CCNA Security 210-260 IINS - Exam 2

Descripción

This exam tests the candidate's knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, and endpoint security using: SIEM Technology Cloud & Virtual Network Topologies BYOD Identity Services Engine 802.1x Authentication Cisco FirePOWER Anti-Malware/Cisco Advanced Malware Protection From Cisco.PracticeTest.210-260.v2016-07-06.by.Noah.154q.vce
Mike M
Test por Mike M, actualizado hace más de 1 año
Mike M
Creado por Mike M hace más de 8 años
4513
17

Resumen del Recurso

Pregunta 1

Pregunta
In which three ways does the RADIUS protocol differ from TACACS? (choose two)
Respuesta
  • RADIUS uses UDP to communicate with the NAS
  • RADIUS encrypts only the password field in an authentication packet
  • RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted
  • RADIUS uses TCP to communicate with the NAS
  • RADIUS can encrypt the entire packet that is sent to the NAS
  • RADIUS supports per-command authorization

Pregunta 2

Pregunta
Which countermeasures can mitigate ARP spoofing attacks? (Choose two)
Respuesta
  • DHCP Snooping
  • Port Security
  • Dynamic ARP inspection
  • IP Source Guard

Pregunta 3

Pregunta
In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three)
Respuesta
  • When matching ACL entries are configures
  • When the firewall requires strict HTTP inspection
  • When matching NAT entries are configured
  • When the firewall receives a SYN packet
  • When the firewall receives a SYN-ACK packet
  • When the firewall requires HTTP inspection

Pregunta 4

Pregunta
In which two situations should you use in-band management? (Choose two)
Respuesta
  • When management applications need concurrent access to the devices
  • When you require administartor access from multiple locations
  • When you require ROMMON access
  • When a network device fails to forward packets
  • When the control plane fails to respond.

Pregunta 5

Pregunta
Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two)
Respuesta
  • The key
  • The hash
  • The password
  • The transform set

Pregunta 6

Pregunta
Which security measures can protect the control plane of a Cisco router? (Choose two)
Respuesta
  • CPPr
  • Port security
  • Parser views
  • CoPP
  • Access control lists

Pregunta 7

Pregunta
Which RADIUS server authentication protocols are suported on Cisco ASA firewalls? (Choose three)
Respuesta
  • ASCII
  • MS-CHAPv1
  • PAP
  • MS-CHAPv2
  • PEAP
  • EAP

Pregunta 8

Pregunta
Which TACACS+ server authentication protocols are supported on Cisco ASA firewalls? (Choose three)
Respuesta
  • ASCII
  • MS-CHAPv1
  • EAP
  • MS-CHAPv2
  • PAP
  • PEAP

Pregunta 9

Pregunta
Which statement about reflexive access lists are true? (Choose three)
Respuesta
  • Reflexive access lists can be attached to extended named IP ACLs
  • Reflexive access lists support TCP sessions
  • Reflexive access lists approximate the session filtering using the established keyword
  • Reflexive access lists create a permanent ACE
  • Reflexive access lists can be attached to standard named IP ACLs
  • Reflexive access lists support UDP sessions

Pregunta 10

Pregunta
According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three)
Respuesta
  • HTTP
  • TFTP
  • 802.1x
  • MAB
  • DNS
  • BOOTP

Pregunta 11

Pregunta
Which two next-generation encryption algorithms does Cisco recommend? (Choose two)
Respuesta
  • DH-1024
  • SHA-384
  • 3DES
  • MD5
  • DES
  • AES

Pregunta 12

Pregunta
Which three statements describe DHCP spoofing attacks? (Choose three)
Respuesta
  • They are used to perform man-in-the-middle attacks
  • They can physically modify the network gateway
  • They can access most network devices
  • They use ARP poisoning
  • They protect the identity of the attacker by masking the DHCP address
  • They can modify traffic in transit

Pregunta 13

Pregunta
Which three ESP fields can be encrypted during transmission? (Choose three)
Respuesta
  • Padding
  • MAC Address
  • Security Parameter Index
  • Sequence Number
  • Next Header
  • Pad Length

Pregunta 14

Pregunta
In which three ways does the TACACS protocol differ from RADIUS? (Choose three)
Respuesta
  • TACACS uses UDP to communicate with the NAS
  • TACACS suports per-command authorization
  • TACACS can encrypt the entire packet that is sent to the NAS
  • TACACS encrypts only the password field in an authentication packet
  • TACACS uses TCP to communicate with the NAS
  • TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.

Pregunta 15

Pregunta
Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two)
Respuesta
  • Stop
  • Stop-record
  • Stop-only
  • Start-Stop

Pregunta 16

Pregunta
Which options are filtering options used to display SDEE message types? (Choose two)
Respuesta
  • All
  • Stop
  • Error
  • None

Pregunta 17

Pregunta
Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two)
Respuesta
  • HTTPS
  • SSH
  • AAA
  • HTTP
  • Telnet
  • FTP

Pregunta 18

Pregunta
What are two uses of SIEM software? (Choose two)
Respuesta
  • Performing automatic network audits
  • Collecting and archiving syslog data
  • Scanning email for suspicious attachments
  • Configuring firewall and IDS devices
  • Alerting administrators to security events in real time

Pregunta 19

Pregunta
You want to allow all of your company's users to access the Internet without allowing other web servers to collect the IP Addresses of individual users. What two solutions can you use? (Choose two)
Respuesta
  • Configure a firewall to use Port Address Translation
  • Configure a proxy server to hide users' local IP Addresses
  • Install a Web content filter to hide users' local IP Addresses
  • Assign the same IP address to all users
  • Assign unique IP addresses to all users

Pregunta 20

Pregunta
A data breach has occurred and your company database has been copied. Which security principle has been violated?
Respuesta
  • Access
  • Control
  • Availability
  • Confidentiality

Pregunta 21

Pregunta
Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?
Respuesta
  • SDEE
  • CSM
  • Syslog
  • SNMP

Pregunta 22

Pregunta
How can you detect a false negative on an IPS?
Respuesta
  • Review the IPS log
  • Review the IPS console
  • Use a third-party to audit the next-generation firewall rules
  • Use a third-party system to perform penetration testing
  • View the alert on the IPS

Pregunta 23

Pregunta
Which statement provides the best definition of malware?
Respuesta
  • Malware is tools and applications that remove unwanted programs
  • Malware is software used by nation states to commit cyber crimes
  • Malware is unwanted software that is harmful or destructive
  • Malware is a collection of worms, viruses, and Trojan horses that is distributed as a single package

Pregunta 24

Pregunta
How can FirePOWER block malicious email attachments?
Respuesta
  • It forwards email requrests to an external signature engine.
  • It scans inbound email messages for known bad URLs
  • It send an alert to the administrator to verify suspicious email messages
  • It send the traffic through a file policy

Pregunta 25

Pregunta
A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting?
Respuesta
  • Instruct the user to reconnect to the VPN gateway
  • Ensure that the RDP plug-in is installed on the VPN gateway
  • Reboot the VPN gateway
  • Ensure that the RDP2 plug-in is installed on the VPN gateway

Pregunta 26

Pregunta
Refer to the following commands: crypto map mymap match address 201 access-list 201 permit ip 10.10.10.0 255.255.255.0 10.100.100.0 255.255.255.0 What is the effect of the given command sequence?
Respuesta
  • It defines IKE policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24
  • It defines IPsec policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24
  • It defines IPsec policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24
  • It defines IKE policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24

Pregunta 27

Pregunta
Which Cisco Security Manager application collects information about the device status and uses it to generate notifications and alerts?
Respuesta
  • Health and Performance monitor
  • Device Manager
  • FlexConfig
  • Report Manager

Pregunta 28

Pregunta
You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?
Respuesta
  • Enable URL filtering and create a whitelist to block websites that violate company policy.
  • Enable URL filtering and use URL categorization to block the websites that violate company policy.
  • Enable URL filtering and use URL categorization to allow only the websites that company policy allows users to access
  • Enable URL filtering and create a blacklist to block the websites that violate company policy
  • Enable URL filtering and create a whitelist to allow only the websites that company policy allows users to access

Pregunta 29

Pregunta
Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?
Respuesta
  • Allow with inspection
  • Block
  • Allow without inspection
  • Monitor
  • Trust

Pregunta 30

Pregunta
You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security intelligence iP Address Reputation. A user calls and is not able to access a certain IP Address. What action can you take to allow the user access to the IP address?
Respuesta
  • Create a user based access control rule to allow the traffic
  • Create a custom blacklist to allow the traffic
  • Create a whitelist and add the appropriate IP address to allow the traffic
  • Create a network based access control rule to allow the traffic
  • Create a rule to bypass inspection to allow the traffic

Pregunta 31

Pregunta
Refer to the following commands: authentication event fail action next-method authentication event no-response action authorize vlan 101 authentication order mab dot1x webauth authentication priority dot1x mab authentication port-control auto dot1x pae authenticator If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?
Respuesta
  • The authentication attempt will time out and the switch will place the port into unauthorized state.
  • The switch will cycle through the configured authentication methods indefinitely.
  • The authentication attempt will time out and the switch will place the port into VLAN 101.
  • The supplicant will fail to advance beyond the webauth method

Pregunta 32

Pregunta
In which stage on an attack does the attacker discover devices on a target network?
Respuesta
  • Covering tracks
  • Maintaining access
  • Gaining access
  • Reconnaissance

Pregunta 33

Pregunta
Which statement about personal firewalls is true?
Respuesta
  • They can protect a system by denying probing requests.
  • They can protect the network against attacks.
  • They can protect email messages and private documents in a similar way to a VPN.
  • They are resilient against kernel attacks.

Pregunta 34

Pregunta
What is a possible reason for the error message: Router(config)#aaa server? % Unrecognized command
Respuesta
  • The router is already running the latest operating system
  • The command is invalid on the target device
  • The router is a new device on which the aaa new-model command must be applied before continuing
  • The command syntax requires a space after the word "server"

Pregunta 35

Pregunta
Which command is needed to enable SSH support on a Cisco Router?
Respuesta
  • crypto key unlock rsa
  • crypto key lock rsa
  • crypto key generate rsa
  • crypto key zeorize rsa

Pregunta 36

Pregunta
What is the transition order of STP in states on a Layer 2 switch interface?
Respuesta
  • blocking, listening, learning, forwarding, disabled
  • forwarding, listening, learning, blocking, disabled
  • listening, learning, blocking, forwarding, disabled
  • listening, blocking, learning, forwarding, disabled

Pregunta 37

Pregunta
Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?
Respuesta
  • Community for hosts in the PVLAN
  • Span for hosts in the PVLAN
  • Isolated for hosts in the PVLAN
  • Promiscuous for hosts in the PVLAN

Pregunta 38

Pregunta
What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?
Respuesta
  • 5 seconds
  • 10 seconds
  • 15 seconds
  • 20 seconds

Pregunta 39

Pregunta
Refer to the following output: R1>show clock detail .22.22:35.123 UTC Tue Feb 26 2013 Time source is NTP Which statement about the device time is true?
Respuesta
  • The time is not authoritative
  • NTP is configured incorrectly
  • The clock is out of sync
  • The time is authoritative because the clock is in sync
  • The time is authoritative, but the NTP process has lost contact with its servers

Pregunta 40

Pregunta
Refer to the following output: 209.114.111.1 configured, ipv4, sane, valid, stratum 2 ref ID 132.163.4.103 , time D7AD124D.9D6FC576 (03:17:33.614 UTC Sun Aug 31 2014) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 46.34 msec, root disp 23.52, reach 1, sync dist 268.59 delay 63.27msec, offset 7.9817 msec, dispersion 107.56, jitter 2.07 msec precision 2**23, version 4 204.2.134.164 configured, ipv4, sane, valid, stratum 2 ref ID 10.241.199.164.101, time D7AD1419.9EB5272B (03:25:13.619 UTC Sun Aug 31 2014) our mode client, peer mode server, our poll intvl 64, peer poll intvl 256 root delay 30.83 msec, root disp 4.88, reach 1, sync dist 223.80 delay 58.68msec, offset 6.4331 msec, dispersion 187.55, jitter 1.38 msec precision 2**20, version 4 192.168.10.7 configured, ipv4, our_master, sane, valid, stratum 3 ref ID 106.61.73.243 , time D7AD0D8F.AE79A23A (02:57:19.681 UTC Sun Aug 31 2014) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 86.45 msec, root disp 87.82, reach 377, sync dist 134.25 delay 0.89 msec, offset 19.5087 msec, dispersion 1.69, jitter 0.84 msec precision 2**32, version 4 With which NTP server has the router synchronized?
Respuesta
  • 204.2.134.164
  • 192.168.10.7
  • 209.114.111.1
  • 132.163.4.103
  • 241.199.164.101
  • 108.61.73.243

Pregunta 41

Pregunta
For what reason would you configure multiple security contexts on the ASA firewall?
Respuesta
  • To provide redundancy and high availability within the organization.
  • To enable the use of VRFs on routers that are adjacently connected
  • To separate different departments and business units
  • To enable the use of multicast routing and QoS through the firewall

Pregunta 42

Pregunta
Which type of encryption technology has the broadest platform support to protect operating systems?
Respuesta
  • file-level
  • software
  • hardware
  • middleware

Pregunta 43

Pregunta
Which type of security control is defense in depth?
Respuesta
  • Botnet mitigation
  • Overt and covert channels
  • Threat mitigation
  • Risk analysis

Pregunta 44

Pregunta
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
Respuesta
  • Deny the connection inline
  • Deploy an antimalware system
  • Perform a Layer 6 reset
  • Enable bypass mode

Pregunta 45

Pregunta
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
Respuesta
  • Inline Normalization
  • IP Defragmentation
  • Rate-Based Prevention
  • Portscan Detection

Pregunta 46

Pregunta
What is a potential drawback to leaving VLAN 1 as the native VLAN?
Respuesta
  • The CAM might be overloaded, effectively turning the switch into a hub.
  • Gratititous ARPs might be able to conduct a man-in-the-middle attack.
  • It may be susceptible to a VLAN hopping attack.
  • VLAN 1 might be vulnerable to IP Address spoofing.

Pregunta 47

Pregunta
Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path?
Respuesta
  • Unicast Reverse Path Forwarding
  • Unidirectional Link Detection
  • IP Source Guard
  • TrustSec

Pregunta 48

Pregunta
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
Respuesta
  • EtherChannel guard
  • Loop guard
  • PortFast
  • BPDU Guard

Pregunta 49

Pregunta
How does the Cisco ASA use Active Directory to authorize VPN users?
Respuesta
  • It send the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server
  • It queries the Active Directory server for a specific attribute for the specified user
  • It downloads and stores the Active Directory database to query for future authorization requests
  • It redirects requests to the Active Directory server defined for the VPN group.

Pregunta 50

Pregunta
What command can you use to verify the binding table status?
Respuesta
  • show ip dhcp snooping database
  • show ip dhcp snooping statistics
  • show ip dhcp pool
  • show ip dhcp source binding
  • show ip dhcp snooping binding
  • show ip dhcp snooping
Mostrar resumen completo Ocultar resumen completo

Similar

CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
CCNA Security 210-260 IINS - Exam 3
Mike M
CCNA Security 210-260 IINS - Exam 1
irvin pastora
CCNA Security Final Exam
Maikel Degrande
CCNA Answers – CCNA Exam
Abdul Demir
SQL Quiz
R M
Application of technology in learning
Jeff Wall
The SAT Math test essentials list
lizcortland
Innovative Uses of Technology
John Marttila