Cisco CCNA Security 210-260 Exam Preparation

By | December 5, 2019

ccna security study guide: exam 210-260 pdf file VCE exam dumps. Get 100% Free Real Cisco CCNA Security 210-260 exam dumps with verified answers from trusted platform.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Which security zone is automatically defined by the system?

Answer: B

A zone is a logical area where devices with similar trust levels reside. For example, we could define a DMZ for devices in the DMZ in an organization. A zone is created by the administrator, and then interfaces can be assigned to zones. A zone can have one or more interfaces assigned to it. Any given interface can belong to only a single zone. There is a default zone, called the self zone, which is a logical zone.

Source: Cisco Official Certification Guide, Zones and Why We Need Pairs of Them, p.380

Question No. 2

Which two default settings for port security are true? (Choose two.)

Answer: A, E

Question No. 3

A user on your network inadvertently activates a botnet program that was received as an email attachment Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?

Answer: B

Question No. 4

Which of the following statements about access lists are true? (Choose three.)

Answer: B, C, E

Source: http://www.ciscopress.com/articles/article.asp?p=1697887

Standard ACL

1) Able Restrict, deny & filter packets by Host Ip or subnet only.

2) Best Practice is put Std. ACL restriction near from Source Host/Subnet (Interface-In-bound).

3) No Protocol based restriction. (Only HOST IP).

Extended ACL

1) More flexible then Standard ACL.

2) You can filter packets by Host/Subnet as well as Protocol/TCPPort/UDPPort.

3) Best Practice is put restriction near form Destination Host/Subnet. (Interface-Outbound)

Question No. 5

How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?

Answer: C

Question No. 6

Which command do you enter to verify that a VPN connection is established between two endpoints and that the connection is passing traffic?

Answer: A

Question No. 7

which port should (or would) be open if VPN NAT-T was enabled

Answer: D

NAT traversal: The encapsulation of IKE and ESP in UDP port 4500 enables these protocols to pass through a device or firewall performing NAT.

Source: https://en.wikipedia.org/wiki/Internet_Key_Exchange

Also a good reference

Source: https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

Question No. 8

What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?

Answer: A

Split tunneling is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of, a Local Area Network (LAN) Network Interface Card (NIC), radio NIC, Wireless Local Area Network (WLAN) NIC, and VPN client software application without the benefit of access control.

Source: https://en.wikipedia.org/wiki/Split_tunneling

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html

Leave a Reply

Your email address will not be published. Required fields are marked *