[Feb 2019] ccna security 210 260 dumps pdf

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/210-260-dumps.html

Exam Code: 210 260 pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: IINS Implementing Cisco Network Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass ccna security 210 260 official cert guide Exam.

P.S. Free 210-260 secret are available on Google Drive, GET MORE: https://drive.google.com/open?id=1gwjXgAJefTuogS03f-ww4R_KL-qD9880

New Cisco 210-260 Exam Dumps Collection (Question 4 - Question 13)

Question No: 4

Which port should (or would) be open if VPN NAT-T was enabled

A. port 500

B. port 500 outside interface

C. port 4500 outside interface

D. port 4500 ipsec

Answer: D

Question No: 5

Which security zone is automatically defined by the system?

A. The source zone

B. The self zone

C. The destination zone

D. The inside zone

Answer: B

Question No: 6

Which type of Cisco ASA access list entry can be configured to match multiple entries in a single statement?

A. nested object-class

B. class-map

C. extended wildcard matching

D. object groups

Answer: D


Reference: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html

Information About Object Groups

By grouping like objects together, you can use the object group in an ACE instead of having to enter an ACE for each object separately. You can create the following types of object groups:




u2022ICMP type

For example, consider the following three object groups:

u2022MyServices u2014 Includes the TCP and UDP port numbers of the service requests that are allowed access to the internal network.

u2022TrustedHosts u2014 Includes the host and network addresses allowed access to the greatest range of services and servers.

u2022PublicServers u2014 Includes the host addresses of servers to which the greatest access is provided.

After creating these groups, you could use a single ACE to allow trusted hosts to make

specific service requests to a group of public servers. You can also nest object groups in other object groups.

Question No: 7


In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.

To see all the menu options available on the left navigation pane, you may also need to un- expand the expanded menu first.

Which four tunneling protocols are enabled in the DfltGrpPolicy group policy? (Choose four)

A. Clientless SSL VPN

B. SSL VPN Client


D. L2TP/IPsec

E. IPsec IKEv1

F. IPsec IKEv2

Answer: A,D,E,F


By clicking one the Configuration-> Remote Access -> Clientless CCL VPN Access-> Group Policies tab you can view the DfltGrpPolicy protocols as shown below:

Question No: 8

Which command do you enter to enable authentication for OSPF on an interface?

A. router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS

B. router(config-router)#area 0 authentication message-digest

C. router(config-router)#ip ospf authentication-key CISCOPASS

D. router(config-if)#ip ospf authentication message-digest

Answer: D

Question No: 9

Which two authentication types does OSPF support? (Choose two.)

A. plaintext

B. MD5


D. AES 256

E. SHA-1


Answer: A,B

Question No: 10

Which statement about IOS privilege levels is true?

A. Each privilege level supports the commands at its own level and all levels below it.

B. Each privilege level supports the commands at its own level and all levels above it.

C. Privilege-level commands are set explicitly for each user.

D. Each privilege level is independent of all other privilege levels.

Answer: A

Question No: 11

Which statement about zone-based firewall configuration is true?

A. Traffic is implicitly denied by default between interfaces the same zone

B. Traffic that is desired to or sourced from the self-zone is denied by default

C. The zone must be configured before a can be assigned

D. You can assign an interface to more than one interface

Answer: C

Question No: 12

What is the effect of the ASA command crypto isakmp nat-traversal?

A. It opens port 4500 only on the outside interface.

B. It opens port 500 only on the inside interface.

C. It opens port 500 only on the outside interface.

D. It opens port 4500 on all interfaces that are IPSec enabled.

Answer: D

Question No: 13

What is the actual IOS privilege level of User Exec mode?

A. 1

B. 0

C. 5

D. 15

Answer: A

Explanation: By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.

Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpas s.html

Click to learn more regarding http://www.exam4collection.com/vce/210-260/

100% Regenerate Cisco 210-260 Questions & Answers shared by 2passeasy, Get HERE: https://www.2passeasy.com/dumps/210-260/ (New 387 Q&As)