[2017 New] 100% New Updated 210-260 New Questions Lead2pass Helps Pass 210-260 Successfully (41-60)

2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Pass 210-260 exam with the latest Lead2pass 210-260 dumps: Lead2pass 210-260 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 210-260 exam objectives.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/210-260.html

QUESTION 41
Which command verifies phase 1 of an IPsec VPN on a Cisco router?

A.    show crypto map
B.    show crypto ipsec sa
C.    show crypto isakmp sa
D.    show crypto engine connection active

Answer: C
Explanation:
show crypto ipsec sa verifies Phase 2 of the tunnel.

QUESTION 42
What is the purpose of a honeypot IPS?

A.    To create customized policies
B.    To detect unknown attacks
C.    To normalize streams
D.    To collect information about attacks

Answer: D

QUESTION 43
Which type of firewall can act on the behalf of the end device?

A.    Stateful packet
B.    Application
C.    Packet
D.    Proxy

Answer: D

QUESTION 44
Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as command. What does the given output show?

 

A.    IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5
B.    IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5
C.    IPSec Phase 1 is down due to a QM_IDLE state
D.    IPSEc Phase 2 is down due to a QM_IDLE state

Answer: A

QUESTION 45
What type of attack was the Stuxnet virus?

A.    cyber warfare
B.    hactivism
C.    botnet
D.    social engineering

Answer: A

QUESTION 46
Which type of secure connectivity does an extranet provide?

A.    remote branch offices to your company network
B.    your company network to the Internet
C.    new networks to your company network
D.    other company networks to your company network

Answer: D

QUESTION 47
After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?

A.    The secure boot-image command is configured
B.    The secure boot-comfit command is configured
C.    The confreg 0x24 command is configured.
D.    The reload command was issued from ROMMON.

Answer: A

QUESTION 48
What is a reason for an organization to deploy a personal firewall?

A.    To protect endpoints such as desktops from malicious activity
B.    To protect one virtual network segment from another
C.    To determine whether a host meets minimum security posture requirements
D.    To create a separate, non-persistent virtual environment that can be destroyed after a session
E.    To protect the network from DoS and syn-flood attacks

Answer: A

QUESTION 49
Which FirePOWER preprocessor engine is used to prevent SYN attacks?

A.    Rate-Based Prevention
B.    Portscan Detection
C.    IP Defragmentation
D.    Inline Normalization

Answer: A

QUESTION 50
What VPN feature allows traffic to exit the security appliance through the same interface it entered?

A.    Hairpinning
B.    NAT
C.    NAT traversal
D.    split tunneling

Answer: A

QUESTION 51
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

A.    Perform a Layer 6 reset
B.    Deploy an antimalware system
C.    Enable bypass mode
D.    Deny the connection inline

Answer: D

QUESTION 52
Which statement about Cisco ACS authentication and authorization is true?

A.    ACS servers can be clustered to provide scalability
B.    ACS can query multiple Active Directory domains
C.    ACS uses TACACS to proxy other authentication servers
D.    ACS can use only one authorization profile to allo or deny requests

Answer: A

QUESTION 53
What is the only permitted operation for processing multicast traffic on zone-based firewalls?

A.    Stateful inspection of multicast traffic is supported only for the self zone
B.    Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone
C.    Only control plane policing can protect the control plane against multicast traffic.
D.    Stateful inspection of multicast traffic is supported only for the internal zone.

Answer: C

QUESTION 54
What is one requirement for locking a wired or wireless device from ISE?

A.    The ISE agent must be installed on the device
B.    The device must be connnected to the network when the lock command is executed
C.    The user must approve the locking action
D.    The organization must implement an acceptable use policy allowing device locking

Answer: A

QUESTION 55
Refer to the exhibit. What type of firewall would use the given cofiguration line?

 

A.    a stateful firewall
B.    a personal firewall
C.    a proxy firewall
D.    an application firewall
E.    a stateless firewall

Answer: A

QUESTION 56
What are two default Cisco IOS privilege levels? (Choose two)

A.    0
B.    5
C.    1
D.    7
E.    10
F.    15

Answer: CF

QUESTION 57
What is the effect of the given command sequence?
 
A.    It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a desstination of 10.100.100.0/24
B.    It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24
C.    it defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24
D.    It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24

Answer: A

QUESTION 58
Which tool can an attacker use to attempt a DDos attack?

A.    botnet
B.    Trojan horse
C.    virus
D.    adware

Answer: A

QUESTION 59
how does the Cisco ASA use Active Directory to authorize VPN users?

A.    It queries the Active Directory server for a specfic attribute for the specific user
B.    It sends the username and password to retire an ACCEPT or Reject message from the Active Directory server
C.    It downloads and stores the Active Directory databas to query for future authorization
D.    It redirects requests to the Active Directory server defined for the VPN group

Answer: A

QUESTION 60
Which statement about application blocking is true?

A.    It blocks access to files with specific extensions
B.    It blocks access to specific network addresses
C.    It blocks access to specific programs
D.    It blocks access to specific network services.

Answer: C

Comparing with others’, you will find our 210-260 exam questions are more helpful and precise since all the 210-260 exam content is regularly updated and has been checked for accuracy by our team of Cisco expert professionals.

210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk

2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass:

http://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed]