Proper study guides for Most recent Cisco IINS Implementing Cisco Network Security certified begins with Cisco ccna security 210 260 book preparation products which designed to deliver the Virtual 210 260 home lab files questions by making you pass the ccna security 210 260 pdf download test at your first time. Try the free cisco ccna security 210 260 iins demo right now.
P.S. Virtual 210-260 questions are available on Google Drive, GET MORE: https://drive.google.com/open?id=15-c9rTF9Mlkw5H3RVg0ANt7WlKNsZNZm
New Cisco 210-260 Exam Dumps Collection (Question 10 - Question 19)
Q1. What are two uses of SIEM software? (Choose two.)
A. collecting and archiving syslog data
B. alerting administrators to security events in real time
C. performing automatic network audits
D. configuring firewall and IDS devices
E. scanning email for suspicious attachments
Answer: A,B
Q2. A proxy firewall protects against which type of attack?
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks
Answer: A
Q3. What improvement does EAP-FASTv2 provide over EAP-FAST?
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols.
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol.
Answer: A
Q4. What is a potential drawback to leaving VLAN 1 as the native VLAN?
A. It may be susceptible to a VLAN hoping attack.
B. Gratuitous ARPs might be able to conduct a man-in-the-middle attack.
C. The CAM might be overloaded, effectively turning the switch into a hub.
D. VLAN 1 might be vulnerable to IP address spoofing.
Answer: A
Q5. Which security zone is automatically defined by the system?
A. The source zone
B. The self zone
C. The destination zone
D. The inside zone
Answer: B
Q6. Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
Answer: A
Q7. Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
A. no impact to zoning or policy
B. no policy lookup (pass)
C. drop
D. apply default policy
Answer: C
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-zone- pol-fw.html
Zone Pairs
A zone pair allows you to specify a unidirectional firewall policy between two security zones.
To define a zone pair, use the zone-pair security command. The direction of the traffic is specified by source and destination zones. The source and destination zones of a zone pair must be security zones.
You can select the default or self zone as either the source or the destination zone. The self zone is a systemdefined zone which does not have any interfaces as members. A zone pair that includes the self zone, along with the associated policy, applies to traffic directed to the device or traffic generated by the device. It does not apply to traffic through the device.
The most common usage of firewall is to apply them to traffic through a device, so you need at least two zones (that is, you cannot use the self zone).
To permit traffic between zone member interfaces, you must configure a policy permitting (or inspecting) traffic between that zone and another zone. To attach a firewall policy map to the target zone pair, use the servicepolicy type inspect command.
The figure below shows the application of a firewall policy to traffic flowing from zone Z1 to zone Z2, which means that the ingress interface for the traffic is a member of zone Z1 and the egress interface is a member of zone Z2.
Figure 2. Zone Pairs
If there are two zones and you require policies for traffic going in both directions (from Z1 to Z2 and Z2 to Z1), you must configure two zone pairs (one for each direction).
If a policy is not configured between zone pairs, traffic is dropped. However, it is not necessary to configure a zone pair and a service policy solely for the return traffic. By default, return traffic is not allowed. If a service policy inspects the traffic in the forward direction and there is no zone pair and service policy for the return traffic, the return traffic is inspected. If a service policy passes the traffic in the forward direction and there is no zone pair and service policy for the return traffic, the return traffic is dropped. In both these cases, you need to configure a zone pair and a service policy to allow the return traffic. In the above figure, it is not mandatory that you configure a zone pair source and destination for allowing return traffic from Z2 to Z1. The service policy on Z1 to Z2 zone pair takes care of it.
Q8. Which two characteristics of a PVLAN are true?
A. isolated ports cannot communicate with other ports on the same VLAN.
B. They require VTP to be enabled in server mode.
C. Promiscuous ports can communicate with PVLAN ports
D. PVLAN ports can be configured as EtherChannel ports.
E. Community ports have to be a part of the trunk.
Answer: C,E
Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/pvlans.pdf
Q9. What show command can see vpn tunnel establish with traffic passing through.
A. (config)# show crypto ipsec sa
B. #show crypto ipsec sa
C. (config-if)#
Answer: A
Q10. An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?
A. The switch could offer fake DHCP addresses.
B. The switch could become the root bridge.
C. The switch could be allowed to join the VTP domain.
D. The switch could become a transparent bridge.
Answer: B
100% Most recent Cisco 210-260 Questions & Answers shared by Surepassexam, Get HERE: https://www.surepassexam.com/210-260-exam-dumps.html (New 387 Q&As)