[Free] 2018(Apr) EnsurePass Braindumps Cisco 210-260 Dumps with VCE and PDF 211-220

Ensurepass.com : Ensure you pass the IT Exams
2018 Apr Cisco Official New Released 210-260
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Network Security

Question No: 211

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

  1. Rate-Based Prevention

  2. Portscan Detection

  3. IP Defragmentation

  4. Inline Normalization

Answer: A

Question No: 212

Which IOS command is used to define the authentication key for NTP?

  1. Switch(config)#ntp authentication-key 1 md5 C1sc0

  2. Switch(config)#ntp trusted-key 1

  3. Switch(config)#ntp source 192.168.0.1

  4. Switch(config)#ntp authenticate

Answer: A

Question No: 213

Which three statements about host-based IPS are true? (Choose three.)

  1. It can view encrypted files.

  2. It can have more restrictive policies than network-based IPS.

  3. It can generate alerts based on behavior at the desktop level.

  4. It can be deployed at the perimeter.

  5. It uses signature-based policies.

  6. It works with deployed firewalls.

Answer: A,B,C

Question No: 214

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

  1. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

  2. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.

  3. IPSec Phase 1 is down due to a QM_IDLE state.

  4. IPSec Phase 2 is down due to a QM_IDLE state.

Answer: A

Question No: 215

What configuration allows AnyConnect to automatically establish a VPN session when a user logs in to the computer?

  1. always-on

  2. proxy

  3. transparent mode

  4. Trusted Network Detection

Answer: A

Question No: 216

What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

  1. 5 seconds

  2. 10 seconds

  3. 15 seconds

  4. 20 seconds

Answer: A

Question No: 217

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

  1. Modifying packets

  2. Requesting connection blocking

  3. Denying packets

  4. Resetting the TCP connection

  5. Requesting host blocking

  6. Denying frames

Answer: B,D,E

Question No: 218

What is one requirement for locking a wired or wireless device from ISE?

  1. The ISE agent must be installed on the device.

  2. The device must be connected to the network when the lock command is executed.

  3. The user must approve the locking action.

  4. The organization must implement an acceptable use policy allowing device locking.

Answer: A

Question No: 219

What are the three layers of a hierarchical network design? (Choose three.)

  1. access

  2. core

  3. distribution

  4. user

  5. server

  6. Internet

Answer: A,B,C

Question No: 220

Which two statements about stateless firewalls are true? (Choose two.)

  1. They compare the 5-tuple of each incoming packet against configurable rules.

  2. They cannot track connections.

  3. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.

  4. Cisco IOS cannot implement them because the platform is stateful by nature.

  5. The Cisco ASA is implicitly stateless because it blocks all traffic by default.

Answer: A,B

100% Ensurepass Free Download!
Download Free Demo:210-260 Demo PDF
100% Ensurepass Free Guaranteed!
210-260 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *