December/2019 Braindump2go 210-260 Dumps with PDF and VCE New Updated Today! Following are some new 210-260 Exam Questions,
New Question
Which IKE phase 1 parameter can you use to require the site-to-site VPN to us a pre-shared key?
A. group
B. hash
C. authentication
D. encryption
Answer: C
New Question
Which command do you enter to verify the status and settings of an IKE Phase 1 tunnel?
A. show crypto Ipsec as output
B. show crypto isakmp policy
C. show crypto isakmp sa
D. show crypto ipsec transform-sat
Answer: C
New Question
Which statement represents a difference between an access list on an ASA versus an acess list on a router?
A. The ASA does not support extended access lists
B. The ASA does not support number access lists
C. The ASA does not ever use a wildcard mask
D. The ASA does not support standard access lists
Answer: C
New Question
What are two limitations of the self-zone policies on a zone-based firewall? (Choose two)
A. They restnct SNMP traffic
B. They are unable to implement application inspection
C. They are unable to block HTTPS traffic
D. They are unable to support HTTPS traffic
E. They are unable to perform rate limiting.
Answer: BE
Explanation:
Self-Zone Policy Limitations
Self-zone policy has limited functionality as compared to the policies available for transit-traffic zone-pairs:
As was the case with classical stateful inspection, router-generated traffic is limited to TCP, UDP, ICMP, and complex-protocol inspection for H.323.
Application Inspection is not available for self-zone policies.
Session and rate limiting cannot be configured on self-zone policies.
Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
New Question
Which two descriptions of TACACS+ are true? (Choose two.)
A. It uses TCP as its transport protocol.
B. It combines authentication and authorization.
C. Only the password is encrypted.
D. The TACACS+ header is unencrypted
E. It uses UDP as its transport protocol.
Answer: AD
New Question
Which two actions does an IPS perform? (Choose two.)
A. it spans the traffic
B. it reconfigures a device to block the traffic
C. it reflects the traffic back to the sender
D. it encrypts the traffic
E. it terminates the user session or connection of the attacker
Answer: AE
New Question
In which form of fraud does an attacker try to team information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels’?
A. Hacking
B. Phishing
C. Identity Spoofing
D. Smarting
Answer: B
New Question
What is a limitation of network-based IPS?
A. It is most effective at the individual host level.
B. It must be individually configured to support every operating system on the network.
C. It is unable to monitor attacks across the entire network.
D. Large installations require numerous sensors to fully protect the network
Answer: D
New Question
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?
A. Control Plane Policing
B. Service Policy
C. Cisco Express Forwarding
D. Policy Map
Answer: A
New Question
Which command successfully creates an administrative user with a password of “Cisco” on a Cisco router?
A. username Operator privilege 7 password Cisco
B. username Operator privilege 1 password Cisco
C. username Operator privilege 15 password Cisco
D. username Operator password cisco privilege 15
Answer: C
New Question
Which technology can best protect data at rest on a user system?
A. network IPS
B. router ACL
C. full-disk encryption
D. IPsec tunnel
Answer: C
1.|2019 Latest Braindump2go 210-260 Exam Dumps (VCE & PDF) Instant Download:
https://www.braindump2go.com/210-260.html
2.|2019 Latest Braindump2go 210-260 Exam Questions & Answers Instant Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNV1RGaFJYZkxGWFk?usp=sharing