Press "Enter" to skip to content

how to use ccna security 210 260 pdf

Want to know Examcollection cisco ccna security 210 260 pdf Exam practice test features? Want to lear more about Cisco IINS Implementing Cisco Network Security certification experience? Study Breathing Cisco cisco ccna security 210 260 iins answers to Down to date cisco ccna security 210 260 pdf questions at Examcollection. Gat a success with an absolute guarantee to pass Cisco 210 260 iins pdf (IINS Implementing Cisco Network Security) test on your first attempt.

2018 NEW RECOMMEND

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on:
https://www.certshared.com/exam/210-260/

P.S. Breathing 210-260 pack are available on Google Drive, GET MORE: https://drive.google.com/open?id=15-c9rTF9Mlkw5H3RVg0ANt7WlKNsZNZm

New Cisco 210-260 Exam Dumps Collection (Question 1 – Question 10)

Question No: 1

Which two characteristics of the TACACS+ protocol are true? (Choose two.)

A. uses UDP ports 1645 or 1812

B. separates AAA functions

C. encrypts the body of every packet

D. offers extensive accounting capabilities

E. is an open RFC standard protocol

Answer: B,C

Explanation:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml Packet Encryption

RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.

TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications.

Authentication and Authorization RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.

TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.

During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.

Question No: 2

Which two statements about stateless firewalls are true? (Choose two.)

A. They compare the 5-tuple of each incoming packet against configurable rules.

B. They cannot track connections.

C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.

D. Cisco IOS cannot implement them because the platform is stateful by nature.

E. The Cisco ASA is implicitly stateless because it blocks all traffic by default.

Answer: A,B

Question No: 3

What are two default Cisco IOS privilege levels? (Choose two.)

A. 0

B. 1

C. 5

D. 7

E. 10

F. 15

Answer: B,F

Question No: 4

You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution.

Where in the network would be the best place to deploy Cisco IOS IPS?

A. Inside the firewall of the corporate headquarters Internet connection

B. At the entry point into the data center

C. Outside the firewall of the corporate headquarters Internet connection

D. At remote branch offices

Answer: D

Explanation:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.html

Product Overview

In today's business environment, network intruders and attackers can come from outside or

inside the network.

They can launch distributed denial-of-service attacks, they can attack Internet connections, and they can exploit network and host vulnerabilities. At the same time, Internet worms and viruses can spread across the world in a matter of minutes. There is often no time to wait for human intervention-the network itself must possess the intelligence to recognize and mitigate these attacks, threats, exploits, worms and viruses.

Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection-based solution that enables Cisco IOS Software to effectively mitigate a wide range of network attacks. While it is common practice to defend against attacks by inspecting traffic at data centers and corporate headquarters, distributing the network level defense to stop malicious traffic close to its entry point at branch or telecommuter offices is also critical. Cisco IOS IPS: Major Use Cases and Key Benefits

IOS IPS helps to protect your network in 5 ways:

Key Benefits:

u2022 Provides network-wide, distributed protection from many attacks, exploits, worms and viruses exploiting vulnerabilities in operating systems and applications.

u2022 Eliminates the need for a standalone IPS device at branch and telecommuter offices as well as small and medium-sized business networks.

u2022 Unique, risk rating based signature event action processor dramatically improves the ease of management of IPS policies.

u2022 Offers field-customizable worm and attack signature set and event actions.

u2022 Offers inline inspection of traffic passing through any combination of router LAN and WAN

interfaces in both directions.

u2022 Works with Cisco IOSu00ae Firewall, control-plane policing, and other Cisco IOS Software security features to protect the router and networks behind the router.

u2022 Supports more than 3700 signatures from the same signature database available for Cisco Intrusion Prevention System (IPS) appliances.

Question No: 5

Security well known terms Choose 2

A. Trojan

B. Phishing

C. Something LC

D. Ransomware

Answer: B,D

Question No: 6

Which of the following commands result in a secure bootset? (Choose all that apply.)

A. secure boot-set

B. secure boot-config

C. secure boot-files

D. secure boot-image

Answer: B,D

Question No: 7

Which type of layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?

A. BPDU attack

B. DHCP Starvation

C. CAM table overflow

D. MAC address spoofing

Answer: D

Question No: 8

CORRECT TEXT

Scenario

Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements.

New additional connectivity requirements:

Once the correct ASA configurations have been configured: To access ASDM, click the ASA icon in the topology diagram.

To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.

To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.

Note:

After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes.

Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements.

In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.

Answer:

Follow the explanation part to get answer on this sim question.

Explanation:

First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can be given any name.

Then, create the firewall rules to allow the HTTP access:

You can verify using the outside PC to HTTP into 209.165.201.30.

For step two, to be able to ping hosts on the outside, we edit the last service policy shown below:

And then check the ICMP box only as shown below, then hit Apply.

After that is done, we can pingwww.cisco.comagain to verify:

Question No: 9

Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method?

A. aaa authentication enable console LOCAL SERVER_GROUP

B. aaa authentication enable console SERVER_GROUP LOCAL

C. aaa authentication enable console local

D. aaa authentication enable console LOCAL

Answer: D

Question No: 10

When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

A. STP elects the root bridge

B. STP selects the root port

C. STP selects the designated port

D. STP blocks one of the ports

Answer: A

P.S. Easily pass 210-260 Exam with Surepassexam Breathing Dumps & pdf vce, Try Free: https://www.surepassexam.com/210-260-exam-dumps.html (310 New Questions)