Exact2pass Cisco-210-260

Transcription

Cisco
210-260
Implementing Cisco Network Security
Web: www.exact2pass.com
Version: Demo
Email: [email protected]
[ Total Questions: 10]
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at [email protected]
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at [email protected] and our technical experts will provide support within 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Exact Questions
Cisco - 210-260
Exam Topic Breakdown
Exam Topic
Number of Questions
Topic 1 : Exam Pool A
3
Topic 4 : New Questions
3
Topic 2 : Exam Pool B
3
Topic 3 : Exam Pool C
1
TOTAL
10
Only exact questions will Pass You in Exam
1 of 47
Exact Questions
Cisco - 210-260
Topic 1, Exam Pool A
Question #:1 - (Exam Topic 1)
Which two statements about Telnet access to the ASA are true? (Choose two).
A. You may VPN to the lowest security interface to telnet to an inside interface.
B. You must configure an AAA server to enable Telnet.
C. You can access all interfaces on an ASA using Telnet.
D. You must use the command virtual telnet to enable Telnet.
E. Best practice is to disable Telnet and use SSH.
Answer: A E
Explanation
The ASA allows Telnet and SSH connections to the ASA for management purposes. You cannot use Telnet to
the lowest security interface unless you use Telnet inside an IPSec tunnel.
Source:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/
access_management.html#wp1054101
What is the transition order of STP states on a Layer 2 switch interface?
A. listening, learning, blocking, forwarding, disabled
B. listening, blocking, learning, forwarding, disabled
C. blocking, listening, learning, forwarding, disabled
D. forwarding, listening, learning, blocking, disabled
Answer: C
Explanation
STP switch port states:
+ Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a
blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm
2 of 47
Exact Questions
Cisco - 210-260
determines the port may transition to the forwarding state. BPDU data is still received in blocking state.
Prevents the use of looped paths.
+ Listening - The switch processes BPDUs and awaits possible new information that would cause it to return
to the blocking state. It does not populate the MAC address table and it does not forward frames.
+ Learning - While the port does not yet forward frames it does learn source addresses from frames received
and adds them to the filtering database (switching database). It populates the MAC address table, but does not
forward frames.
+ Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that
would indicate it should return to the blocking state to prevent a loop.
+ Disabled - Not strictly part of STP, a network administrator can manually disable a port Source:
https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
Scenario
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then
answer the five multiple choice questions about the ASA SSLVPN configurations.
To access ASDM, click the ASA icon in the topology diagram.
Note: Not all ASDM functionalities are enabled in this simulation.
To see all the menu options available on the left navigation pane, you may also need to un-expand the
expanded menu first.
3 of 47
Exact Questions
Cisco - 210-260
4 of 47
Exact Questions
Cisco - 210-260
5 of 47
Exact Questions
Cisco - 210-260
6 of 47
Exact Questions
Cisco - 210-260
7 of 47
Exact Questions
Cisco - 210-260
8 of 47
Exact Questions
Cisco - 210-260
9 of 47
Exact Questions
Cisco - 210-260
10 of 47
Exact Questions
Cisco - 210-260
11 of 47
Exact Questions
Cisco - 210-260
12 of 47
Exact Questions
Cisco - 210-260
13 of 47
Exact Questions
Cisco - 210-260
14 of 47
Exact Questions
Cisco - 210-260
15 of 47
Exact Questions
Cisco - 210-260
16 of 47
Exact Questions
Cisco - 210-260
17 of 47
Exact Questions
Cisco - 210-260
18 of 47
Exact Questions
Cisco - 210-260
19 of 47
Exact Questions
Cisco - 210-260
20 of 47
Exact Questions
Cisco - 210-260
21 of 47
Exact Questions
Cisco - 210-260
22 of 47
Exact Questions
Cisco - 210-260
23 of 47
Exact Questions
Cisco - 210-260
24 of 47
Exact Questions
Cisco - 210-260
25 of 47
Exact Questions
Cisco - 210-260
26 of 47
Exact Questions
Cisco - 210-260
27 of 47
Exact Questions
Cisco - 210-260
28 of 47
Exact Questions
Cisco - 210-260
29 of 47
Exact Questions
Cisco - 210-260
30 of 47
Exact Questions
Cisco - 210-260
31 of 47
Exact Questions
Cisco - 210-260
32 of 47
Exact Questions
Cisco - 210-260
33 of 47
Exact Questions
Cisco - 210-260
34 of 47
Exact Questions
Cisco - 210-260
Which two statements regarding the ASA VPN configurations are correct? (Choose two)
A. The ASA has a certificate issued by an external Certificate Authority associated to the
ASDM_TrustPoint1.
B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method.
C. The Inside-SRV bookmark references thehttps://192.168.1.2URL
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside-SRV bookmark has not been applied to the Sales group policy
Answer: B C
Explanation
For B:
35 of 47
Exact Questions
Cisco - 210-260
36 of 47
Exact Questions
Cisco - 210-260
For C, Navigate to the Bookmarks tab:
Then hit “edit” and you will see this:
37 of 47
Exact Questions
Cisco - 210-260
Not A, as this is listed under the Identity Certificates, not the CA certificates:
38 of 47
Exact Questions
Cisco - 210-260
39 of 47
Exact Questions
Cisco - 210-260
Note E:
40 of 47
Exact Questions
Cisco - 210-260
41 of 47
Exact Questions
Cisco - 210-260
42 of 47
Exact Questions
Cisco - 210-260
Topic 4, New Questions
Which two statements about routed firewall mode are true? (Choose two.)
A. By default, this mode permits most traffic to pass through the firewall.
B. The mode allows the firewall to be added to an existing network with minimal additional configuration.
C. The firewall acts as a routed hop in the network.
D. This mode conceals the presence of the firewall
E. The firewall requires a unique IP address for each interface.
Answer: C E
Which two types of firewalls work at Layer 4 and above? (Choose two.)
A. application-level firewall
B. static packet filter
C. stateful inspection
D. Network Address Translation
E. circuit-level gateway
Answer: B C
Explanation
Dynamic or Stateful Packet-Filtering Firewalls
Stateful inspection is a firewall architecture classified at the network layer; although, for some applications it
can analyze traffic at Layers 4 and 5, too.
Unlike static packet filtering, stateful inspection tracks each connection traversing all interfaces of the firewall
and confirms that they are valid. Stateful packet filtering maintains a state table and allows modification to the
security rules dynamically. The state table is part of the internal structure of the firewall. It tracks all sessions
and inspects all packets passing through the firewall.
43 of 47
Exact Questions
Cisco - 210-260
Although this is the primary Cisco Firewall technology, it has some limitations:
Cannot prevent application layer attacks.
Not all protocols are stateful.
Some applications open multiple connections.
Does not support user authentication.
http://www.ciscopress.com/articles/article.asp?p=1888110
Which two parameters can you view in the Cisco ASDM Protocol Statistics window? (Choose two )
A. the number of active tunnels
B. the number of rejected connection attempts
C. the number of tunnels that have been established since the Cisco ASA was rebooted
D. the number of closed tunnels
E. the user attempting the connection
Answer: A E
44 of 47
Exact Questions
Cisco - 210-260
Topic 2, Exam Pool B
Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?
A. community for hosts in the PVLAN
B. promiscuous for hosts in the PVLAN
C. isolated for hosts in the PVLAN
D. span for hosts in the PVLAN
Answer: A
Explanation
The types of private VLAN ports are as follows:
+ Promiscuous - The promiscuous port can communicate with all interfaces, including the community and
isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated
with the primary VLAN
+ Isolated - This port has complete isolation from other ports within the same private VLAN domain, except
that it can communicate with associated promiscuous ports.
+ Community -- A community port is a host port that belongs to a community secondary VLAN. Community
ports communicate with other ports in the same community VLAN and with associated promiscuous ports.
These interfaces are isolated from all other interfaces in other communities and from all isolated ports within
the private VLAN domain.
Source:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/
CLIConfigurationGuide/PrivateVLANs.html#42874
In which three ways does the RADIUS protocol differ from TACACS? (Choose three.)
A. RADIUS uses UDP to communicate with the NAS.
B. RADIUS encrypts only the password field in an authentication packet.
C. RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
D.
45 of 47
Exact Questions
Cisco - 210-260
D. RADIUS uses TCP to communicate with the NAS.
E. RADIUS can encrypt the entire packet that is sent to the NAS.
F. RADIUS supports per-command authorization.
Answer: A B C
Explanation
Cisco Official Certification Guide, Table 3-2 TACACS+ Versus RADIUS, p.40
In the router ospf 200 command, what does the value 200 stand for?
A. process ID
B. area ID
C. administrative distance value
D. ABR ID
Answer: A
Explanation
Enabling OSPF
SUMMARY STEPS
1. enable
2. configure terminal
3. router ospf process-id
4. network ip-address wildcard-mask area area-id
5. end
Source:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/12-4t/iro-12-4t-book/irocfg.html
46 of 47
Exact Questions
Cisco - 210-260
Topic 3, Exam Pool C
Which NAT option is executed first during in case of multiple nat translations?
A. dynamic nat with shortest prefix
B. dynamic nat with longest prefix
C. static nat with shortest prefix
D. static nat with longest prefix
Answer: D
47 of 47
About exact2pass.com
exact2pass.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
Sales: [email protected]
Feedback: [email protected]
Support: [email protected]
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.

Exact2pass Cisco-210-260

Transcription

Similar documents

Cisco Recruitment Session* When

1 Getting Started with the Cicso Skills Assessment & Application

Exact2pass Cisco-200-125

Financial Settings

Cisco 100-Gigabit Transceiver Modules Compatibility Matrix

African customers, African partners PM Zone: Foreign Customers

Release Notes for All Hot Patches for AsyncOS 9.0 for Cisco Content

Cisco Energy Management Roadshow

Cisco OS Bug Scrub Engineer

HP-HPE6-A41-Exact2pass