This page was exported from Lead2pass New Updated IT Exam Questions [ ] Export date:Thu Apr 18 22:37:43 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] Free Lead2pass Cisco 210-260 PDF Dumps With The Latest Update Exam Questions (161-180) --------------------------------------------------- 2017 July Cisco Official New Released 210-260 Dumps in! 100% Free Download! 100% Pass Guaranteed! Lead2pass is one of the leading exam preparation material providers. Its updated 210-260 braindumps in PDF can ensure most candidates pass the exam without too much effort. If you are struggling for the 210-260 exam, it will be a wise choice that get help from Lead2pass. Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 161What configuration allows AnyConnect to authenticate automatically establish a VPN session when a user logs in to the computer? A.    proxyB.    Trusted Network DetectionC.    transparent modeD.    always-onAnswer: D QUESTION 162Which statement about the communication between interfaces on the same security level is true? A.    All Traffic is allowed by default between interfaces on the same security level.B.    Interface on the same security level require additional configuration to permit inter-interface communication.C.    Configuring interface on the same security level can cause asymmetric routing.D.    You can configure only one interface on an individual security level. Answer: BExplanation:The following command allows traffic of the same security level: hostname(config)# same-security-traffic permit inter-interface QUESTION 163You have implemented Sourcefire IPS and configure it to block certain addresses utilizing security intelligence IP Addresses Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address? A.    create a user based access control rule to allow the traffic.B.    create a custom blacklist to allow the traffic.C.    create a whitelist and add the appropriate IP address to allow the traffic.D.    create a rule to bypass inspection to allow the traffic. Answer: CExplanation:Custom whitelists override blacklists and mitigate false positives. QUESTION 164If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use? A.    STP BPDU guardB.    loop guardC.    STP Root guardD.    EtherChannel guard Answer: A QUESTION 165Which feature filters CoPP packets? A.    Policy mapsB.    route mapsC.    access control listsD.    class maps Answer: C QUESTION 166In which type of attack does an attacker send email message that ask the recipient to click a link such as A.    pharmingB.    phishingC.    solicitationD.    secure transaction Answer: B QUESTION 167If the router ospf 200 command, what does the value 200 stands for? A.    Administrative distance valueB.    process IDC.    area ID.D.    ABR ID Answer: BExplanation:Recall that the area is defined in the following command:hostname(config-router)# network area 0 QUESTION 168Your security team has discovered a malicious program that has been harvesting the CEO's email messages and the company's user database for the last 6 months. What type of attack did your team discover? (Choose two.) A.    social activismB.    drive-by spywareC.    targeted malwareD.    advance persistent threatE.     polymorphic Virus Answer: CD QUESTION 169What is the best way to confirm that AAA authentication is working properly? A.    use the test aaa commandB.    use the Cisco-recommended configuration for AAA authenticationC.    Log into and out of the router, and then check the NAS authentication logD.    Ping the NAS to confirm connectivity Answer: AExplanation:The other choices do not verify functionality.There is a test aaa command in IOS, just tried it in my lab:R1#test aaa group radius admin cisco123 new-codeUser successfully authenticatedUSER ATTRIBUTES QUESTION 170What is the benefit of web application firewall? A.    It accelerate web trafficB.    It blocks know vulnerabilities without patching applicationsC.    It supports all networking protocols.D.    It simplifies troubleshooting Answer: B QUESTION 171What improvement does EAP-FASTv2 provide over EAP-FAST? A.    It support more secure encryption protocols.B.    It allows multiple credentials to be passed in a single EAP exchangeC.    It addresses security vulnerabilities found in the original protocol.D.    It allows faster authentication by using fewer packets. Answer: BExplanation:EAP Chaining with EAP-FASTv2: As an enhancement to EAP-FAST, a differentiation was made to have a User PAC and a Machine PAC. After a successful machine-authentication, ISE will issue a Machine-PAC to the client. Then, when processing a user-authentication, ISE will request the Machine-PAC to prove that the machine was successfully authenticated, too. This is the first time in 802.1X history that multiple credentials have been able to be authenticated within a single EAP transaction, and it is known as “EAP Chaining.” QUESTION 172Which statement about IOS privilege levels is true? A.    Each privilege level is independent of all other privilege levels.B.    Each privilege level supports the commands at its own level and all levels above it.C.    Each privilege level supports the commands at its own level and all levels below it.D.    Privilege-level commands are set explicitly for each user. Answer: C QUESTION 173What mechanism does asymmetric cryptography use to secure data? A.    an RSA nonceB.    a public/private key pair.C.    an MD5 hash.D.    shared secret keys. Answer: B QUESTION 174Which statement about application blocking is true? A.    Block access to specific program.B.    Block access to specific network addresses.C.    Block access to specific network servicesD.    Block access to files with specific extensions. Answer: A QUESTION 175What are the three layers of a hierarchical network design? (Choose three.) A.    coreB.    accessC.    serverD.    userE.    internetF.    distribution Answer: ABF QUESTION 176In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub? A.    gratuitous ARPB.    MAC floodingC.    MAC spoofingD.    DoS Answer: BExplanation:Switch goes into fail-open mode, becomes a hub. QUESTION 177Refer to the exhibit. With which NTP server has the router synchronized?   A. Answer: AExplanation:Because you have to refer to our_master , which is only showing on on the rest of them you nothing showing."our_master" term lists selected synchronization server at the beginning of the line. QUESTION 178What are two ways to protect eavesdropping when you perform device-management task? (Choose two) A.    use SNMPv2B.    use SSH connectionC.    use SNMPv3D.    use in-band managementE.    use out-band management Answer: BCExplanation:These management plane protocols are encrypted. QUESTION 179Which firewall configuration must you perform to allow traffic to flow in both directions between two zones? A.    You can configure a single zone pair that allows bidirectional traffic flows from for any zone except the self-zoneB.    You must configure two zone pairs, one for each directionC.    You can configure a single zone pair that allows bidirectional traffic flows for any zoneD.    You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone. Answer: BExplanation:A single zone pair is NOT bidirectional, so you must have two pairs to cover both directions. QUESTION 180Which three ways does the RADIUS protocol differ from TACACS?? (Choose three) A.    RADIUS authenticates and authorizes simultaneously. Causing fewer packets to be transmittedB.    RADIUS encrypts only the password field in an authentication packetsC.    RADIUS can encrypt the entire packet that is sent to the NASD.    RADIUS uses UDP to communicate with the NASE.    RADIUS uses TCP to communicate with the NASF.    RADIUS support per-command authentication Answer: ABDExplanation:TACACS+ encypts the entire body of the packet and supports per-command-authentication for greater granularity. There is no doubt that Lead2pass is the top IT certificate exam material provider. All the braindumps are the latest and tested by senior Cisco lecturers and experts. Get the 210-260 exam braindumps in Lead2pass, and there would be no suspense to pass the exam. 210-260 new questions on Google Drive: 2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-27 09:35:44 Post date GMT: 2017-07-27 09:35:44 Post modified date: 2017-07-27 09:35:44 Post modified date GMT: 2017-07-27 09:35:44 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from