1. Home
  2. Cisco
  3. 210-260

Cisco 210-260 Online Practice Questions and Exam Preparation

210-260 Exam Details

  • Exam Code
    :210-260
  • Exam Name
    :Implementing Cisco Network Security
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :527 Q&As
  • Last Updated
    :Dec 12, 2021

Cisco 210-260 Online Questions & Answers

  • Question 431:

    Diffie-Hellman key exchange question

    A. IKE
    B. IPSEC
    C. SPAN
    D. STP

  • Question 432:

    What are two advanced features of the Cisco AMP solution for endpoints? (Choose two)

    A. reflection
    B. foresight
    C. sandboxing
    D. contemplation
    E. reputation

  • Question 433:

    Which sensor mode can deny attackers inline?

    A. IPS
    B. fail-close
    C. IDS
    D. fail-open

  • Question 434:

    Which technology could be used on top of an MPLS VPN to add confidentiality?

    A. IPsec
    B. AES
    C. SSL
    D. 3DES

  • Question 435:

    Which two statement about stateless firewalls is true? (Choose two)

    A. the Cisco ASA is implicitly stateless because it blocks all traffic by default.
    B. They compare the 5-tuple of each incoming packets against configurable rules.
    C. They cannot track connections..
    D. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS..
    E. Cisco IOS cannot implement them because the platform is Stateful by nature

  • Question 436:

    Which two NAT types allow only objects or groups to reference an IP address? (Choose two)

    A. dynamic NAT
    B. dynamic PAT
    C. static NAT
    D. identity NAT

  • Question 437:

    Which two are valid types of VLANs using PVLANs? (Choose two.)

    A. Backup VLAN
    B. Secondary VLAN
    C. Promiscuous VLAN
    D. Community VLAN
    E. Isolated VLAN

  • Question 438:

    With which type of Layer 2 attack can you intercept traffic that is destined for one host?

    A. MAC spoofing
    B. CAM overflow

  • Question 439:

    Within an 802.1X enabled network with the Auth Fail feature configured, when does a switch port get placed into a restricted VLAN?

    A. When user failed to authenticate after certain number of attempts
    B. When 802.1X is not globally enabled on the Cisco catalyst switch
    C. When AAA new-model is enabled
    D. If a connected client does not support 802.1X
    E. After a connected client exceeds a specific idle time

  • Question 440:

    What is one requirement for locking a wired or wireless device from ISE?

    A. The ISE agent must be installed on the device
    B. The device must be connnected to the network when the lock command is executed C. The user must approve the locking action
    D. The organization must implement an acceptable use policy allowing device locking

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-260 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.