New 210-260 exam questions from PassLeader 210-260 dumps! Welcome to download the newest PassLeader 210-260 VCE and PDF dumps: http://www.passleader.com/210-260.html (488 Q&As –> 520 Q&As –> 537 Q&As –> 553 Q&As)
P.S. Free 210-260 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg
QUESTION 51
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A. Perform a Layer 6 reset
B. Deploy an antimalware system
C. Enable bypass mode
D. Deny the connection inline
Answer: D
QUESTION 52
Which statement about Cisco ACS authentication and authorization is true?
A. ACS servers can be clustered to provide scalability
B. ACS can query multiple Active Directory domains
C. ACS uses TACACS to proxy other authentication servers
D. ACS can use only one authorization profile to allo or deny requests
Answer: A
QUESTION 53
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
A. Stateful inspection of multicast traffic is supported only for the self zone
B. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone
C. Only control plane policing can protect the control plane against multicast traffic
D. Stateful inspection of multicast traffic is supported only for the internal zone
Answer: C
QUESTION 54
What is one requirement for locking a wired or wireless device from ISE?
A. The ISE agent must be installed on the device
B. The device must be connnected to the network when the lock command is executed
C. The user must approve the locking action
D. The organization must implement an acceptable use policy allowing device locking
Answer: A
QUESTION 55
Refer to the exhibit. What type of firewall would use the given cofiguration line?
A. a stateful firewall
B. a personal firewall
C. a proxy firewall
D. an application firewall
E. a stateless firewall
Answer: A
QUESTION 56
What are two default Cisco IOS privilege levels? (Choose two)
A. 0
B. 5
C. 1
D. 7
E. 10
F. 15
Answer: CF
QUESTION 57
What is the effect of the given command sequence?
A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a desstination of 10.100.100.0/24
B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24
C. it defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24
D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24
Answer: A
QUESTION 58
Which tool can an attacker use to attempt a DDos attack?
A. botnet
B. Trojan horse
C. virus
D. adware
Answer: A
QUESTION 59
how does the Cisco ASA use Active Directory to authorize VPN users?
A. It queries the Active Directory server for a Specfic attribute for the specific user
B. It sends the username and password to retire an ACCEPT or Reject message from the Active Directory server
C. It downloads and stores the Active Directory databas to query for future authorization
D. It redirects requests to the Active Directory server defined for the VPN group
Answer: A
QUESTION 60
Which statement about application blocking is true?
A. It blocks access to files with specific extensions
B. It blocks access to specific network addresses
C. It blocks access to specific programs
D. It blocks access to specific network services
Answer: C
QUESTION 61
For what reason would you configure multiple security contexts on the ASA firewall?
A. To enable the use of VFRs on routers that are adjacently connected
B. To provide redundancy and high availability within the organization
C. To enable the use of multicast routing and QoS through the firewall
D. To seperate different departments and business units
Answer: D
QUESTION 62
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection.
A. split tunneling
B. hairpinning
C. tunnel mode
D. transparent mode
Answer: A
QUESTION 63
When is the best time to perform an anti-virus signature update?
A. When the local scanner has detected a new virus
B. When a new virus is discovered in the wild
C. Every time a new update is available
D. When the system detects a browser hook
Answer: C
QUESTION 64
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.
B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.
C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.
D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59 00 local time on December 31, 2013.
E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.
F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely.
Answer: B
QUESTION 65
Which Statement about personal firewalls is true?
A. They are resilient against kernal attacks
B. They can protect email messages and private documents in a similar way to a VPN
C. They can protect the network against attacks
D. They can protect a system by denying probing requests
Answer: D
QUESTION 66
Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?
A. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1
B. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5
C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5
D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets
Answer: B
QUESTION 67
Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscous port
B. The isolated port can communicate with other isolated ports and the promiscuous port
C. The isolated port can communicate only with community ports
D. The isolated port can communicate only with other isolated ports
Answer: A
QUESTION 68
Which three statements about host-based IPS are true? (Choose three)
A. It can view encrypted files
B. It can be deployed at the perimeter
C. It uses signature-based policies
D. It can have more restrictive policies than network-based IPS
E. It works with deployed firewalls
F. It can generate alerts based on behavior at the desktop level
Answer: ADF
Explanation:
The key word here is ‘Cisco’, and Cisco’s host-based IPS, CSA, is NOT signature-based and CAN view encrypted files.
QUESTION 69
What type of security support is provided by the Open Web Application Security Project?
A. Education about common Web site vulnerabilities
B. A wb site security framework
C. A security discussion forum for Web site developers
D. Scoring of common vulnerabilities and exposures
Answer: A
QUESTION 70
Refer to the exhibit. Which statement about the device time is true?
A. The time is authoritative because the clock is in sync
B. The time is authoritative, but the NTP process has lost contact with its servers
C. The clock is out of sync
D. NTP is configured incorrectly
E. The time is not authoritative
Answer: B
New 210-260 exam questions from PassLeader 210-260 dumps! Welcome to download the newest PassLeader 210-260 VCE and PDF dumps: http://www.passleader.com/210-260.html (488 Q&As –> 520 Q&As –> 537 Q&As –> 553 Q&As)
P.S. Free 210-260 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg