Act now and download your Cisco ccna security 210 260 official cert guide pdf download test today! Do not waste time for the worthless Cisco ccna security 210 260 official cert guide pdf download tutorials. Download Renew Cisco Implementing Cisco Network Security exam with real questions and answers and begin to learn Cisco ccna security 210 260 dumps pdf free download with a classic professional.

Q11. Which statement about communication over failover interfaces is true? 

A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. 

B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. 

C. All information that is sent over the failover and stateful failover interfaces is encrypted by default. 

D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text. 

Answer:


Q12. Which statement about personal firewalls is true? 

A. They can protect a system by denying probing requests. 

B. They are resilient against kernel attacks. 

C. They can protect email messages and private documents in a similar way to a VPN. 

D. They can protect the network against attacks. 

Answer:


Q13. What can the SMTP preprocessor in FirePOWER normalize? 

A. It can extract and decode email attachments in client to server traffic. 

B. It can look up the email sender. 

C. It compares known threats to the email sender. 

D. It can forward the SMTP traffic to an email filter server. 

E. It uses the Traffic Anomaly Detector. 

Answer:


Q14. Refer to the exhibit. 

What is the effect of the given command sequence? 

A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

Answer:


Q15. If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? 

A. root guard 

B. EtherChannel guard 

C. loop guard 

D. BPDU guard 

Answer:


Q16. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

Which two statements regarding the ASA VPN configurations are correct? (Choose two) 

A. The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1. 

B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method. 

C. The Inside-SRV bookmark references the https://192.168.1.2 URL 

D. Only Clientless SSL VPN access is allowed with the Sales group policy 

E. AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface 

F. The Inside-SRV bookmark has not been applied to the Sales group policy 

Answer: B,C 

Explanation: 

For B: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.38.21 AM.png For C, Navigate to the Bookmarks tab: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.40.14 AM.png Then hit “edit” and you will see this: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.41.54 AM.png Not A, as this is listed under the Identity Certificates, not the CA certificates: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.34.54 AM.png Note E: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.26.56 AM.png 


Q17. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show? 

A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. 

B. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5. 

C. IPSec Phase 1 is down due to a QM_IDLE state. 

D. IPSec Phase 2 is down due to a QM_IDLE state. 

Answer:


Q18. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

When users login to the Clientless SSLVPN using https://209.165.201.2/test, which group policy will be applied? 

A. test 

B. clientless 

C. Sales 

D. DfltGrpPolicy 

E. DefaultRAGroup 

F. DefaultWEBVPNGroup 

Answer:

Explanation: First navigate to the Connection Profiles tab as shown below, highlight the one with the test alias: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.45.23 AM.png 

Then hit the “edit” button and you can clearly see the Sales Group Policy being applied. 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.44.53 AM.png 


Q19. Which statement about Cisco ACS authentication and authorization is true? 

A. ACS servers can be clustered to provide scalability. 

B. ACS can query multiple Active Directory domains. 

C. ACS uses TACACS to proxy other authentication servers. 

D. ACS can use only one authorization profile to allow or deny requests. 

Answer:


Q20. You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). 

A. Configure a proxy server to hide users' local IP addresses. 

B. Assign unique IP addresses to all users. 

C. Assign the same IP address to all users. 

D. Install a Web content filter to hide users' local IP addresses. 

E. Configure a firewall to use Port Address Translation. 

Answer: A,E