[210-260 Free Questions] 210-260 Implementing Cisco Network Security

1. Which two services define cloud networks? (Choose two.)

Infrastructure as a Service

Platform as a Service

Security as a Service

Compute as a Service

Tenancy as a Service

2. In which two situations should you use out-of-band management? (Choose two.)

when a network device fails to forward packets

when you require ROMMON access

when management applications need concurrent access to the device

when you require administrator access from multiple locations

when the control plane fails to respond

3. In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)

TACACS uses TCP to communicate with the NA

TACACS can encrypt the entire packet that is sent to the NA

TACACS supports per-command authorization.

TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.

TACACS uses UDP to communicate with the NA

TACACS encrypts only the password field in an authentication packet.

4. According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)

BOOTP

TFTP

DNS

MAB

HTTP

802.1x

5. Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)

AES

3DES

DES

MD5

DH-1024

SHA-384

6. Which three ESP fields can be encrypted during transmission? (Choose three.)

Security Parameter Index

Sequence Number

MAC Address

Padding

Pad Length

Next Header

7. What are two default Cisco IOS privilege levels? (Choose two.)

8. Which two authentication types does OSPF support? (Choose two.)

plaintext

MD5

HMAC

AES 256

SHA-1

DES

9. Which two features do CoPP and CPPr use to protect the control plane? (Choose two.)

QoS

traffic classification

access lists

policy maps

class maps

Cisco Express Forwarding

10. Which two statements about stateless firewalls are true? (Choose two.)

They compare the 5-tuple of each incoming packet against configurable rules.

They cannot track connections.

They are designed to work most efficiently with stateless protocols such as HTTP or HTTP

Cisco IOS cannot implement them because the platform is stateful by nature.

The Cisco ASA is implicitly stateless because it blocks all traffic by default.

11. Which three statements about host-based IPS are true? (Choose three.)

It can view encrypted files.

It can have more restrictive policies than network-based IP

It can generate alerts based on behavior at the desktop level.

It can be deployed at the perimeter.

It uses signature-based policies.

It works with deployed firewalls.

12. What three actions are limitations when running IPS in promiscuous mode? (Choose three.)

deny attacker

deny packet

modify packet

request block connection

request block host

reset TCP connection

13. When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

Deny the connection inline.

Perform a Layer 6 reset.

Deploy an antimalware system.

Enable bypass mode.

14. What is an advantage of implementing a Trusted Platform Module for disk encryption?

It provides hardware authentication.

It allows the hard disk to be transferred to another device without requiring re-encryption.dis

It supports a more complex encryption algorithm than other disk-encryption technologies.

It can protect against single points of failure.

15. What is the purpose of the Integrity component of the CIA triad?

to ensure that only authorized parties can modify data

to determine whether data is relevant

to create a process for accessing data

to ensure that only authorized parties can view data

16. In a security context, which action can you take to address compliance?

Implement rules to prevent a vulnerability.

Correct or counteract a vulnerability.

Reduce the severity of a vulnerability.

Follow directions from the security appliance manufacturer to remediate a vulnerability.

17. Which type of secure connectivity does an extranet provide?

other company networks to your company network

remote branch offices to your company network

your company network to the Internet

new networks to your company network

18. Which tool can an attacker use to attempt a DDoS attack?

botnet

Trojan horse

virus

adware

19. What type of security support is provided by the Open Web Application Security Project?

Education about common Web site vulnerabilities.

A Web site security framework.

A security discussion forum for Web site developers.

Scoring of common vulnerabilities and exposures.

20. What type of attack was the Stuxnet virus?

cyber warfare

hacktivism

botnet

social engineering

Question 1 of 20

Leave a Reply Cancel reply