This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:32:46 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Latest Lead2pass 210-260 Exam Free 210-260 Dumps Download (61-80) --------------------------------------------------- 2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Good news, Lead2pass has updated the 210-260 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 210-260 exam easily. Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/210-260.html QUESTION 61For what reason would you configure multiple security contexts on the ASA firewall? A.    To enable the use of VFRs on routers that are adjacently connectedB.    To provide redundancy and high availability within the organizationC.    To enable the use of multicast routing and QoS through the firewallD.    To seperate different departments and business unitsAnswer: D QUESTION 62What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection. A.    split tunnelingB.    hairpinningC.    tunnel modeD.    transparent mode Answer: A QUESTION 63When is the best time to perform an anti-virus signature update? A.    When the local scanner has detected a new virusB.    When a new virus is discovered in the wildC.    Every time a new update is availableD.    When the system detects a browser hook Answer: C QUESTION 64What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command? A.    It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.B.    It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.C.    It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.D.    It configures the device to generate a new authentication key and transmit it to other devices at 23:59 00 local time on December 31, 2013.E.    It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.F.    It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely. Answer: B QUESTION 65Which Statement about personal firewalls is true? A.    They are resilient against kernal attacksB.    They can protect email messages and private documents in a similar way to a VPNC.    They can protect the network against attacksD.    They can protect a system by denying probing requests Answer: D QUESTION 66Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?   A.    ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1B.    IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5C.    IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5D.    IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets Answer: B QUESTION 67Which statement about a PVLAN isolated port configured on a switch is true? A.    The isolated port can communicate only with the promiscous portB.    The isolated port can communicate with other isolated ports and the promiscuous portC.    The isolated port can communicate only with community portsD.    The isolated port can communicate only with other isolated ports Answer: A QUESTION 68Which three statements about host-based IPS are true? (Choose three) A.    It can view encrypted filesB.    It can be deployed at the perimeterC.    It uses signature-based policiesD.    It can have more restrictive policies than network-based IPSE.    It works with deployed firewallsF.    It can generate alerts based on behavior at the desktop level. Answer: ADFExplanation:The key word here is 'Cisco', and Cisco's host-based IPS, CSA, is NOT signature-based and CAN view encrypted files. QUESTION 69What type of security support is provided by the Open Web Application Security Project? A.    Education about common Web site vulnerabilitiesB.    A wb site security frameworkC.    A security discussion forum for Web site developersD.    Scoring of common vulnerabilities and exposures Answer: A QUESTION 70Refer to the exhibit. Which statement about the device time is true?   A.    The time is authoritative because the clock is in syncB.    The time is authoritative, but the NTP process has lost contact with its serversC.    The clock is out of syncD.    NTP is configured incorrectlyE.    The time is not authoritative Answer: B QUESTION 71In what type of attack does an attacker virtually change a devices burned in address in an attempt to circumvent access lists and mask the device's true identity? A.    gratuitous ARPB.    ARP poisoningC.    IP SpoofingD.    MAC Spoofing Answer: D QUESTION 72How does a zone-based firewall implementation handle traffic between Interfaces in the same Zone? A.    traffic between interfaces in the same zone is blocked unless yoc configure the same-security permit commandB.    Traffic between interfaces in the same zone is always blockedC.    Traffic between two interfaces in the same zone is allowed by defaultD.    Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair Answer: C QUESTION 73An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity? A.    The switch could offer fake DHCP addresses.B.    The switch could become the root bridge.C.    The switch could be allowed to join the VTP domainD.    The switch could become a transparent bridge. Answer: B QUESTION 74Which two next generation encrytption algorithms does Cisco recommend? (Choose two) A.    AESB.    3DESC.    DESD.    MD5E.    DH-1024F.    SHA-384 Answer: AF QUESTION 75In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three). A.    when a matching TCP connection is foundB.    when the firewall requires strict HTTP inspectionC.    when the firewall receives a FIN packetD.    when matching ACL entries are configuredE.    when the firewall requires HTTP inspectionF.    when matching NAT entries are configured Answer: ADF QUESTION 76Which two features do CoPP and CPPr use to protect the control plane? (Choose two) A.    QoSB.    traffic classificationC.    access listsD.    policy mapsE.    class mapsF.    Cisco Express Forwarding Answer: AB QUESTION 77What is an advantage of implementing a Trusted Platform Module for disk encryption? A.    It provides hardware authenticationB.    It allows the hard disk to be transferred to another device without requiring re-encryption.disC.    it supports a more complex encryption algorithm than other disk-encryption technologies.D.    it can protect against single poins of failure. Answer: A QUESTION 78Refer to the exhibit. What is the effect of the given command sequence?   A.    It configures IKE Phase 1B.    It configures a site-to-site VPN TunnelC.    It configures a crypto policy with a key size of 14400D.    It configures IPSec Phase 2 Answer: A QUESTION 79A specific URL has been identified as containing malware. What action can you take to block users from accidentaly visiting the URL and becoming infected with malware? A.    Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the routers local URL listB.    Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewalls local URL listC.    Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router.D.    Enable URL filtering on the perimeter router and add the URLs you want to block to the routers local URL listE.    Create a whitelist that contains the URls you want to allow and activate the whitelist on the perimeter router. Answer: D QUESTION 80If you change the native VLAN on the port to an unused VLAN, what happens if an attacker attempts a double tagging attack? A.    The trunk port would go into an error-disable state.B.    A VLAN hopping attack would be successfulC.    A VLAN hopping attack would be preventedD.    the attacked VLAN will be pruned Answer: C Once there are some changes on 210-260 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition. 210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk 2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass: http://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-04 04:06:51 Post date GMT: 2017-07-04 04:06:51 Post modified date: 2017-07-04 04:06:51 Post modified date GMT: 2017-07-04 04:06:51 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com