Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May Cisco Official New Released 210-260
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Network Security

Question No: 211

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

1. Rate-Based Prevention

2. Portscan Detection

3. IP Defragmentation

4. Inline Normalization

Answer: A

Question No: 212

Which IOS command is used to define the authentication key for NTP?

1. Switch(config)#ntp authentication-key 1 md5 C1sc0

2. Switch(config)#ntp trusted-key 1

3. Switch(config)#ntp source 192.168.0.1

4. Switch(config)#ntp authenticate

Answer: A

Question No: 213

Which three statements about host-based IPS are true? (Choose three.)

1. It can view encrypted files.

2. It can have more restrictive policies than network-based IPS.

3. It can generate alerts based on behavior at the desktop level.

4. It can be deployed at the perimeter.

5. It uses signature-based policies.

6. It works with deployed firewalls.

Answer: A,B,C

Question No: 214

Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

1. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

2. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.

3. IPSec Phase 1 is down due to a QM_IDLE state.

4. IPSec Phase 2 is down due to a QM_IDLE state.

Answer: A

Question No: 215

What configuration allows AnyConnect to automatically establish a VPN session when a user logs in to the computer?

1. always-on

2. proxy

3. transparent mode

4. Trusted Network Detection

Answer: A

Question No: 216

What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

1. 5 seconds

2. 10 seconds

3. 15 seconds

4. 20 seconds

Answer: A

Question No: 217

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

1. Modifying packets

2. Requesting connection blocking

3. Denying packets

4. Resetting the TCP connection

5. Requesting host blocking

6. Denying frames

Answer: B,D,E

Question No: 218

What is one requirement for locking a wired or wireless device from ISE?

1. The ISE agent must be installed on the device.

2. The device must be connected to the network when the lock command is executed.

3. The user must approve the locking action.

4. The organization must implement an acceptable use policy allowing device locking.

Answer: A

Question No: 219

What are the three layers of a hierarchical network design? (Choose three.)

1. access

2. core

3. distribution

4. user

5. server

6. Internet

Answer: A,B,C

Question No: 220

Which two statements about stateless firewalls are true? (Choose two.)

1. They compare the 5-tuple of each incoming packet against configurable rules.

2. They cannot track connections.

3. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.

4. Cisco IOS cannot implement them because the platform is stateful by nature.

5. The Cisco ASA is implicitly stateless because it blocks all traffic by default.

Answer: A,B

100% Dumps4cert Free Download!
–Download Free Demo:210-260 Demo PDF
100% Dumps4cert Pass Guaranteed!
–210-260 Dumps

	Dumps4cert	ExamCollection	Testking
Lowest Price Guarantee	Yes	No	No
Up-to-Dated	Yes	No	No
Real Questions	Yes	No	No
Explanation	Yes	No	No
PDF VCE	Yes	No	No
Free VCE Simulator	Yes	No	No
Instant Download	Yes	No	No