[2017 New] 2017 New Lead2pass Cisco 210-260 Dumps Free Download (41-60)

2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Pass 210-260 exam with the latest Lead2pass 210-260 dumps: Lead2pass 210-260 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 210-260 exam objectives.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/210-260.html

Which command verifies phase 1 of an IPsec VPN on a Cisco router?

A.    show crypto map
B.    show crypto ipsec sa
C.    show crypto isakmp sa
D.    show crypto engine connection active

Answer: C
show crypto ipsec sa verifies Phase 2 of the tunnel.

What is the purpose of a honeypot IPS?

A.    To create customized policies
B.    To detect unknown attacks
C.    To normalize streams
D.    To collect information about attacks

Answer: D

Which type of firewall can act on the behalf of the end device?

A.    Stateful packet
B.    Application
C.    Packet
D.    Proxy

Answer: D

Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as command. What does the given output show?


A.    IPSec Phase 1 is established between and
B.    IPSec Phase 2 is established between and
C.    IPSec Phase 1 is down due to a QM_IDLE state
D.    IPSEc Phase 2 is down due to a QM_IDLE state

Answer: A

What type of attack was the Stuxnet virus?

A.    cyber warfare
B.    hactivism
C.    botnet
D.    social engineering

Answer: A

Which type of secure connectivity does an extranet provide?

A.    remote branch offices to your company network
B.    your company network to the Internet
C.    new networks to your company network
D.    other company networks to your company network

Answer: D

After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?

A.    The secure boot-image command is configured
B.    The secure boot-comfit command is configured
C.    The confreg 0x24 command is configured.
D.    The reload command was issued from ROMMON.

Answer: A

What is a reason for an organization to deploy a personal firewall?

A.    To protect endpoints such as desktops from malicious activity
B.    To protect one virtual network segment from another
C.    To determine whether a host meets minimum security posture requirements
D.    To create a separate, non-persistent virtual environment that can be destroyed after a session
E.    To protect the network from DoS and syn-flood attacks

Answer: A

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

A.    Rate-Based Prevention
B.    Portscan Detection
C.    IP Defragmentation
D.    Inline Normalization

Answer: A

What VPN feature allows traffic to exit the security appliance through the same interface it entered?

A.    Hairpinning
B.    NAT
C.    NAT traversal
D.    split tunneling

Answer: A

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

A.    Perform a Layer 6 reset
B.    Deploy an antimalware system
C.    Enable bypass mode
D.    Deny the connection inline

Answer: D

Which statement about Cisco ACS authentication and authorization is true?

A.    ACS servers can be clustered to provide scalability
B.    ACS can query multiple Active Directory domains
C.    ACS uses TACACS to proxy other authentication servers
D.    ACS can use only one authorization profile to allo or deny requests

Answer: A

What is the only permitted operation for processing multicast traffic on zone-based firewalls?

A.    Stateful inspection of multicast traffic is supported only for the self zone
B.    Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone
C.    Only control plane policing can protect the control plane against multicast traffic.
D.    Stateful inspection of multicast traffic is supported only for the internal zone.

Answer: C

What is one requirement for locking a wired or wireless device from ISE?

A.    The ISE agent must be installed on the device
B.    The device must be connnected to the network when the lock command is executed
C.    The user must approve the locking action
D.    The organization must implement an acceptable use policy allowing device locking

Answer: A

Refer to the exhibit. What type of firewall would use the given cofiguration line?


A.    a stateful firewall
B.    a personal firewall
C.    a proxy firewall
D.    an application firewall
E.    a stateless firewall

Answer: A

What are two default Cisco IOS privilege levels? (Choose two)

A.    0
B.    5
C.    1
D.    7
E.    10
F.    15

Answer: CF

What is the effect of the given command sequence?
A.    It defines IPSec policy for traffic sourced from with a desstination of
B.    It defines IPSec policy for traffic sourced from with a destination of
C.    it defines IKE policy for traffic sourced from with a destination of
D.    It defines IKE policy for traffic sourced from with a destination of

Answer: A

Which tool can an attacker use to attempt a DDos attack?

A.    botnet
B.    Trojan horse
C.    virus
D.    adware

Answer: A

how does the Cisco ASA use Active Directory to authorize VPN users?

A.    It queries the Active Directory server for a specfic attribute for the specific user
B.    It sends the username and password to retire an ACCEPT or Reject message from the Active Directory server
C.    It downloads and stores the Active Directory databas to query for future authorization
D.    It redirects requests to the Active Directory server defined for the VPN group

Answer: A

Which statement about application blocking is true?

A.    It blocks access to files with specific extensions
B.    It blocks access to specific network addresses
C.    It blocks access to specific programs
D.    It blocks access to specific network services.

Answer: C

Comparing with others’, you will find our 210-260 exam questions are more helpful and precise since all the 210-260 exam content is regularly updated and has been checked for accuracy by our team of Cisco expert professionals.

210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk

2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass:

http://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed]