Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May Cisco Official New Released 210-260
100% Free Download! 100% Pass Guaranteed!
Implementing Cisco Network Security
Question No: 211
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
-
Rate-Based Prevention
-
Portscan Detection
-
IP Defragmentation
-
Inline Normalization
Answer: A
Question No: 212
Which IOS command is used to define the authentication key for NTP?
-
Switch(config)#ntp authentication-key 1 md5 C1sc0
-
Switch(config)#ntp trusted-key 1
-
Switch(config)#ntp source 192.168.0.1
-
Switch(config)#ntp authenticate
Answer: A
Question No: 213
Which three statements about host-based IPS are true? (Choose three.)
-
It can view encrypted files.
-
It can have more restrictive policies than network-based IPS.
-
It can generate alerts based on behavior at the desktop level.
-
It can be deployed at the perimeter.
-
It uses signature-based policies.
-
It works with deployed firewalls.
Answer: A,B,C
Question No: 214
Refer to the exhibit.
While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?
-
IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.
-
IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.
-
IPSec Phase 1 is down due to a QM_IDLE state.
-
IPSec Phase 2 is down due to a QM_IDLE state.
Answer: A
Question No: 215
What configuration allows AnyConnect to automatically establish a VPN session when a user logs in to the computer?
-
always-on
-
proxy
-
transparent mode
-
Trusted Network Detection
Answer: A
Question No: 216
What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?
-
5 seconds
-
10 seconds
-
15 seconds
-
20 seconds
Answer: A
Question No: 217
Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)
-
Modifying packets
-
Requesting connection blocking
-
Denying packets
-
Resetting the TCP connection
-
Requesting host blocking
-
Denying frames
Answer: B,D,E
Question No: 218
What is one requirement for locking a wired or wireless device from ISE?
-
The ISE agent must be installed on the device.
-
The device must be connected to the network when the lock command is executed.
-
The user must approve the locking action.
-
The organization must implement an acceptable use policy allowing device locking.
Answer: A
Question No: 219
What are the three layers of a hierarchical network design? (Choose three.)
-
access
-
core
-
distribution
-
user
-
server
-
Internet
Answer: A,B,C
Question No: 220
Which two statements about stateless firewalls are true? (Choose two.)
-
They compare the 5-tuple of each incoming packet against configurable rules.
-
They cannot track connections.
-
They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
-
Cisco IOS cannot implement them because the platform is stateful by nature.
-
The Cisco ASA is implicitly stateless because it blocks all traffic by default.
Answer: A,B