P.S. High quality 210-260 dumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1u7BcgqmqDDlTlAmyYzNOinySaw8gbPuD
New Cisco 210-260 Exam Dumps Collection (Question 2 - Question 11)
Question No: 2
With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)
A. traffic flowing between a zone member interface and any interface that is not a zone member
B. traffic flowing to and from the router interfaces (the self zone)
C. traffic flowing among the interfaces that are members of the same zone
D. traffic flowing among the interfaces that are not assigned to any zone
E. traffic flowing between a zone member interface and another interface that belongs in a different zone
F. traffic flowing to the zone member interface that is returned traffic
Answer: B,C,D
Explanation:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml
Rules For Applying Zone-Based Policy Firewall
Router network interfacesu2021 membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:
A zone must be configured before interfaces can be assigned to the zone. An interface can be assigned to only one security zone.
All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.
Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone. In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.
Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones. Interfaces that have not been assigned to a zone function as classical router ports and
might still use classical stateful inspection/CBAC configuration.
If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.
From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).
The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.
Question No: 3
Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)
A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
B. authenticating administrator access to the router console port, auxiliary port, and vty ports
C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
D. tracking Cisco NetFlow accounting statistics
E. securing the router by locking down all unused services
F. performing router commands authorization using TACACS+
Answer: A,B,F
Explanation:
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.htm l
Need for AAA Services
Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server.
Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes.
AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+.
The information can also be stored locally on the access server or router. Remote security servers, such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which define the access rights with the appropriate user. All authorization methods must be defined through AAA.
Question No: 4
what causes a client to be placed in a guest or restricted VLAN on an 802.1x enabled network?
A. client entered wrong credentials multiple times.
B. client entered wrong credentials First time.
Answer: A
Question No: 5
Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own?
A. white hat hacker
B. hacktivist
C. phreaker
D. script kiddy
Answer: D
Question No: 6
How can FirePOWER block malicious email attachments?
A. It forwards email requests to an external signature engine.
B. It scans inbound email messages for known bad URLs.
C. It sends the traffic through a file policy.
D. It sends an alert to the administrator to verify suspicious email messages.
Answer: C
Question No: 7
A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting?
A. Ensure that the RDP2 plug-in is installed on the VPN gateway
B. Reboot the VPN gateway
C. Instruct the user to reconnect to the VPN gateway
D. Ensure that the RDP plug-in is installed on the VPN gateway
Answer: D
Question No: 8
Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscuous port.
B. The isolated port can communicate with other isolated ports and the promiscuous port.
C. The isolated port can communicate only with community ports.
D. The isolated port can communicate only with other isolated ports.
Answer: A
Question No: 9
Which type of encryption technology has the broadest platform support to protect operating systems?
A. software
B. hardware
C. middleware
D. file-level
Answer: A
Question No: 10
What command can you use to verify the binding table status?
A. show ip dhcp snooping database
B. show ip dhcp snooping binding
C. show ip dhcp snooping statistics
D. show ip dhcp pool
E. show ip dhcp source binding
F. show ip dhcp snooping
Answer: A
Question No: 11
What feature defines a campus area network?
A. It has a single geographic location.
B. It has limited or restricted Internet access.
C. It has a limited number of segments.
D. it lacks external connectivity.
Answer: A
Recommend!! Get the High quality 210-260 dumps in VCE and PDF From Thedumpscentre, Welcome to download: http://www.thedumpscentre.com/210-260-dumps/ (New 310 Q&As Version)