Mike M
Test por , creado hace más de 1 año

This exam tests the candidate's knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, and endpoint security using: SIEM Technology Cloud & Virtual Network Topologies BYOD Identity Services Engine 802.1x Authentication Cisco FirePOWER Anti-Malware/Cisco Advanced Malware Protection From Cisco.PracticeTest.210-260.v2016-07-06.by.Noah.154q.vce

6011
21
2
Mike M
Creado por Mike M hace alrededor de 8 años
Cerrar

CCNA Security 210-260 IINS - Exam 3

Pregunta 1 de 54

1

Which command verifies phase 1 of an IPsec VPN on a Cisco router

Selecciona una de las siguientes respuestas posibles:

  • show crypto ipsec sa

  • show crypto map

  • show crypto isakmp sa

  • show crypto engine connection active

Explicación

Pregunta 2 de 54

1

What is a benefit of a web application firewall?

Selecciona una de las siguientes respuestas posibles:

  • It blocks known vulnerabilities without patching applications

  • It supports all networking protocols.

  • It accelerates web traffic

  • It simplifies troubleshooting

Explicación

Pregunta 3 de 54

1

Refer to the following output:

dst src state conn-id slot
10.10.10.2 10.1.1.5 QM_IDLE 1 0

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

Selecciona una de las siguientes respuestas posibles:

  • IPsec Phase 1 is down due to a QM_IDLE state

  • IPsec Phase 1 is established between 10.10.10.2 and 10.1.1.5

  • IPsec Phase 2 is down due to a QM_IDLE state

  • IPsec Phase 2 is established between 10.10.10.2 and 10.1.1.5

Explicación

Pregunta 4 de 54

1

Which statement about PVLAN isolated port configured on a switch is true?

Selecciona una de las siguientes respuestas posibles:

  • The isolated port can communicate only with community ports

  • The isolated port can communicate only with other isolated ports

  • The isolated port can communicate with other isolated ports and the promiscuous port

  • The isolated port can communicate only with the promiscuous port

Explicación

Pregunta 5 de 54

1

What can the SMTP preprocessor in FirePOWER normalize?

Selecciona una de las siguientes respuestas posibles:

  • It can lookup the email sender

  • It can extract and decode email attachments in client to server traffic

  • It compares known threats to the email sender

  • It uses Traffic Anomaly Detector

  • It can forward the SMTP traffic to an email filter server

Explicación

Pregunta 6 de 54

1

When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

Selecciona una de las siguientes respuestas posibles:

  • STP selects the designated port

  • STP elects the root bridge

  • STP selects the root port

  • STP blocks one of the ports

Explicación

Pregunta 7 de 54

1

Which statement correctly describes the function of a private VLAN?

Selecciona una de las siguientes respuestas posibles:

  • A private VLAN enables the creation of multiple VLANs using one broadcast domain.

  • A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains.

  • A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain

  • A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains

Explicación

Pregunta 8 de 54

1

What is the purpose of a honeypot IPS?

Selecciona una de las siguientes respuestas posibles:

  • To create customized policies

  • To detect unknown attacks

  • To normalize streams

  • To collect information about attacks

Explicación

Pregunta 9 de 54

1

Which protocol provides security to Secure Copy?

Selecciona una de las siguientes respuestas posibles:

  • ESP

  • HTTPS

  • SSH

  • IPsec

Explicación

Pregunta 10 de 54

1

Which address block is reserved for locally assigned unique local addresses?

Selecciona una de las siguientes respuestas posibles:

  • FD00::/8

  • 2002::/16

  • FB00::/8

  • 2001::32

Explicación

Pregunta 11 de 54

1

Which tool can an attacker use to attempt a DDoS attack?

Selecciona una de las siguientes respuestas posibles:

  • Botnet

  • Trojan horse

  • Virus

  • Adware

Explicación

Pregunta 12 de 54

1

How does a device on a network using ISE receive its digital certificate during the new device registration process?

Selecciona una de las siguientes respuestas posibles:

  • ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server

  • ISE issues a certificate from its internal CA server

  • ISE issues a pre-defined certificate from a local database

  • The device requests a new certificate directly from a central CA

Explicación

Pregunta 13 de 54

1

Refer to the following output for R1 and R2:

R1
interface GigabitEthernet 0/0
ip address 10.20.20.4 255.255.255.0

crypto isakmp policy 1
authenticaiton pre-share
lifetime 84600
crypto isakmp key test67890 address 10.20.20.4

R2
interface GigabitEthernet 0/0
ip address 10.20.20.4 255.255.255.0

crypto isakmp policy 10
authentication pre-share
lifetime 84600
crypto isakmp key test12345 address 10.30.30.5

You have configured R1 and R2 as shown but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?

Selecciona una de las siguientes respuestas posibles:

  • Edit the crypto keys on R1 and R2 to match

  • Edit the ISAKMP policy sequence numbers on R1 and R2 to match

  • Set a valid value for the crypto key lifetime on each router

  • Edit the crypto isakmp key command on each router with the address value of it's own interface

Explicación

Pregunta 14 de 54

1

Refer to the following output:

current_peer: 10.1.1.5
PERMIT, flags={origin_is_acl,)
#pkts encaps: 1205, #pkts encrypt: 1205, #pkts digest 1205
#pkts decaps: 1168, #pkts decrypt 1168, #pkts verify 1168
#pkts compressed: 0, #pkts decompressed: 0
#pkts not complressed: 0, #pkts compr. failed: 0
#pkts decompress failed: 0, #send errors 0, #recv errors 0
local crypto endpt.: 10.1.1.1, remote crypto endpt.: 10.1.1.5

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?

Selecciona una de las siguientes respuestas posibles:

  • IPsec Phase 2 is established between 10.1.1.1 and 10.1.1.5

  • ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1

  • IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5

  • IPsec Phase 2 is down due to a mismatch between encrypted and descrypted packets

Explicación

Pregunta 15 de 54

1

In a security context, which action can you take to address compliance?

Selecciona una de las siguientes respuestas posibles:

  • Implement rules to prevent a vulnerability

  • Correct or counteract a vulnerability

  • Reduce the severity of a vulnerability

  • Follow directions from the security appliance manufacturer to remediate a vulnerability

Explicación

Pregunta 16 de 54

1

Which IPS mode provides the maximum number of actions?

Selecciona una de las siguientes respuestas posibles:

  • Inline

  • Promiscuous

  • Span

  • Failover

  • Bypass

Explicación

Pregunta 17 de 54

1

By which kind of threat the victim is tricked into entering username and password information at a disguised website?

Selecciona una de las siguientes respuestas posibles:

  • Spoofing

  • Malware

  • Spam

  • Phishing

Explicación

Pregunta 18 de 54

1

Which technology can be used to rate data fidelity and provide and authenticated hash for data?

Selecciona una de las siguientes respuestas posibles:

  • File reputation

  • File analysis

  • Signature updates

  • Network blocking

Explicación

Pregunta 19 de 54

1

In which type of attack does an attacker send email messages that ask the recipient to click a link such as https://www.cisco.net.cc/securelogon?

Selecciona una de las siguientes respuestas posibles:

  • Phishing

  • Pharming

  • Solicitation

  • Secure transaction

Explicación

Pregunta 20 de 54

1

What configuration allows AnyConnect to automatically establish a VPN session when a user logs into the computer?

Selecciona una de las siguientes respuestas posibles:

  • Always-on

  • Proxy

  • Transparent Mode

  • Trusted Network Detection

Explicación

Pregunta 21 de 54

1

Which source port does IKE use when NAT has been detected between two VPN gateways?

Selecciona una de las siguientes respuestas posibles:

  • TCP 4500

  • TCP 500

  • UDP 4500

  • UDP 500

Explicación

Pregunta 22 de 54

1

Refer to the following commands:

Username Engineer privilege 9 password 0 configure
Username Monitor privilege 8 password 0 watcher
Username HelpDesk privilege 6 password help
Privilege exec level 6 show running
Privilege exec level 7 show start-up
Privilege exec level 9 configure terminal
Privilege exec level 10 interface

Which line in this configuration prevents the HelpDesk user from modifying the interface configuration

Selecciona una de las siguientes respuestas posibles:

  • Privilege exec level 9 configure terminal

  • Privilege exec level 10 interface

  • Username HelpDesk privilege 6 password help

  • Privilege exec level 7 show start-up

Explicación

Pregunta 23 de 54

1

Which statement about extended access lists is true?

Selecciona una de las siguientes respuestas posibles:

  • Extended access lists perform filtering that is based on source and destination and are most effective when applied closest to the destination.

  • Extended access lists perform filtering that is based on source and destination and are most effective when applied to the source.

  • Extended access lists perform filtering that is based on destination and are most effective when applied to the source.

  • Extended access lists perform filtering that is based on source and are most effective when applied to the destination,

Explicación

Pregunta 24 de 54

1

What is the Cisco preferred countermeasure to mitigate CAM overflows?

Selecciona una de las siguientes respuestas posibles:

  • Port security

  • Dynamic port security

  • IP source guard

  • Root guard

Explicación

Pregunta 25 de 54

1

A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware?

Selecciona una de las siguientes respuestas posibles:

  • Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list.

  • Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router's local URL list.

  • Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall's local URL list

  • Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router.

  • Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.

Explicación

Pregunta 26 de 54

1

Which feature filters CoPP packets?

Selecciona una de las siguientes respuestas posibles:

  • Access control lists

  • Class maps

  • Policy maps

  • Route maps

Explicación

Pregunta 27 de 54

1

Refer to the following output:

dst src state conn-id slot
10.10.10.2 10.1.1.5 MM_NO_STATE 1 0

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

Selecciona una de las siguientes respuestas posibles:

  • IKE Phase 1 main mode was created on 10.1.1.5, but failed to negotiate with 10.10.10.2

  • IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2

  • IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2

  • IKE Phase 1 aggressive has successfully negotiated between 10.1.1.5 and 10.10.10.2

Explicación

Pregunta 28 de 54

1

Refer to the following output:

R1#show snmp
0 SNMP packets input
6 Bad SNMP version errors
3 Unknown community name
9 Illegal operation for community name supplied
4 Encoding errors
2 Number of requested variables
0 Number of altered variables
98 Get-request PDUs
12 Get-next PDUs
2 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
31 Response PDUs
1 Trap PDUs

How many times was a read-only string used to attempt a write operation?

Selecciona una de las siguientes respuestas posibles:

  • 9

  • 6

  • 4

  • 3

  • 2

  • 0

Explicación

Pregunta 29 de 54

1

After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?

Selecciona una de las siguientes respuestas posibles:

  • The secure boot-image command is configured

  • The secure boot-comfit command is configured

  • The confreg 0x24 command is configured

  • The reload command was issued from ROMMON

Explicación

Pregunta 30 de 54

1

When a company puts a security policy in place, what is the effect on the company's business?

Selecciona una de las siguientes respuestas posibles:

  • Minimizing risk

  • Minimizing total cost of ownership

  • Minimizing liability

  • Maximizing compliance

Explicación

Pregunta 31 de 54

1

What security feature allows a private IP address to access the internet by translating it to a public address?

Selecciona una de las siguientes respuestas posibles:

  • NAT

  • Hairpinning

  • Trusted Network Detection

  • Certification Authority

Explicación

Pregunta 32 de 54

1

Which type of mirroring does SPAN technology perform?

Selecciona una de las siguientes respuestas posibles:

  • Remote mirroring over Layer 2

  • Remote mirroring over Layer 3

  • Local mirroring over Layer 2

  • Local mirroring over Layer 3

Explicación

Pregunta 33 de 54

1

If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?

Selecciona una de las siguientes respuestas posibles:

  • The trunk port would go into an error-disabled state

  • A VLAN hopping attack would be successful

  • A VLAN hopping attack would be prevented

  • The attacker VLAN will be pruned

Explicación

Pregunta 34 de 54

1

What is the most common Cisco Discovery Protocol version 1 attack?

Selecciona una de las siguientes respuestas posibles:

  • Denial of Service

  • MAC-Address spoofing

  • CAM-table overflow

  • VLAN hopping

Explicación

Pregunta 35 de 54

1

Refer to the following commands:

Username HelpDesk privilege 9 password 0 helpdesk
Username Monitor privilege 8 password 0 watcher
Username Admin password checkme
Username Admin privilege 6 autocommand show running
Privilege exec level 6 configure terminal

The Admin user is unable to enter configuration mode on a device with the given configuration. What change can you make to the configuration to correct the problem?

Selecciona una de las siguientes respuestas posibles:

  • Remove the autocommand keyword and arguments from the username admin privilege line.

  • Change the Privilege exec level value to 15

  • Remove the two Username Admin lines

  • Remove the Privilege exec line

Explicación

Pregunta 36 de 54

1

On which Cisco Configuration Professional screen do you enable AAA?

Selecciona una de las siguientes respuestas posibles:

  • AAA Summary

  • AAA Servers and Groups

  • Authentication Policies

  • Authorization Policies

Explicación

Pregunta 37 de 54

1

Which type of IPS can identify worms that are propagating in a network?

Selecciona una de las siguientes respuestas posibles:

  • Policy-based IPS

  • Anomaly-based IPS

  • Reputation-based IPS

  • Signature-based IPS

Explicación

Pregunta 38 de 54

1

In the following command:

router OSPF 200

What does the value 200 stand for?

Selecciona una de las siguientes respuestas posibles:

  • Process ID

  • Area ID

  • Administrative Distance Value

  • ABR ID

Explicación

Pregunta 39 de 54

1

Which statement about the communication between interfaces of the same security level is true?

Selecciona una de las siguientes respuestas posibles:

  • Interfaces on the same security level require additional configuration to permit interface communication.

  • Configuring interfaces on the same security level can use asymmetric routing.

  • All traffic is allowed by default between interfaces on the same security level.

  • You can configure only one interface on an individual security level.

Explicación

Pregunta 40 de 54

1

Which wildcard mask is associated with a subnet mask of /27

Selecciona una de las siguientes respuestas posibles:

  • 0.0.0.31

  • 0.0.0.27

  • 0.0.0.224

  • 0.0.0.255

Explicación

Pregunta 41 de 54

1

Which option describes information that must be considered when you apply an access list to a physical interface?

Selecciona una de las siguientes respuestas posibles:

  • Protocol used for filtering

  • Direction of the access class

  • Direction of the access group

  • Direction of the access list

Explicación

Pregunta 42 de 54

1

What is the purpose of the integrity component of the CIA triad?

Selecciona una de las siguientes respuestas posibles:

  • To ensure that only authorized parties can modify data

  • To determine whether data is relevant

  • To create a process for accessing data

  • To ensure that only authorized parties can view the data

Explicación

Pregunta 43 de 54

1

How does PEAP protect the EAP exchange?

Selecciona una de las siguientes respuestas posibles:

  • It encrypts the exchange using the server certificate

  • It encrypts the exchange using the client certificate

  • It validated the server-supplied certificate, and then encrypts the exchange using the client side certificate.

  • It validates the client-supplied certificate, and then encrypts the exchange using the server certificate.

Explicación

Pregunta 44 de 54

1

If the native VLAN on a trunk is different on each end of the link, what is a potential consequence?

Selecciona una de las siguientes respuestas posibles:

  • The interface on both switches may shut down

  • STP loops may occur

  • The switch with the higher native VLAN may shut down

  • The switch with the lower native VLAN may shut down

Explicación

Pregunta 45 de 54

1

How does a zone-based firewall implementation handle traffic between interfaces in the same zone?

Selecciona una de las siguientes respuestas posibles:

  • Traffic between two interfaces in the same zone is allowed by default.

  • Traffic between interfaces in the same zone is blocked unless you configure the same security permit command,

  • Traffic between interfaces in the same zone is always blocked.

  • Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.

Explicación

Pregunta 46 de 54

1

Refer to the following commands:

tacacs server tacacs1
address ipv4 1.1.1.1
timeout 20
single-connection

tacacs server tacacs2
address ipv4 2.2.2.2
timeout 20
single-connection

tacacs server tacacs3
address ipv4 3.3.3.3
timeout 20
single-connection

Which statement about the given configuration is true?

Selecciona una de las siguientes respuestas posibles:

  • The single-connection command causes the device to establish one connection for all TACACS translations.

  • The single-connection command causes the device to process one TACACS request and then move to the next server.

  • The timeout command causes the device to move to the next server after 20 seconds of TACACS inactivity

  • The router communicates with the NAS on the default port, TCP 1645

Explicación

Pregunta 47 de 54

1

In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?

Selecciona una de las siguientes respuestas posibles:

  • MAC spoofing

  • Gratuitous ARP

  • MAC flooding

  • DoS

Explicación

Pregunta 48 de 54

1

Which syslog severity level is level number 7?

Selecciona una de las siguientes respuestas posibles:

  • Warning

  • Informational

  • Notification

  • Debugging

Explicación

Pregunta 49 de 54

1

Refer to the following output:

UDP outside 205.165.201.225:53 inside 10.0.0.10:52464, idle 0:00:01, bytes 266, flags -

What type of firewall would use the given configuration line?

Selecciona una de las siguientes respuestas posibles:

  • A stateful firewall

  • A personal firewall

  • A proxy firewall

  • An application firewall

  • A stateless firewall

Explicación

Pregunta 50 de 54

1

Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?

Selecciona una de las siguientes respuestas posibles:

  • Contextual analysis

  • Holistic understanding of threats

  • Graymail management and filtering

  • Signature-based IPS

Explicación

Pregunta 51 de 54

1

Which Sourcefire logging action should you choose to record the most detail about a connection?

Selecciona una de las siguientes respuestas posibles:

  • Enable logging at the end of the session

  • Enable logging at the beginning of the session

  • Enable alerts via SNMP to log events off-box

  • Enable eStreamer to log events off-box

Explicación

Pregunta 52 de 54

1

When is the best time to perform an anti-virus signature update?

Selecciona una de las siguientes respuestas posibles:

  • Every time a new update is available

  • When the local scanner has detected a new virus

  • When a new virus is discovered in the wild

  • When the system detects a browser hook

Explicación

Pregunta 53 de 54

1

Which command initializes a lawful intercept view?

Selecciona una de las siguientes respuestas posibles:

  • username cisco1 view lawful-intercept password cisco

  • parser view cisco li-view

  • li-view cisco user cisco1 password cisco

  • parser view li-view inclusive

Explicación

Pregunta 54 de 54

1

Which type of firewall can act on behalf of the end device?

Selecciona una de las siguientes respuestas posibles:

  • Stateful packet

  • Application

  • Packet

  • Proxy

Explicación