we provide High value Cisco ccna security 210 260 lab exam question which are the best for clearing ccna security 210 260 exam dumps test, and to get certified by Cisco Implementing Cisco Network Security. The 210 260 iins Questions & Answers covers all the knowledge points of the real ccna security 210 260 lab exam. Crack your Cisco ccna security 210 260 dumps pdf Exam with latest dumps, guaranteed!

Q1. What VPN feature allows traffic to exit the security appliance through the same interface it entered? 

A. hairpinning 

B. NAT 

C. NAT traversal 

D. split tunneling 

Answer:


Q2. What is an advantage of implementing a Trusted Platform Module for disk encryption? 

A. It provides hardware authentication. 

B. It allows the hard disk to be transferred to another device without requiring re-encryption.dis 

C. It supports a more complex encryption algorithm than other disk-encryption technologies. 

D. It can protect against single points of failure. 

Answer:


Q3. Which two statements about Telnet access to the ASA are true? (Choose two). 

A. You may VPN to the lowest security interface to telnet to an inside interface. 

B. You must configure an AAA server to enable Telnet. 

C. You can access all interfaces on an ASA using Telnet. 

D. You must use the command virtual telnet to enable Telnet. 

E. Best practice is to disable Telnet and use SSH. 

Answer: A,E 


Q4. What command can you use to verify the binding table status? 

A. show ip dhcp snooping database 

B. show ip dhcp snooping binding 

C. show ip dhcp snooping statistics 

D. show ip dhcp pool 

E. show ip dhcp source binding 

F. show ip dhcp snooping 

Answer:


Q5. In a security context, which action can you take to address compliance? 

A. Implement rules to prevent a vulnerability. 

B. Correct or counteract a vulnerability. 

C. Reduce the severity of a vulnerability. 

D. Follow directions from the security appliance manufacturer to remediate a vulnerability. 

Answer:


Q6. Which FirePOWER preprocessor engine is used to prevent SYN attacks? 

A. Rate-Based Prevention 

B. Portscan Detection 

C. IP Defragmentation 

D. Inline Normalization 

Answer:


Q7. If a packet matches more than one class map in an individual feature type's policy map, how does the ASA handle the packet? 

A. The ASA will apply the actions from only the first matching class map it finds for the feature type. 

B. The ASA will apply the actions from only the most specific matching class map it finds for the feature type. 

C. The ASA will apply the actions from all matching class maps it finds for the feature type. 

D. The ASA will apply the actions from only the last matching class map it finds for the feature type. 

Answer:


Q8. What is the only permitted operation for processing multicast traffic on zone-based firewalls? 

A. Only control plane policing can protect the control plane against multicast traffic. 

B. Stateful inspection of multicast traffic is supported only for the self-zone. 

C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. 

D. Stateful inspection of multicast traffic is supported only for the internal zone. 

Answer:


Q9. What three actions are limitations when running IPS in promiscuous mode? (Choose three.) 

A. deny attacker 

B. deny packet 

C. modify packet 

D. request block connection 

E. request block host 

F. reset TCP connection 

Cisco 210-260 : Practice Test 

Answer: A,B,C 


Q10. A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware. 

A. Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list. 

B. Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router's local URL list. 

C. Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall's local URL list. 

D. Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router. 

E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router. 

Answer: