask is associated with a subnet mask of /27?
A. 0.0.0.31
B. 0.0.0.27
C. 0.0.0.224
D. 0.0.0.255 - ANSWER A. 0.0.0.31

Which statements about reflexive access lists are true? (Choose three)
A. Reflexive access lists create a permanent ACE
B. Reflexive access lists approximate session filtering using the established keyword
C. Reflexive access lists can be attached to standard named IP ACLs
D. Reflexive access lists support UDP sessions
E. Reflexive access lists can be attached to extended named IP ACLs

, F. Reflexive access lists support TCP sessions - ANSWER D. Reflexive access lists
support UDP sessions
E. Reflexive access lists can be attached to extended named IP ACLs
F. Reflexive access lists support TCP sessions

Which actions can a promiscuous IPS take to mitigate an attack?
A. modifying packets
B. requesting connection blocking
C. denying packets
D. resetting the TCP connection
E. requesting host blocking
F. denying frames - ANSWER B. requesting connection blocking
D. resetting the TCP connection
E. requesting host blocking

Which Cisco Security Manager application collects information about device status
and uses it to generate notifications and alerts?
A. FlexConfig
B. Device Manager
C. Report Manager
D. Health and Performance Monitor - ANSWER D. Health and Performance Monitor

Which command is needed to enable SSH support on a Cisco Router?
A. crypto key lock rsa
B. crypto key generate rsa
C. crypto key zeroize rsa
D. crypto key unlock rsa - ANSWER B. crypto key generate rsa

In which three ways does the TACACS protocol differ from RADIUS? (Choose three)
A. TACACS uses TCP to communicate with the NAS
B. TACACS can encrypt the entire packet that is sent to the NAS
C. TACACS authenticates and authorizes simultaneously, causing fewer packets to
be transmitted
D. TACACS uses UDP to communicate with the NAS
E. TACACS encrypts only the password field in an authentication packet
F. TACACS support per-command authorization - ANSWER A. TACACS uses TCP
to communicate with the NAS
B. TACACS can encrypt the entire packet that is sent to the NAS
F. TACACS support per-command authorization

What is the purpose of the Integrity component of the CIA triad?
A. to ensure that only authorized parties can modify data
B. to determine whether data is relevant
C. to create a process for accessing data
D. to ensure that only authorized parties can view data - ANSWER A. to ensure that
only authorized parties can modify data

Which two statements about Telnet access to the ASA are true? (Choose two).
A. You may VPN to the lowest security interface to telnet to an inside interface.
B. You must configure an AAA server to enable Telnet.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller leonardmuriithi061. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75759 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart