CCNA Security IINS 210-260 practice test|CertTree

by Karen Paramo IT sales consultant CertTree guarantee exam success rate of 100% ratio, except no one. You choose CertTree, and select the training you want to start, you will get the best resources with market and reliability assurance.CertTree have the latest CCNA Security IINS 210-260 practice test|CertTree. The industrious CertTree IT experts through their own expertise and experience continuously produce the latest CCNA Security IINS 210-260 practice test|CertTree to facilitate IT professionals to pass the Cisco certification 210-260 exam.

CCNA Security IINS 210-260 practice test|CertTree available at CertTree has developed by 210-260 certified professionals by much hard work. CCNA Security IINS 210-260 practice test|CertTree available in most popular PDF format so that you can download and study offline. Candidates can learn all the questions and answers in an easy way; start from PDF and end with Test Software. Also the regular updates ensure you about the quality and accuracy of questions and the answers given to questions are verified by 210-260 experts.
Share some CCNA Security 210-260 exam questions and answers below.
What is an advantage of placing an IPS on the inside of a network?
A. It can provide higher throughput.
B. It receives traffic that has already been filtered.
C. It receives every inbound packet.
D. It can provide greater security.
Answer: B

Which statement about communication over failover interfaces is true?
A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default.
B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default.
C. All information that is sent over the failover and stateful failover interfaces is encrypted by default.
D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text.
Answer: A

According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)
A. BOOTP
B. TFTP
C. DNS
D. MAB
E. HTTP
F. 802.1x
Answer: A, B, C

If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?
A. The trunk port would go into an error-disabled state.
B. A VLAN hopping attack would be successful.
C. A VLAN hopping attack would be prevented.
D. The attacked VLAN will be pruned.
Answer: C

Which tool can an attacker use to attempt a DDoS attack?
A. botnet
B. Trojan horse
C. virus
D. adware
Answer: A

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)
A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384
Answer: A, F

Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscuous port.
B. The isolated port can communicate with other isolated ports and the promiscuous port.
C. The isolated port can communicate only with community ports.
D. The isolated port can communicate only with other isolated ports.
Answer: A

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)
A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384
Answer: A,F

In which two situations should you use out-of-band management? (Choose two.)
A. when a network device fails to forward packets
B. when you require ROMMON access
C. when management applications need concurrent access to the device
D. when you require administrator access from multiple locations
E. when the control plane fails to respond
Answer: A, B

Which three statements about host-based IPS are true? (Choose three.)
A. It can view encrypted files.
B. It can have more restrictive policies than network-based IPS.
C. It can generate alerts based on behavior at the desktop level.
D. It can be deployed at the perimeter.
E. It uses signature-based policies.
F. It works with deployed firewalls.
Answer: A,B,C

Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Answer: D, E, F

What is the only permitted operation for processing multicast traffic on zone-based firewalls?
A. Only control plane policing can protect the control plane against multicast traffic.
B. Stateful inspection of multicast traffic is supported only for the self-zone.
C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone.
D. Stateful inspection of multicast traffic is supported only for the internal zone.
Answer: A

Which two features do CoPP and CPPr use to protect the control plane? (Choose two.)
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
Answer: A, B

How does a zone-based firewall implementation handle traffic between interfaces in the same zone?
A. Traffic between two interfaces in the same zone is allowed by default.
B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command.
C. Traffic between interfaces in the same zone is always blocked.
D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.
Answer: A

What three actions are limitations when running IPS in promiscuous mode? (Choose three.)
A. deny attacker
B. deny packet
C. modify packet
D. request block connection
E. request block host
F. reset TCP connection
Answer: A,B,C


Our CCNA Security IINS 210-260 practice test|CertTree have wide coverage of the content of the examination and constantly update and compile. CertTree can provide you with a very high accuracy of exam preparation. Selecting CertTree can save you a lot of time, so that you can get the Cisco 210-260 certification earlier to allow you to become a Cisco IT professionals.CertTree is a convenient website to provide service for many of the candidates participating in the IT certification exams.

Sponsor Ads

• Ad Space Available - Rent it Now!

Created on Oct 14th 2017 00:58. Viewed 340 times.

Comments