210-260 Exam Details
-
Exam Code
:210-260 -
Exam Name
:Implementing Cisco Network Security -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:527 Q&As -
Last Updated
:Dec 12, 2021
Cisco 210-260 Online Questions & Answers
-
Question 221:
With which preprocesor do you detect incomplete TCP handshakes
A. rate based prevention
B. port scan detection -
Question 222:
Referencing the CIA model, in which scenario is a hash-only function most appropriate?
A. securing wireless transmissions.
B. securing data in files.
C. securing real-time traffic
D. securing data at rest -
Question 223:
Which two are considered basic security principles? (Choose two.)
A. Integrity
B. Confidentiality
C. Redundancy
D. Accountability
E. High Availability -
Question 224:
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
A. Stateful inspection of multicast traffic is supported only for the self zone
B. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone
C. Only control plane policing can protect the control plane against multicast traffic.
D. Stateful inspection of multicast traffic is supported only for the internal zone. -
Question 225:
What configs are under crypto map? (Choose two)
A. set peer
B. set host
C. set transform-set
D. inerface -
Question 226:
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.
B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.
C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.
D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59 00 local time on December 31, 2013.
E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.
F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely. -
Question 227:
How does PEAP protect the EAP exchange?
A. It encrypts the exchange using the server certificate.
B. It encrypts the exchange using the client certificate.
C. It validates the server-supplied certificate, and then encrypts the exchange using the client certificate.
D. It validates the client-supplied certificate, and then encrypts the exchange using the server certificate. -
Question 228:
In which three ways does the TACACS protocol differ from RADIUS? (Choose three)
A. TACACS uses TCP to communicate with the NAS
B. TACACS can encrypt the entire packet that is sent to the NAS
C. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted
D. TACACS uses UDP to communicate with the NAS
E. TACACS encrypts only the password field in an authentication packet
F. TACACS support per-command authorization -
Question 229:
Which Sourfire secure action should you choose if you want to block only malicious traffic from a particular end-user?
A. Trust
B. Block
C. Allow without inspection
D. Monitor
E. Allow with inspection -
Question 230:
Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows?
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2
B. IKE Phase 1 main mode has successfully negotiate between 10.1.1.5 and10.10.10.2
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2
D. IKE Phase 1 aggressive mode was create on 10.1.1.5, but it failed to negotiate with 10.10.10.2
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-260 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.