Loading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js
Mike M
Test por , creado hace más de 1 año

This exam tests the candidate's knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, and endpoint security using: SIEM Technology Cloud & Virtual Network Topologies BYOD Identity Services Engine 802.1x Authentication Cisco FirePOWER Anti-Malware/Cisco Advanced Malware Protection From Cisco.PracticeTest.210-260.v2016-07-06.by.Noah.154q.vce

4516
17
4
Mike M
Creado por Mike M hace más de 8 años
Valora este recurso haciendo click en las estrellas a continuación:
1 2 3 4 5 (9)
Puntuaciones (9)
5
4
0
0
0

4 comentarios

about 8 years ago
Q22 , Explanation: A false negative, however, is when there is malicious traffic on the network, and for whatever reason the IPS/IDS did not trigger an alert, so there is no visual indicator (at least from the IPS/IDS system) that anything negative is going on. In the case of a false negative, you must use some third-party or external system to alert you to the problem at hand, such as syslog messages from a network device.
about 8 years ago
Hi, Q3: Correct answer When matching ACL entries are configures When matching NAT entries are configured When the firewall requires HTTP inspection
about 8 years ago (edited)
accounting has just three notice: none No accounting. start-stop Record start and stop without waiting stop-only Record stop when service terminates. stop-record actual just for IOS XE
over 8 years ago
hi, Q15 is Stop-Only and Start-stop.
Cerrar

CCNA Security 210-260 IINS - Exam 2

Pregunta 1 de 50 Pregunta 1 de 50

1

In which three ways does the RADIUS protocol differ from TACACS? (choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • RADIUS uses UDP to communicate with the NAS

  • RADIUS uses TCP to communicate with the NAS

  • RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted

  • RADIUS supports per-command authorization

  • RADIUS encrypts only the password field in an authentication packet

  • RADIUS can encrypt the entire packet that is sent to the NAS

Explicación

Pregunta 2 de 50 Pregunta 2 de 50

1

Which countermeasures can mitigate ARP spoofing attacks? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • Dynamic ARP inspection

  • Port Security

  • DHCP Snooping

  • IP Source Guard

Explicación

Pregunta 3 de 50 Pregunta 3 de 50

1

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • When the firewall requires HTTP inspection

  • When the firewall receives a SYN packet

  • When the firewall receives a SYN-ACK packet

  • When the firewall requires strict HTTP inspection

  • When matching ACL entries are configures

  • When matching NAT entries are configured

Explicación

Pregunta 4 de 50 Pregunta 4 de 50

1

In which two situations should you use in-band management? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • When a network device fails to forward packets

  • When you require ROMMON access

  • When management applications need concurrent access to the devices

  • When you require administartor access from multiple locations

  • When the control plane fails to respond.

Explicación

Pregunta 5 de 50 Pregunta 5 de 50

1

Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • The key

  • The hash

  • The transform set

  • The password

Explicación

Pregunta 6 de 50 Pregunta 6 de 50

1

Which security measures can protect the control plane of a Cisco router? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • CoPP

  • CPPr

  • Access control lists

  • Port security

  • Parser views

Explicación

Pregunta 7 de 50 Pregunta 7 de 50

1

Which RADIUS server authentication protocols are suported on Cisco ASA firewalls? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • ASCII

  • MS-CHAPv2

  • EAP

  • PAP

  • MS-CHAPv1

  • PEAP

Explicación

Pregunta 8 de 50 Pregunta 8 de 50

1

Which TACACS+ server authentication protocols are supported on Cisco ASA firewalls? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • MS-CHAPv2

  • MS-CHAPv1

  • PAP

  • EAP

  • ASCII

  • PEAP

Explicación

Pregunta 9 de 50 Pregunta 9 de 50

1

Which statement about reflexive access lists are true? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • Reflexive access lists approximate the session filtering using the established keyword

  • Reflexive access lists can be attached to extended named IP ACLs

  • Reflexive access lists support UDP sessions

  • Reflexive access lists create a permanent ACE

  • Reflexive access lists can be attached to standard named IP ACLs

  • Reflexive access lists support TCP sessions

Explicación

Pregunta 10 de 50 Pregunta 10 de 50

1

According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • DNS

  • HTTP

  • 802.1x

  • MAB

  • BOOTP

  • TFTP

Explicación

Pregunta 11 de 50 Pregunta 11 de 50

1

Which two next-generation encryption algorithms does Cisco recommend? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • DES

  • 3DES

  • SHA-384

  • DH-1024

  • MD5

  • AES

Explicación

Pregunta 12 de 50 Pregunta 12 de 50

1

Which three statements describe DHCP spoofing attacks? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • They use ARP poisoning

  • They can access most network devices

  • They can modify traffic in transit

  • They are used to perform man-in-the-middle attacks

  • They protect the identity of the attacker by masking the DHCP address

  • They can physically modify the network gateway

Explicación

Pregunta 13 de 50 Pregunta 13 de 50

1

Which three ESP fields can be encrypted during transmission? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • Sequence Number

  • Security Parameter Index

  • MAC Address

  • Padding

  • Next Header

  • Pad Length

Explicación

Pregunta 14 de 50 Pregunta 14 de 50

1

In which three ways does the TACACS protocol differ from RADIUS? (Choose three)

Selecciona una o más de las siguientes respuestas posibles:

  • TACACS uses UDP to communicate with the NAS

  • TACACS can encrypt the entire packet that is sent to the NAS

  • TACACS encrypts only the password field in an authentication packet

  • TACACS suports per-command authorization

  • TACACS uses TCP to communicate with the NAS

  • TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.

Explicación

Pregunta 15 de 50 Pregunta 15 de 50

1

Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • Stop

  • Stop-record

  • Stop-only

  • Start-Stop

Explicación

Pregunta 16 de 50 Pregunta 16 de 50

1

Which options are filtering options used to display SDEE message types? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • Stop

  • None

  • All

  • Error

Explicación

Pregunta 17 de 50 Pregunta 17 de 50

1

Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • AAA

  • SSH

  • FTP

  • Telnet

  • HTTP

  • HTTPS

Explicación

Pregunta 18 de 50 Pregunta 18 de 50

1

What are two uses of SIEM software? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • Alerting administrators to security events in real time

  • Configuring firewall and IDS devices

  • Scanning email for suspicious attachments

  • Collecting and archiving syslog data

  • Performing automatic network audits

Explicación

Pregunta 19 de 50 Pregunta 19 de 50

1

You want to allow all of your company's users to access the Internet without allowing other web servers to collect the IP Addresses of individual users. What two solutions can you use? (Choose two)

Selecciona una o más de las siguientes respuestas posibles:

  • Assign the same IP address to all users

  • Configure a firewall to use Port Address Translation

  • Install a Web content filter to hide users' local IP Addresses

  • Assign unique IP addresses to all users

  • Configure a proxy server to hide users' local IP Addresses

Explicación

Pregunta 20 de 50 Pregunta 20 de 50

1

A data breach has occurred and your company database has been copied. Which security principle has been violated?

Selecciona una de las siguientes respuestas posibles:

  • Access

  • Control

  • Availability

  • Confidentiality

Explicación

Pregunta 21 de 50 Pregunta 21 de 50

1

Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?

Selecciona una de las siguientes respuestas posibles:

  • SNMP

  • CSM

  • SDEE

  • Syslog

Explicación

Pregunta 22 de 50 Pregunta 22 de 50

1

How can you detect a false negative on an IPS?

Selecciona una de las siguientes respuestas posibles:

  • Review the IPS console

  • Use a third-party to audit the next-generation firewall rules

  • View the alert on the IPS

  • Review the IPS log

  • Use a third-party system to perform penetration testing

Explicación

Pregunta 23 de 50 Pregunta 23 de 50

1

Which statement provides the best definition of malware?

Selecciona una de las siguientes respuestas posibles:

  • Malware is tools and applications that remove unwanted programs

  • Malware is a collection of worms, viruses, and Trojan horses that is distributed as a single package

  • Malware is unwanted software that is harmful or destructive

  • Malware is software used by nation states to commit cyber crimes

Explicación

Pregunta 24 de 50 Pregunta 24 de 50

1

How can FirePOWER block malicious email attachments?

Selecciona una de las siguientes respuestas posibles:

  • It send the traffic through a file policy

  • It scans inbound email messages for known bad URLs

  • It send an alert to the administrator to verify suspicious email messages

  • It forwards email requrests to an external signature engine.

Explicación

Pregunta 25 de 50 Pregunta 25 de 50

1

A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting?

Selecciona una de las siguientes respuestas posibles:

  • Instruct the user to reconnect to the VPN gateway

  • Reboot the VPN gateway

  • Ensure that the RDP2 plug-in is installed on the VPN gateway

  • Ensure that the RDP plug-in is installed on the VPN gateway

Explicación

Pregunta 26 de 50 Pregunta 26 de 50

1

Refer to the following commands:

crypto map mymap match address 201
access-list 201 permit ip 10.10.10.0 255.255.255.0 10.100.100.0 255.255.255.0

What is the effect of the given command sequence?

Selecciona una de las siguientes respuestas posibles:

  • It defines IPsec policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24

  • It defines IPsec policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24

  • It defines IKE policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24

  • It defines IKE policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24

Explicación

Pregunta 27 de 50 Pregunta 27 de 50

1

Which Cisco Security Manager application collects information about the device status and uses it to generate notifications and alerts?

Selecciona una de las siguientes respuestas posibles:

  • FlexConfig

  • Device Manager

  • Report Manager

  • Health and Performance monitor

Explicación

Pregunta 28 de 50 Pregunta 28 de 50

1

You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?

Selecciona una de las siguientes respuestas posibles:

  • Enable URL filtering and use URL categorization to block the websites that violate company policy.

  • Enable URL filtering and create a whitelist to block websites that violate company policy.

  • Enable URL filtering and use URL categorization to allow only the websites that company policy allows users to access

  • Enable URL filtering and create a blacklist to block the websites that violate company policy

  • Enable URL filtering and create a whitelist to allow only the websites that company policy allows users to access

Explicación

Pregunta 29 de 50 Pregunta 29 de 50

1

Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?

Selecciona una de las siguientes respuestas posibles:

  • Monitor

  • Allow without inspection

  • Trust

  • Allow with inspection

  • Block

Explicación

Pregunta 30 de 50 Pregunta 30 de 50

1

You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security intelligence iP Address Reputation. A user calls and is not able to access a certain IP Address. What action can you take to allow the user access to the IP address?

Selecciona una de las siguientes respuestas posibles:

  • Create a network based access control rule to allow the traffic

  • Create a user based access control rule to allow the traffic

  • Create a whitelist and add the appropriate IP address to allow the traffic

  • Create a rule to bypass inspection to allow the traffic

  • Create a custom blacklist to allow the traffic

Explicación

Pregunta 31 de 50 Pregunta 31 de 50

1

Refer to the following commands:

authentication event fail action next-method
authentication event no-response action authorize vlan 101
authentication order mab dot1x webauth
authentication priority dot1x mab
authentication port-control auto
dot1x pae authenticator

If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?

Selecciona una de las siguientes respuestas posibles:

  • The switch will cycle through the configured authentication methods indefinitely.

  • The authentication attempt will time out and the switch will place the port into VLAN 101.

  • The authentication attempt will time out and the switch will place the port into unauthorized state.

  • The supplicant will fail to advance beyond the webauth method

Explicación

Pregunta 32 de 50 Pregunta 32 de 50

1

In which stage on an attack does the attacker discover devices on a target network?

Selecciona una de las siguientes respuestas posibles:

  • Reconnaissance

  • Maintaining access

  • Covering tracks

  • Gaining access

Explicación

Pregunta 33 de 50 Pregunta 33 de 50

1

Which statement about personal firewalls is true?

Selecciona una de las siguientes respuestas posibles:

  • They can protect a system by denying probing requests.

  • They are resilient against kernel attacks.

  • They can protect email messages and private documents in a similar way to a VPN.

  • They can protect the network against attacks.

Explicación

Pregunta 34 de 50 Pregunta 34 de 50

1

What is a possible reason for the error message:

Router(config)#aaa server?
% Unrecognized command

Selecciona una de las siguientes respuestas posibles:

  • The router is a new device on which the aaa new-model command must be applied before continuing

  • The command is invalid on the target device

  • The command syntax requires a space after the word "server"

  • The router is already running the latest operating system

Explicación

Pregunta 35 de 50 Pregunta 35 de 50

1

Which command is needed to enable SSH support on a Cisco Router?

Selecciona una de las siguientes respuestas posibles:

  • crypto key generate rsa

  • crypto key unlock rsa

  • crypto key zeorize rsa

  • crypto key lock rsa

Explicación

Pregunta 36 de 50 Pregunta 36 de 50

1

What is the transition order of STP in states on a Layer 2 switch interface?

Selecciona una de las siguientes respuestas posibles:

  • blocking, listening, learning, forwarding, disabled

  • forwarding, listening, learning, blocking, disabled

  • listening, learning, blocking, forwarding, disabled

  • listening, blocking, learning, forwarding, disabled

Explicación

Pregunta 37 de 50 Pregunta 37 de 50

1

Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?

Selecciona una de las siguientes respuestas posibles:

  • Promiscuous for hosts in the PVLAN

  • Isolated for hosts in the PVLAN

  • Span for hosts in the PVLAN

  • Community for hosts in the PVLAN

Explicación

Pregunta 38 de 50 Pregunta 38 de 50

1

What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

Selecciona una de las siguientes respuestas posibles:

  • 10 seconds

  • 5 seconds

  • 15 seconds

  • 20 seconds

Explicación

Pregunta 39 de 50 Pregunta 39 de 50

1

Refer to the following output:

R1>show clock detail
.22.22:35.123 UTC Tue Feb 26 2013
Time source is NTP

Which statement about the device time is true?

Selecciona una de las siguientes respuestas posibles:

  • The time is authoritative because the clock is in sync

  • The clock is out of sync

  • The time is not authoritative

  • The time is authoritative, but the NTP process has lost contact with its servers

  • NTP is configured incorrectly

Explicación

Pregunta 40 de 50 Pregunta 40 de 50

1

Refer to the following output:

209.114.111.1 configured, ipv4, sane, valid, stratum 2
ref ID 132.163.4.103 , time D7AD124D.9D6FC576 (03:17:33.614 UTC Sun Aug 31 2014)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 46.34 msec, root disp 23.52, reach 1, sync dist 268.59
delay 63.27msec, offset 7.9817 msec, dispersion 107.56, jitter 2.07 msec
precision 2**23, version 4

204.2.134.164 configured, ipv4, sane, valid, stratum 2
ref ID 10.241.199.164.101, time D7AD1419.9EB5272B (03:25:13.619 UTC Sun Aug 31 2014)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 256
root delay 30.83 msec, root disp 4.88, reach 1, sync dist 223.80
delay 58.68msec, offset 6.4331 msec, dispersion 187.55, jitter 1.38 msec
precision 2**20, version 4

192.168.10.7 configured, ipv4, our_master, sane, valid, stratum 3
ref ID 106.61.73.243 , time D7AD0D8F.AE79A23A (02:57:19.681 UTC Sun Aug 31 2014)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 86.45 msec, root disp 87.82, reach 377, sync dist 134.25
delay 0.89 msec, offset 19.5087 msec, dispersion 1.69, jitter 0.84 msec
precision 2**32, version 4

With which NTP server has the router synchronized?

Selecciona una de las siguientes respuestas posibles:

  • 209.114.111.1

  • 241.199.164.101

  • 132.163.4.103

  • 192.168.10.7

  • 204.2.134.164

  • 108.61.73.243

Explicación

Pregunta 41 de 50 Pregunta 41 de 50

1

For what reason would you configure multiple security contexts on the ASA firewall?

Selecciona una de las siguientes respuestas posibles:

  • To provide redundancy and high availability within the organization.

  • To separate different departments and business units

  • To enable the use of multicast routing and QoS through the firewall

  • To enable the use of VRFs on routers that are adjacently connected

Explicación

Pregunta 42 de 50 Pregunta 42 de 50

1

Which type of encryption technology has the broadest platform support to protect operating systems?

Selecciona una de las siguientes respuestas posibles:

  • middleware

  • file-level

  • hardware

  • software

Explicación

Pregunta 43 de 50 Pregunta 43 de 50

1

Which type of security control is defense in depth?

Selecciona una de las siguientes respuestas posibles:

  • Overt and covert channels

  • Risk analysis

  • Botnet mitigation

  • Threat mitigation

Explicación

Pregunta 44 de 50 Pregunta 44 de 50

1

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

Selecciona una de las siguientes respuestas posibles:

  • Deploy an antimalware system

  • Enable bypass mode

  • Perform a Layer 6 reset

  • Deny the connection inline

Explicación

Pregunta 45 de 50 Pregunta 45 de 50

1

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

Selecciona una de las siguientes respuestas posibles:

  • Inline Normalization

  • Rate-Based Prevention

  • IP Defragmentation

  • Portscan Detection

Explicación

Pregunta 46 de 50 Pregunta 46 de 50

1

What is a potential drawback to leaving VLAN 1 as the native VLAN?

Selecciona una de las siguientes respuestas posibles:

  • Gratititous ARPs might be able to conduct a man-in-the-middle attack.

  • It may be susceptible to a VLAN hopping attack.

  • VLAN 1 might be vulnerable to IP Address spoofing.

  • The CAM might be overloaded, effectively turning the switch into a hub.

Explicación

Pregunta 47 de 50 Pregunta 47 de 50

1

Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path?

Selecciona una de las siguientes respuestas posibles:

  • IP Source Guard

  • TrustSec

  • Unicast Reverse Path Forwarding

  • Unidirectional Link Detection

Explicación

Pregunta 48 de 50 Pregunta 48 de 50

1

If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?

Selecciona una de las siguientes respuestas posibles:

  • Loop guard

  • BPDU Guard

  • EtherChannel guard

  • PortFast

Explicación

Pregunta 49 de 50 Pregunta 49 de 50

1

How does the Cisco ASA use Active Directory to authorize VPN users?

Selecciona una de las siguientes respuestas posibles:

  • It queries the Active Directory server for a specific attribute for the specified user

  • It send the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server

  • It redirects requests to the Active Directory server defined for the VPN group.

  • It downloads and stores the Active Directory database to query for future authorization requests

Explicación

Pregunta 50 de 50 Pregunta 50 de 50

1

What command can you use to verify the binding table status?

Selecciona una de las siguientes respuestas posibles:

  • show ip dhcp snooping statistics

  • show ip dhcp snooping database

  • show ip dhcp source binding

  • show ip dhcp pool

  • show ip dhcp snooping binding

  • show ip dhcp snooping

Explicación