1. Home
  2. Cisco
  3. 210-260

Cisco 210-260 Online Practice Questions and Exam Preparation

210-260 Exam Details

  • Exam Code
    :210-260
  • Exam Name
    :Implementing Cisco Network Security
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :527 Q&As
  • Last Updated
    :Dec 12, 2021

Cisco 210-260 Online Questions & Answers

  • Question 301:

    Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?

    A. SDEE
    B. Syslog
    C. SNMP
    D. CSM

  • Question 302:

    Which two statements describe DHCP spoofing attacks? (Choose Two.)

    A. They can modify the flow of traffic in transit.
    B. They can access most network devices.
    C. They can physically modify the network gateway.
    D. They are used to perform man-in-the-middle attacks.
    E. They protect the identity of the attacker by masking the DHCP address.
    F. They use ARP poisoning.

  • Question 303:

    How does a zone-based firewall implementation handle traffic between Interfaces in the same Zone?

    A. traffic between interfaces in the same zone is blocked unless yoc configure the same-security permit command
    B. Traffic between interfaces in the same zone is always blocked
    C. Traffic between two interfaces in the same zone is allowed by default
    D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair

  • Question 304:

    In which two models can the Cisco Web Security Appliance be deployed? (Choose two.)

    A. as a transparent proxy using the Secure Sockets Layer protocol
    B. as a transparent proxy using the HyperText Transfer Protocol
    C. explicit active mode
    D. as a transparent proxy using the Web Cache Communication Protocol
    E. explicit proxy mode

  • Question 305:

    In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?

    A. MAC spoofing
    B. ARP spoofing
    C. CAM table overflow
    D. DHCP spoofing

  • Question 306:

    What is the potential drawback to leaving VLAN 1 as the native VLAN?

    A. Gratuitous ARPs might be able to conduct a man-in-the-middle attack.
    B. The CAM might be overloaded, effectively turning the switch into hub.
    C. VLAN 1 might be vulnerable to IP address spoofing
    D. It may be susceptible to a VLAN hopping attack

  • Question 307:

    SIMULATION

    Scenario

    Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements.

    New additional connectivity requirements:

    Currently, the ASA configurations only allow on the Inside and DMZ networks to access any hosts on the Outside. Your task is to use ASDM to configure the ASA to also allow any host only on the Outside to HTTP to the DMZ server. The

    hosts on the Outside will need to use the 209.165.201.30 public IP address when HTTPing to the DMZ server.

    Currently, hosts on the ASA higher security level interfaces are not able to ping any hosts on the lower security level interfaces. Your task in this simulation is to use ASDM to enable the ASA to dynamically allow the echo-reply responses

    back through the ASA.

    Once the correct ASA configurations have been configured:

    You can test the connectivity to http://209.165.201.2 from the Outside PC browser.

    You can test the pings to the Outside (www.cisco.com) by opening the inside PC command prompt window. In this simulation, only testing pings to www.cisco.com will work.

    To access ASDM, click the ASA icon in the topology diagram.

    To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.

    To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.

    Note:

    After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes.

    Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements.

    In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.

    A. Check the explanation

  • Question 308:

    How can you proect CDP from reconnaissance attacks?

    A. Enable dot1x on all ports that are connected to other switches.
    B. Disable CDP on ports connected to endpoints.
    C. Disbale CDP on trunk ports.
    D. Enable dynamic ARP inspection on all untrusted ports.

  • Question 309:

    Which Firepower Management Center feature detects and blocks exploits and hack attempts?

    A. intrusion prevention
    B. advanced malware protection
    C. content blocker
    D. file control

  • Question 310:

    Which command can you enter to verify the statistics of cisco IOS resilient configuration on cisco router?

    A. Show binary file
    B. Show secure boot-set
    C. Secure boot-config
    D. Secure boot-image

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-260 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.