Test Information:
Total Questions: 182
Test Number: 210-260
Vendor Name: Cisco
Cert Name : CCNA Security
Test Name: Implementing Cisco Network Security
Official Site: http://www.certsgrade.com
For
More Details: http://www.certsgrade.com/pdf/210-260/
Question: 1
Which two
services define cloud networks? (Choose two.)
A.
Infrastructure as a Service
B.
Platform as a Service
C.
Security as a Service
D. Compute
as a Service
E. Tenancy
as a Service
Answer: A,B
Question: 2
In which
two situations should you use out-of-band management? (Choose two.)
A. when a
network device fails to forward packets
B. when
you require ROMMON access
C. when
management applications need concurrent access to the device
D. when
you require administrator access from multiple locations
E. when
the control plane fails to respond
Answer: A,B
Question: 3
In which
three ways does the TACACS protocol differ from RADIUS? (Choose three.)
A. TACACS
uses TCP to communicate with the NAS.
B. TACACS
can encrypt the entire packet that is sent to the NAS.
C. TACACS
supports per-command authorization.
D. TACACS
authenticates and authorizes simultaneously, causing fewer packets to be
transmitted.
E. TACACS
uses UDP to communicate with the NAS.
F. TACACS
encrypts only the password field in an authentication packet.
Answer: A,B,C
Question: 4
According
to Cisco best practices, which three protocols should the default ACL allow on
an access port to enable wired BYOD devices to supply valid credentials and
connect to the network? (Choose three.)
A. BOOTP
B. TFTP
C. DNS
D. MAB
E. HTTP
F. 802.1x
Answer: A,B,C
Question: 5
Which two
next-generation encryption algorithms does Cisco recommend? (Choose two.)
A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384
Answer: A,F
Question: 6
Which
three ESP fields can be encrypted during transmission? (Choose three.)
A.
Security Parameter Index
B.
Sequence Number
C. MAC
Address
D. Padding
E. Pad
Length
F. Next
Header
Answer: D,E,F
Question: 7
What are
two default Cisco IOS privilege levels? (Choose two.)
A. 0
B. 1
C. 5
D. 7
E. 10
F. 15
Answer: B,F
Question: 8
Which two
authentication types does OSPF support? (Choose two.)
A.
plaintext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES
Answer: A,B
Question: 9
Which two
features do CoPP and CPPr use to protect the control plane? (Choose two.)
A. QoS
B. traffic
classification
C. access
lists
D. policy
maps
E. class
maps
F. Cisco
Express Forwarding
Answer: A,B
Question: 10
Which two
statements about stateless firewalls are true? (Choose two.)
A. They
compare the 5-tuple of each incoming packet against configurable rules.
B. They
cannot track connections.
C. They
are designed to work most efficiently with stateless protocols such as HTTP or
HTTPS.
D. Cisco
IOS cannot implement them because the platform is stateful by nature.
E. The
Cisco ASA is implicitly stateless because it blocks all traffic by default.
Answer: A,B
Question: 11
Which
three statements about host-based IPS are true? (Choose three.)
A. It can
view encrypted files.
B. It can
have more restrictive policies than network-based IPS.
C. It can
generate alerts based on behavior at the desktop level.
D. It can
be deployed at the perimeter.
E. It uses
signature-based policies.
F. It
works with deployed firewalls.
Answer: A,B,C
Question: 12
What three
actions are limitations when running IPS in promiscuous mode? (Choose three.)
A. deny
attacker
B. deny
packet
C. modify
packet
D. request
block connection
E. request
block host
F. reset
TCP connection
Answer: A,B,C
Question: 13
When an
IPS detects an attack, which action can the IPS take to prevent the attack from
spreading?
A. Deny
the connection inline.
B. Perform
a Layer 6 reset.
C. Deploy
an antimalware system.
D. Enable
bypass mode.
Answer: A
Question: 14
What is an
advantage of implementing a Trusted Platform Module for disk encryption?
A. It
provides hardware authentication.
B. It
allows the hard disk to be transferred to another device without requiring
re-encryption.dis
C. It
supports a more complex encryption algorithm than other disk-encryption
technologies.
D. It can
protect against single points of failure.
Answer: A
Question: 15
What is
the purpose of the Integrity component of the CIA triad?
A. to
ensure that only authorized parties can modify data
B. to
determine whether data is relevant
C. to
create a process for accessing data
D. to
ensure that only authorized parties can view data
Answer: A
Test Information:
Total Questions: 182
Test Number: 210-260
Vendor Name: Cisco
Cert Name : CCNA Security
Test Name: Implementing Cisco Network Security
Official Site: http://www.certsgrade.com
For
More Details: http://www.certsgrade.com/pdf/210-260/
Get20%
Immediate Discount on Full Training Material
Discount Coupon Code: 20off2016
No comments:
Post a Comment