This page was exported from Braindump2go Exam Dumps Free Download
[
https://www.pass4surevce.com
]
Export date: Fri Mar 29 12:33:32 2024 / +0000 GMT
2017 Oct New 210-260 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 210-250 Questions: 1.|2017 New 210-260 Exam Dumps (PDF & VCE) 362Q&As Download: 2.|2017 New 210-260 Exam Questions & Answers Download: QUESTION 136 A. Anomaly. Answer: B QUESTION 137 A. Stateful inspection of multicast traffic is supported only for the self-zone. Answer: C QUESTION 138 A. Middleware Answer: C QUESTION 139 A. holistic understanding of threats Answer: D QUESTION 140 A. Trust Answer: E QUESTION 141 A. SHA-384 Answer: AE QUESTION 142 A. It requests the administrator to choose between erasing all device data or only managed corporate data. Answer: A QUESTION 143 A. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server Answer: A QUESTION 144 A. View the alert on the IPS Answer: E QUESTION 145 A. the Cisco ASA is implicitly stateless because it blocks all traffic by default. Answer: BC QUESTION 146 A. Next Header Answer: ACD QUESTION 147 A. promiscuous for hosts in the PVLAN Answer: C QUESTION 148 A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2 Answer: A QUESTION 149 A. IPSec Phase 2 established between 10.10.10.2 and 10.1.1.5 Answer: B QUESTION 150 A. Edit the crypto keys on R1 and R2 to match. Answer: A 1.|2017 New 210-260 Exam Dumps (PDF & VCE) 362Q&As Download: 2.|2017 New 210-260 Study Guide Video: YouTube Video: YouTube.com/watch?v=9yy5IlptXYw
https://www.braindump2go.com/210-260.html
https://drive.google.com/drive/folders/0B75b5xYLjSSNV1RGaFJYZkxGWFk?usp=sharing
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
B. Rate-Based Prevention
C. Portscan Detection
D. Inline Normalization
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
B. Stateful inspection of multicast traffic is supported only between the self-zone and the internal zone.
C. Only control plane policing can protect the control plane against multicast traffic.
D. Stateful inspection of multicast traffic is supported only for the internal zone
Explanation:
Stateful inspection of multicast traffic is NOT supported by Cisco Zone based firewalls OR Cisco Classic firewall.
Which of encryption technology has the broadcast platform support to protect operating systems?
B. Hardware
C. software
D. file-level
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?
B. graymail management and filtering
C. signature-based IPS
D. contextual analysis
Which Sourfire secure action should you choose if you want to block only malicious traffic from a particular end-user?
B. Block
C. Allow without inspection
D. Monitor
E. Allow with inspection
Explanation:
Allow with Inspection allows all traffic except for malicious traffic from a particular end-user. The other options are too restrictive, too permissive, or don't exist.
Which two next-generation encryption algorithms does Cisco recommends? (Choose two)
B. MD5
C. DH-1024
D. DES
E. AES
F. 3DES
Explanation:
From Cisco documentation:
A. SHA-384 - YES
B. MD5 - NO
C. DH-1024 - NO
D. DES - NO
E. AES - YES (CBC, or GCM modes)
F. 3DES - Legacy
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?
B. It requests the administrator to enter the device PIN or password before proceeding with the operation
C. It immediately erases all data on the device.
D. It notifies the device user and proceeds with the erase operation
How does a device on a network using ISE receive its digital certificate during the new-device registration process?
B. The device request a new certificate directly from a central CA
C. ISE issues a pre-defined certificate from a local database
D. ISE issues a certificate from its internal CA server.
Explanation:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide.pdf
How can you detect a false negative on an IPS?
B. Use a third-party to audit the next-generation firewall rules
C. Review the IPS console
D. Review the IPS log
E. Use a third-party system to perform penetration testing
Explanation:
Only penetration testing can confirm this. All the other options lead to inconclusive results and may still result in false negatives.
Which two statement about stateless firewalls is true? (Choose two)
B. They compare the 5-tuple of each incoming packets against configurable rules.
C. They cannot track connections..
D. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS..
E. Cisco IOS cannot implement them because the platform is Stateful by nature
Explanation:
5-tuple is: source/destination IP, ports, and protocols. Stateless firewalls cannot track connections.
Which three ESP fields can be encrypted during transmission? (Choose three)
B. MAC Address
C. Padding
D. Pad Length
E. Sequence Number
F. Security Parameter Index
Explanation:
The last encrypted part is the Payload Data. The unencrypted parts are the Security Parameter Index and the Sequence Number.
Which type of PVLAN port allows host in the same VLAN to communicate directly with the other?
B. span for hosts in the PVLAN
C. Community for hosts in the PVLAN
D. isolated for hosts in the PVLAN
Explanation:
Hosts in the same PVLAN Community can communicate with one another.
Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows?
B. IKE Phase 1 main mode has successfully negotiate between 10.1.1.5 and10.10.10.2
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2
D. IKE Phase 1 aggressive mode was create on 10.1.1.5, but it failed to negotiate with 10.10.10.2
Explanation:
The MM_NO_STATE state indicates that the phase 1 policy does not match on both sides, therefore main mode failed to negotiate. Aggressive mode is indicated by AG instead of MM.
Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows?
B. IPSec Phase 1 established between 10.10.10.2 and 10.1.1.5
C. IPSec Phase 2 is down due to a QM_IDLE state.
D. IPSec Phase 1 is down due to a QM_IDLE state.
Explanation:
An IDLE state is good and means that the connection and key exchange have taken place successfully. QM indicates that the device is ready for phase 2 (quick mode) and subsequent data transfer.
Refer to the exhibit. You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?
B. Edit the crypto isakmp key command on each router with the address value of its own interface
C. Edit the ISAKMP policy sequence numbers on R1 and R2 to match.
D. set a valid value for the crypto key lifetime on each router.
Explanation:
The crypto keys don't match here. I've inferred and assumed that the destination address at the end of the "Crypto isakmp key test12345 address 10.30.30.5" line is the IP address of R1. By extension, this would produce an MM_NO_STATE state if you ran the "show crypto isakmp sa" command, as it would never connect to begin phase 1.
!!!RECOMMEND!!!
https://www.braindump2go.com/210-260.html
Post date: 2017-10-12 07:00:13
Post date GMT: 2017-10-12 07:00:13
Post modified date: 2017-10-12 07:00:13
Post modified date GMT: 2017-10-12 07:00:13
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com