Your success in Cisco 210 260 home lab files is our sole target and we develop all our 210 260 iins braindumps in a way that facilitates the attainment of this target. Not only is our 210 260 iins study material the best you can find, it is also the most detailed and the most updated. ccna 210 260 Practice Exams for Cisco CCNA Security 210 260 dumps are written to the highest standards of technical accuracy.

P.S. High value 210-260 pdf are available on Google Drive, GET MORE:

New Cisco 210-260 Exam Dumps Collection (Question 9 - Question 18)

Question No: 9

Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)

A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections

B. authenticating administrator access to the router console port, auxiliary port, and vty ports

C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates

D. tracking Cisco NetFlow accounting statistics

E. securing the router by locking down all unused services

F. performing router commands authorization using TACACS+

Answer: A,B,F

Explanation: l

Need for AAA Services

Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server.

Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes.

AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+.

The information can also be stored locally on the access server or router. Remote security servers, such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which define the access rights with the appropriate user. All authorization methods must be defined through AAA.

Question No: 10

What IPSec mode is used to encrypt traffic between a server and VPN endpoint?

A. tunnel

B. Trunk

C. Aggregated

D. Quick

E. Transport

Answer: E

Question No: 11

Which statement about zone-based firewall configuration is true?

A. Traffic is implicitly denied by default between interfaces the same zone

B. Traffic that is desired to or sourced from the self-zone is denied by default

C. The zone must be configured before a can be assigned

D. You can assign an interface to more than one interface

Answer: C

Question No: 12

Protocols supported in contest aware VRF over VRF lite? Choose Two


B. Multicast


Answer: A,B

Question No: 13

In which two situations should you use out-of-band management? (Choose two.)

A. when a network device fails to forward packets

B. when you require ROMMON access

C. when management applications need concurrent access to the device

D. when you require administrator access from multiple locations

E. when the control plane fails to respond

Answer: A,B

Question No: 14

What is one requirement for locking a wired or wireless device from ISE?

A. The ISE agent must be installed on the device.

B. The device must be connected to the network when the lock command is executed.

C. The user must approve the locking action.

D. The organization must implement an acceptable use policy allowing device locking.

Answer: A

Question No: 15

Which type of encryption technology has the broadest platform support to protect operating systems?

A. software

B. hardware

C. middleware

D. file-level

Answer: A

Question No: 16

Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

A. syslog






Answer: B,F


Step 4: Enabling IOS IPS

The fourth step is to configure IOS IPS using the following sequence of steps: Step 4.1: Create a rule name (This will be used on an interface to enable IPS) ip ips name <rule name> < optional ACL>

router#configure terminal router(config)# ip ips name iosips

You can specify an optional extended or standard access control list (ACL) to filter the traffic that will be scanned by this rule name. All traffic that is permitted by the ACL is subject to inspection by the IPS. Traffic that is denied by the ACL is not inspected by the IPS.

router(config)#ip ips name ips list ?

<1-199> Numbered access list WORD Named access list

Step 4.2: Configure IPS signature storage location, this is the directory `ips' created in Step 2

ip ips config location flash:<directory name> router(config)#ip ips config location flash:ips Step 4.3: Enable IPS SDEE event notification

ip ips notify sdee router(config)#ip ips notify sdee

To use SDEE, the HTTP server must be enabled (via the `ip http server' command). If the HTTP server is not enabled, the router cannot respond to the SDEE clients because it

cannot see the requests. SDEE notification is disabled by default and must be explicitly enabled.

Question No: 17

what causes a client to be placed in a guest or restricted VLAN on an 802.1x enabled network?

A. client entered wrong credentials multiple times.

B. client entered wrong credentials First time.

Answer: A

Question No: 18

What command can you use to verify the binding table status?

A. show ip dhcp snooping database

B. show ip dhcp snooping binding

C. show ip dhcp snooping statistics

D. show ip dhcp pool

E. show ip dhcp source binding

F. show ip dhcp snooping

Answer: A

P.S. Easily pass 210-260 Exam with Surepassexam High value Dumps & pdf vce, Try Free: (387 New Questions)