We provide real ccna security 210 260 lab exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco ccna security 210 260 exam dumps Exam quickly & easily. The ccna security 210 260 official cert guide pdf PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 210 260 dumps dumps pdf and vce product and material, you can easily pass the examcollection 210 260 exam.

♥♥ 2018 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 210-260 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/210-260-exam-dumps.html

P.S. Virtual 210-260 courses are available on Google Drive, GET MORE: https://drive.google.com/open?id=1gwjXgAJefTuogS03f-ww4R_KL-qD9880

New Cisco 210-260 Exam Dumps Collection (Question 10 - Question 19)

Q1. Which three statements describe DHCP spoofing attacks? (Choose three.)

A. They can modify traffic in transit.

B. They are used to perform man-in-the-middle attacks.

C. They use ARP poisoning.

D. They can access most network devices.

E. They protect the identity of the attacker by masking the DHCP address.

F. They are can physically modify the network gateway.

Answer: A,B,C

Q2. On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?

A. used for SSH server/client authentication and encryption

B. used to verify the digital signature of the IPS signature file

C. used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate the ISR when accessing it using Cisco Configuration Professional

D. used to enable asymmetric encryption on IPsec and SSL VPNs

E. used during the DH exchanges on IPsec VPNs

Answer: B



Step 1: Downloading IOS IPS files

The first step is to download IOS IPS signature package files and public crypto key from Cisco.com.

Step 1.1: Download the required signature files from Cisco.com to your PC

u2022 Location: http://tools.cisco.com/support/downloads/go/Model.x?mdfid=281442967&mdfLevel=Softwa re%20Family&treeName=Security&modelName=Cisco%20IOS%20Intrusion%20Preventio n%20System%20Feature%20Software&treeMdfId=268438162

u2022 Files to download:

IOS-Sxxx-CLI.pkg: Signature package - download the latest signature package. realm-cisco.pub.key.txt: Public Crypto key - this is the crypto key used by IOS IPS

Q3. Which feature filters CoPP packets?

A. access control lists

B. class maps

C. policy maps

D. route maps

Answer: A

Q4. Protocols supported in contest aware VRF over VRF lite? Choose Two


B. Multicast


Answer: A,B

Q5. Which description of the nonsecret numbers that are used to start a Diffie-Hellman exchange is true?

A. They are large pseudorandom numbers.

B. They are very small numbers chosen from a table of known values

C. They are numeric values extracted from hashed system hostnames.

D. They are preconfigured prime integers

Answer: D

Q6. What hash type does Cisco use to validate the integrity of downloaded images?

A. Sha1

B. Sha2

C. Md5

D. Md1

Answer: C

Q7. Which NAT option is executed first during in case of multiple nat translations?

A. dynamic nat with shortest prefix

B. dynamic nat with longest prefix

C. static nat with shortest prefix

D. static nat with longest prefix

Answer: D

Q8. What is the highest security level that can be configured for an interface on an ASA?

A. 0

B. 50

C. 100

D. 200

Answer: C


u2711 Security level 100: This is the highest security level on our ASA and by default this is assigned to the u201cinsideu201d interface. Normally we use this for our u201cLANu201d. Since this is the highest security level, by default it can reach all the other interfaces.


Q9. Which two characteristics apply to an Intrusion Prevention System (IPS) ? Choose two

A. Does not add delay to the original traffic.

B. Cabled directly inline with the flow of the network traffic.

C. Can drop traffic based on a set of rules.

D. Runs in promoscous mode.

E. Cannot drop the packet on its own

Answer: B,C

Explanation: + Position in the network flow: Directly inline with the flow of network traffic and every packet goes through the sensor on its way through the network.

+ Mode: Inline mode

+ The IPS can drop the packet on its own because it is inline. The IPS can also request assistance from

another device to block future packets just as the IDS does.

Source: Cisco Official Certification Guide, Table 17-2 IDS Versus IPS, p.461

Q10. The command debug crypto isakmp results in ?

A. Troubleshooting ISAKMP (Phase 1) negotiation problems

Answer: A

P.S. Easily pass 210-260 Exam with Thedumpscentre Virtual Dumps & pdf vce, Try Free: http://www.thedumpscentre.com/210-260-dumps/ (387 New Questions)