Cisco 210-260 Exam Practice Question

Cisco Exam PDF

Your skills to implement Cisco network security are measured in the 210-260 exam. CCNA Security 210-260 dumps by DumpsSchool enable you to gain skills about Cisco network security. Relevant exam questions of CCNA Security dumps are enough for you to succeed in the 210-260 exam of CCNA Security certification.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Which two statements about stateless firewalls are true? (Choose two.)

Answer: A, B

In stateless inspection, the firewall inspects a packet to determine the 5-tuple–source and destination IP addresses and ports, and protocol–information contained in the packet. This static information is then compared against configurable rules to determine whether to allow or drop the packet.

In stateless inspection the firewall examines each packet individually, it is unaware of the packets that have passed through before it, and has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is a rogue packet.

Source: http://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/19-0/XMART/PSF/19-PSF-Admin/19-PSF- Admin_chapter_01.html

Question No. 2

Which NAT option is executed first during in case of multiple nat translations?

Answer: D

Question No. 3

Which statement about zone-based firewall configuration is true?

Answer: C

Question No. 4

Which two statements about hardware-based encryption are true? (Choose two.)

Answer: C, E

Question No. 5

Which IPS detection method can you use to detect attacks that based on the attackers IP addresses?

Answer: C

Question No. 6

Which two statements about Telnet access to the ASA are true? (Choose two).

Answer: A, E

The ASA allows Telnet and SSH connections to the ASA for management purposes. You cannot use Telnet to the lowest security interface unless you use Telnet inside an IPSec tunnel.

Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ access_management.html#wp1054101

Question No. 7

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

Answer: B, D, E

Promiscuous Mode Event Actions

+ Request block host: This event action will send an ARC request to block the host for a specified time frame, preventing any further communication. This is a severe action that is most appropriate when there is minimal chance of a false alarm or spoofing.

+ Request block connection: This action will send an ARC response to block the specific connection. This action is appropriate when there is potential for false alarms or spoofing. + Reset TCP connection: This action is TCP specific, and in instances where the attack requires several TCP packets, this can be a successful action.

Source: http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html#7

Question No. 8

Which command enables port security to use sticky MAC addresses on a switch?

Answer: A

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html