Cisco 210-260 Online Practice Questions and Exam Preparation

Cisco 210-260 Online Questions & Answers

• Question 281:

  What action must you take on the ISE to blacklist a wired device?

  A. Revoke the device's certificate so it is unable to authenticate to the network
  B. Issue a CoA request for the device's MAC address to each access switch in the network
  C. Locate the switch through which the device is connected and push an ACL restricting all access by the device
  D. Add the device's MAC address to a list of blacklisted devices
  D. Add the device's MAC address to a list of blacklisted devices

• Question 282:

  Which option is a characteristic of the RADIUS protocol?

  A. uses TCP
  B. offers multiprotocol support
  C. combines authentication and authorization in one process
  D. supports bi-directional challenge
  C. combines authentication and authorization in one process

• Question 283:

  What are two well-known security terms? (Choose Two)

  A. Phishing.
  B. BPDU guard
  C. LACP
  D. ransomeware
  E. hair-pinning
  A. Phishing.
  D. ransomeware

• Question 284:

  Which type of layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?

  A. BPDU attack
  B. DHCP Starvation
  C. CAM table overflow
  D. MAC address spoofing
  D. MAC address spoofing

• Question 285:

  Which IPS mode is less secure than other options but allows optimal network throughput?

  A. promiscuous mode
  B. inline mode
  C. inline-bypass mode
  D. transparent mode.
  A. promiscuous mode

• Question 286:

  Refer to the exhibit. Which statement about the given configuration is true?

  

  A. The timeout command causes the device to move to the next server after 20 seconds of TACACS inactivity.
  B. The single-connection command causes the device to process one TACACS request and then move to the next server.
  C. The single-connection command causes the device to establish one connection for all TACACS transactions.
  D. The router communicates with the NAS on the default port, TCP 1645
  C. The single-connection command causes the device to establish one connection for all TACACS transactions.

• Question 287:

  What can cause the the state table of a stateful firewall to update? (choose two)

  A. when a connection is created
  B. When a connection's timer has expired within state table
  C. when packet is evaluated against the outbound access list and is denied
  D. when outbound packets forwarded to outbound interface
  E. when rate-limiting is applied
  A. when a connection is created
  B. When a connection's timer has expired within state table

• Question 288:

  How does a device on a network using ISE receive its digital certificate during the new-device registration process?

  A. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server
  B. The device request a new certificate directly from a central CA
  C. ISE issues a pre-defined certificate from a local database
  D. ISE issues a certificate from its internal CA server.
  A. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server

• Question 289:

  What is a possible reason for the error message? Router(config)#aaa server?% Unrecognized command

  A. The command syntax requires a space after the word "server"
  B. The command is invalid on the target device
  C. The router is already running the latest operating system
  D. The router is a new device on which the aaa new-model command must be applied before continuing
  D. The router is a new device on which the aaa new-model command must be applied before continuing

• Question 290:

  A user on your network inadvertently activates a botnet program that was received as an email attachment Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?

  A. network-based access control rule
  B. botnet traffic filter
  C. reputation-based
  D. user-based access control rule
  B. botnet traffic filter