Cisco 210-260 Dumps For Preparation

Get 100% Real and Updated ccna security study guide: exam 210-260 pdf file. Try It Now! Pass in First Attempt that is only possible with the help of DumpsSchool ccna security exam questions.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: (FREE VERSION!!!)

Question No. 1

Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

Answer: A

If you want to allow traffic between two zones, such as between the inside zone (using interfaces facing the inside network) and the outside zone (interfaces facing the Internet or less trusted networks), you must create a policy for traffic between the two zones, and that is where a zone pair comes into play. A zone pair, which is just a configuration on the router, is created identifying traffic sourced from a device in one zone and destined for a device in the second zone. The administrator then associates a set of rules (the policy) for this unidirectional zone pair, such as to inspect the traffic, and then applies that policy to the zone pair.

Source: Cisco Official Certification Guide, Zones and Why We Need Pairs of Them, p.380

Question No. 2

Which term refers to the electromagnetic interface that can radiate from network cables?

Answer: B

Question No. 3

Which two features are commonly used by CoPP and CPPr to protect the control plane?

Answer: A, B

For example, you can specify that management traffic, such as SSH/HTTPS/SSL and so on, can be ratelimited (policed) down to a specific level or dropped completely.

Another way to think of this is as applying quality of service (QoS) to the valid management traffic and policing to the bogus management traffic.

Source: Cisco Official Certification Guide, Table 10-3 Three Ways to Secure the Control Plane, p.269

Question No. 4

Which command do you enter to verify the status and settings of an IKE Phase 1 tunnel?

Answer: C

Question No. 5

When is the default deny all policy an exception in zone-based firewalls?

Answer: A

Question No. 6

How can you protect CDP from reconnaissance attacks?

Answer: B

Question No. 7

When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignature?

Answer: B

Question No. 8

What features can protect the data plane? (Choose three.)

Answer: B, D, F

+ Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs that deny traffic that is not allowed.

+ Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your network (from the outside) that claim to have a source IP address that is from your internal network.

+ Dynamic Host Configuration Protocol (DHCP) snooping to prevent a rogue DHCP server from handing out incorrect default gateway information and to protect a DHCP server from a starvation attack Source: Cisco Official Certification Guide, Best Practices for Protecting the Data Plane , p.271

210-260 Dumps Google Drive: (Limited Version!!!)

Related Certification: