Exact2pass Cisco-210-260
Transcription
Exact2pass Cisco-210-260
Cisco 210-260 Implementing Cisco Network Security Web: www.exact2pass.com Version: Demo Email: support@exact2pass.com [ Total Questions: 10] IMPORTANT NOTICE Feedback We have developed quality product and state-of-art service to ensure our customers interest. If you have any suggestions, please feel free to contact us at feedback@exact2pass.com Support If you have any questions about our product, please provide the following items: exam code screenshot of the question login id/email please contact us at support@exact2pass.com and our technical experts will provide support within 24 hours. Copyright The product of each order has its own encryption code, so you should use it independently. Any unauthorized changes will inflict legal punishment. We reserve the right of final explanation for this statement. Exact Questions Cisco - 210-260 Exam Topic Breakdown Exam Topic Number of Questions Topic 1 : Exam Pool A 3 Topic 4 : New Questions 3 Topic 2 : Exam Pool B 3 Topic 3 : Exam Pool C 1 TOTAL 10 Only exact questions will Pass You in Exam 1 of 47 Exact Questions Cisco - 210-260 Topic 1, Exam Pool A Question #:1 - (Exam Topic 1) Which two statements about Telnet access to the ASA are true? (Choose two). A. You may VPN to the lowest security interface to telnet to an inside interface. B. You must configure an AAA server to enable Telnet. C. You can access all interfaces on an ASA using Telnet. D. You must use the command virtual telnet to enable Telnet. E. Best practice is to disable Telnet and use SSH. Answer: A E Explanation The ASA allows Telnet and SSH connections to the ASA for management purposes. You cannot use Telnet to the lowest security interface unless you use Telnet inside an IPSec tunnel. Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ access_management.html#wp1054101 Question #:2 - (Exam Topic 1) What is the transition order of STP states on a Layer 2 switch interface? A. listening, learning, blocking, forwarding, disabled B. listening, blocking, learning, forwarding, disabled C. blocking, listening, learning, forwarding, disabled D. forwarding, listening, learning, blocking, disabled Answer: C Explanation STP switch port states: + Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm Only exact questions will Pass You in Exam 2 of 47 Exact Questions Cisco - 210-260 determines the port may transition to the forwarding state. BPDU data is still received in blocking state. Prevents the use of looped paths. + Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames. + Learning - While the port does not yet forward frames it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC address table, but does not forward frames. + Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop. + Disabled - Not strictly part of STP, a network administrator can manually disable a port Source: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol Question #:3 - (Exam Topic 1) Scenario In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation. To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. Only exact questions will Pass You in Exam 3 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 4 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 5 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 6 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 7 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 8 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 9 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 10 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 11 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 12 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 13 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 14 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 15 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 16 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 17 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 18 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 19 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 20 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 21 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 22 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 23 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 24 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 25 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 26 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 27 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 28 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 29 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 30 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 31 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 32 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 33 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 34 of 47 Exact Questions Cisco - 210-260 Which two statements regarding the ASA VPN configurations are correct? (Choose two) A. The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1. B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method. C. The Inside-SRV bookmark references thehttps://192.168.1.2URL D. Only Clientless SSL VPN access is allowed with the Sales group policy E. AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface F. The Inside-SRV bookmark has not been applied to the Sales group policy Answer: B C Explanation For B: Only exact questions will Pass You in Exam 35 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 36 of 47 Exact Questions Cisco - 210-260 For C, Navigate to the Bookmarks tab: Then hit “edit” and you will see this: Only exact questions will Pass You in Exam 37 of 47 Exact Questions Cisco - 210-260 Not A, as this is listed under the Identity Certificates, not the CA certificates: Only exact questions will Pass You in Exam 38 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 39 of 47 Exact Questions Cisco - 210-260 Note E: Only exact questions will Pass You in Exam 40 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 41 of 47 Exact Questions Only exact questions will Pass You in Exam Cisco - 210-260 42 of 47 Exact Questions Cisco - 210-260 Topic 4, New Questions Question #:4 - (Exam Topic 4) Which two statements about routed firewall mode are true? (Choose two.) A. By default, this mode permits most traffic to pass through the firewall. B. The mode allows the firewall to be added to an existing network with minimal additional configuration. C. The firewall acts as a routed hop in the network. D. This mode conceals the presence of the firewall E. The firewall requires a unique IP address for each interface. Answer: C E Question #:5 - (Exam Topic 4) Which two types of firewalls work at Layer 4 and above? (Choose two.) A. application-level firewall B. static packet filter C. stateful inspection D. Network Address Translation E. circuit-level gateway Answer: B C Explanation Dynamic or Stateful Packet-Filtering Firewalls Stateful inspection is a firewall architecture classified at the network layer; although, for some applications it can analyze traffic at Layers 4 and 5, too. Unlike static packet filtering, stateful inspection tracks each connection traversing all interfaces of the firewall and confirms that they are valid. Stateful packet filtering maintains a state table and allows modification to the security rules dynamically. The state table is part of the internal structure of the firewall. It tracks all sessions and inspects all packets passing through the firewall. Only exact questions will Pass You in Exam 43 of 47 Exact Questions Cisco - 210-260 Although this is the primary Cisco Firewall technology, it has some limitations: Cannot prevent application layer attacks. Not all protocols are stateful. Some applications open multiple connections. Does not support user authentication. http://www.ciscopress.com/articles/article.asp?p=1888110 Question #:6 - (Exam Topic 4) Which two parameters can you view in the Cisco ASDM Protocol Statistics window? (Choose two ) A. the number of active tunnels B. the number of rejected connection attempts C. the number of tunnels that have been established since the Cisco ASA was rebooted D. the number of closed tunnels E. the user attempting the connection Answer: A E Only exact questions will Pass You in Exam 44 of 47 Exact Questions Cisco - 210-260 Topic 2, Exam Pool B Question #:7 - (Exam Topic 2) Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other? A. community for hosts in the PVLAN B. promiscuous for hosts in the PVLAN C. isolated for hosts in the PVLAN D. span for hosts in the PVLAN Answer: A Explanation The types of private VLAN ports are as follows: + Promiscuous - The promiscuous port can communicate with all interfaces, including the community and isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated with the primary VLAN + Isolated - This port has complete isolation from other ports within the same private VLAN domain, except that it can communicate with associated promiscuous ports. + Community -- A community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports. These interfaces are isolated from all other interfaces in other communities and from all isolated ports within the private VLAN domain. Source: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/ CLIConfigurationGuide/PrivateVLANs.html#42874 Question #:8 - (Exam Topic 2) In which three ways does the RADIUS protocol differ from TACACS? (Choose three.) A. RADIUS uses UDP to communicate with the NAS. B. RADIUS encrypts only the password field in an authentication packet. C. RADIUS authenticates and authorizes simultaneously, causing fewer packets to be transmitted. D. Only exact questions will Pass You in Exam 45 of 47 Exact Questions Cisco - 210-260 D. RADIUS uses TCP to communicate with the NAS. E. RADIUS can encrypt the entire packet that is sent to the NAS. F. RADIUS supports per-command authorization. Answer: A B C Explanation Cisco Official Certification Guide, Table 3-2 TACACS+ Versus RADIUS, p.40 Question #:9 - (Exam Topic 2) In the router ospf 200 command, what does the value 200 stand for? A. process ID B. area ID C. administrative distance value D. ABR ID Answer: A Explanation Enabling OSPF SUMMARY STEPS 1. enable 2. configure terminal 3. router ospf process-id 4. network ip-address wildcard-mask area area-id 5. end Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/12-4t/iro-12-4t-book/irocfg.html Only exact questions will Pass You in Exam 46 of 47 Exact Questions Cisco - 210-260 Topic 3, Exam Pool C Question #:10 - (Exam Topic 3) Which NAT option is executed first during in case of multiple nat translations? A. dynamic nat with shortest prefix B. dynamic nat with longest prefix C. static nat with shortest prefix D. static nat with longest prefix Answer: D Only exact questions will Pass You in Exam 47 of 47 About exact2pass.com exact2pass.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam Questions, Study Guides, Practice Tests. We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on. View list of all certification exams: All vendors We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed below. Sales: sales@exact2pass.com Feedback: feedback@exact2pass.com Support: support@exact2pass.com Any problems about IT certification or our products, You can write us back and we will get back to you within 24 hours.