[2017 New] 210-260 Exam Questions Free Download From Lead2pass (161-180)

2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is one of the leading exam preparation material providers. Its updated 210-260 braindumps in PDF can ensure most candidates pass the exam without too much effort. If you are struggling for the 210-260 exam, it will be a wise choice that get help from Lead2pass.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html

QUESTION 161
What configuration allows AnyConnect to authenticate automatically establish a VPN session when a user logs in to the computer?

A.    proxy
B.    Trusted Network Detection
C.    transparent mode
D.    always-on

Answer: D

QUESTION 162
Which statement about the communication between interfaces on the same security level is true?

A.    All Traffic is allowed by default between interfaces on the same security level.
B.    Interface on the same security level require additional configuration to permit inter-interface communication.
C.    Configuring interface on the same security level can cause asymmetric routing.
D.    You can configure only one interface on an individual security level.

Answer: B
Explanation:
The following command allows traffic of the same security level:
hostname(config)# same-security-traffic permit inter-interface

QUESTION 163
You have implemented Sourcefire IPS and configure it to block certain addresses utilizing security intelligence IP Addresses Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address?

A.    create a user based access control rule to allow the traffic.
B.    create a custom blacklist to allow the traffic.
C.    create a whitelist and add the appropriate IP address to allow the traffic.
D.    create a rule to bypass inspection to allow the traffic.

Answer: C
Explanation:
Custom whitelists override blacklists and mitigate false positives.

QUESTION 164
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?

A.    STP BPDU guard
B.    loop guard
C.    STP Root guard
D.    EtherChannel guard

Answer: A

QUESTION 165
Which feature filters CoPP packets?

A.    Policy maps
B.    route maps
C.    access control lists
D.    class maps

Answer: C

QUESTION 166
In which type of attack does an attacker send email message that ask the recipient to click a link such as https://www.cisco.net.cc/securelogs?

A.    pharming
B.    phishing
C.    solicitation
D.    secure transaction

Answer: B

QUESTION 167
If the router ospf 200 command, what does the value 200 stands for?

A.    Administrative distance value
B.    process ID
C.    area ID.
D.    ABR ID

Answer: B
Explanation:
Recall that the area is defined in the following command:
hostname(config-router)# network 10.0.0.0 255.0.0.0 area 0

QUESTION 168
Your security team has discovered a malicious program that has been harvesting the CEO’s email messages and the company’s user database for the last 6 months.
What type of attack did your team discover? (Choose two.)

A.    social activism
B.    drive-by spyware
C.    targeted malware
D.    advance persistent threat
E.     polymorphic Virus

Answer: CD

QUESTION 169
What is the best way to confirm that AAA authentication is working properly?

A.    use the test aaa command
B.    use the Cisco-recommended configuration for AAA authentication
C.    Log into and out of the router, and then check the NAS authentication log
D.    Ping the NAS to confirm connectivity

Answer: A
Explanation:
The other choices do not verify functionality.
There is a test aaa command in IOS, just tried it in my lab:
R1#test aaa group radius admin cisco123 new-code
User successfully authenticated
USER ATTRIBUTES

QUESTION 170
What is the benefit of web application firewall?

A.    It accelerate web traffic
B.    It blocks know vulnerabilities without patching applications
C.    It supports all networking protocols.
D.    It simplifies troubleshooting

Answer: B

QUESTION 171
What improvement does EAP-FASTv2 provide over EAP-FAST?

A.    It support more secure encryption protocols.
B.    It allows multiple credentials to be passed in a single EAP exchange
C.    It addresses security vulnerabilities found in the original protocol.
D.    It allows faster authentication by using fewer packets.

Answer: B
Explanation:
EAP Chaining with EAP-FASTv2: As an enhancement to EAP-FAST, a differentiation was made to have a User PAC and a Machine PAC. After a successful machine-authentication, ISE will issue a Machine-PAC to the client. Then, when processing a user-authentication, ISE will request the Machine-PAC to prove that the machine was successfully authenticated, too. This is the first time in 802.1X history that multiple credentials have been able to be authenticated within a single EAP transaction, and it is known as “EAP Chaining.”

QUESTION 172
Which statement about IOS privilege levels is true?

A.    Each privilege level is independent of all other privilege levels.
B.    Each privilege level supports the commands at its own level and all levels above it.
C.    Each privilege level supports the commands at its own level and all levels below it.
D.    Privilege-level commands are set explicitly for each user.

Answer: C

QUESTION 173
What mechanism does asymmetric cryptography use to secure data?

A.    an RSA nonce
B.    a public/private key pair.
C.    an MD5 hash.
D.    shared secret keys.

Answer: B

QUESTION 174
Which statement about application blocking is true?

A.    Block access to specific program.
B.    Block access to specific network addresses.
C.    Block access to specific network services
D.    Block access to files with specific extensions.

Answer: A

QUESTION 175
What are the three layers of a hierarchical network design? (Choose three.)

A.    core
B.    access
C.    server
D.    user
E.    internet
F.    distribution

Answer: ABF

QUESTION 176
In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?

A.    gratuitous ARP
B.    MAC flooding
C.    MAC spoofing
D.    DoS

Answer: B
Explanation:
Switch goes into fail-open mode, becomes a hub.

QUESTION 177
Refer to the exhibit. With which NTP server has the router synchronized?

 

A.    192.168.10.7
B.    108.61.73.243
C.    209.114.111.1
D.    204.2.134.164
E.    132.163.4.103
F.    241.199.164.101

Answer: A
Explanation:
Because you have to refer to our_master , which is only showing on 192.168.10.07. on the rest of them you nothing showing.
“our_master” term lists selected synchronization server at the beginning of the line.

QUESTION 178
What are two ways to protect eavesdropping when you perform device-management task? (Choose two)

A.    use SNMPv2
B.    use SSH connection
C.    use SNMPv3
D.    use in-band management
E.    use out-band management

Answer: BC
Explanation:
These management plane protocols are encrypted.

QUESTION 179
Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

A.    You can configure a single zone pair that allows bidirectional traffic flows from for any zone except the self-zone
B.    You must configure two zone pairs, one for each direction
C.    You can configure a single zone pair that allows bidirectional traffic flows for any zone
D.    You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

Answer: B
Explanation:
A single zone pair is NOT bidirectional, so you must have two pairs to cover both directions.

QUESTION 180
Which three ways does the RADIUS protocol differ from TACACS?? (Choose three)

A.    RADIUS authenticates and authorizes simultaneously. Causing fewer packets to be transmitted
B.    RADIUS encrypts only the password field in an authentication packets
C.    RADIUS can encrypt the entire packet that is sent to the NAS
D.    RADIUS uses UDP to communicate with the NAS
E.    RADIUS uses TCP to communicate with the NAS
F.    RADIUS support per-command authentication

Answer: ABD
Explanation:
TACACS+ encypts the entire body of the packet and supports per-command-authentication for greater granularity.

There is no doubt that Lead2pass is the top IT certificate exam material provider. All the braindumps are the latest and tested by senior Cisco lecturers and experts. Get the 210-260 exam braindumps in Lead2pass, and there would be no suspense to pass the exam.

210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRVJLdVdkMjFoQVk

2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass:

https://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed]