Download CCNA Security -Implementing Cisco Network Security (IINS v3-0).pass4sure.210-260.2019-10-28.1e.201q.vcex

Download Exam

File Info

Exam CCNA Security - Implementing Cisco Network Security (IINS v3.0)
Number 210-260
File Name CCNA Security -Implementing Cisco Network Security (IINS v3-0).pass4sure.210-260.2019-10-28.1e.201q.vcex
Size 1.09 Mb
Posted October 28, 2019
Downloads 273
Download CCNA Security -Implementing Cisco Network Security (IINS v3-0).pass4sure.210-260.2019-10-28.1e.201q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

Which two services define cloud networks? (Choose two.)

  • A: Infrastructure as a Service
  • B: Platform as a Service
  • C: Security as a Service
  • D: Compute as a Service
  • E: Tenancy as a Service

Correct Answer: AB

The diagram below depicts the Cloud Computing stack – it shows three distinct categories within Cloud Computing: Software as a Service, Platform as a Service and Infrastructure as a Service.


A simplified way of differentiating these flavors of Cloud Computing is as follows; 
SaaS applications are designed for end-users, delivered over the web  
PaaS is the set of tools and services designed to make coding and deploying those applications quick and efficient  
IaaS is the hardware and software that powers it all – servers, storage, networks, operating systems 

Question 2

In which two situations should you use out-of-band management? (Choose two.)

  • A: when a network device fails to forward packets
  • B: when you require ROMMON access
  • C: when management applications need concurrent access to the device
  • D: when you require administrator access from multiple locations
  • E: when the control plane fails to respond

Correct Answer: AB

Out-of-band refers to an interface that allows only management protocol traffic to be forwarded or processed. An out-of-band management interface is defined by the network operator to specifically receive network management traffic. The advantage isthat forwarding (or customer) traffic cannot interfere with the management of the router, which significantly reduces the possibility of denial-of-service attacks. 
Out-of-band interfaces forward traffic only between out-of-band interfaces or terminate management packets that are destined to the router. In addition, the out-of-band interfaces can participate in dynamic routing protocols. The service provider connects to the router’s out-of-band interfaces and builds an independent overlay management network, with all the routing and policy tools that the router can provide. 

Question 3

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)

  • A: AES
  • B: 3DES
  • C: DES
  • D: MD5
  • E: DH-1024
  • F: SHA-384

Correct Answer: AF

The following table shows the relative security level provided by the recommended and NGE algorithms. The security level is the relative strength of an algorithm. An algorithm with a security level of x bits is stronger than one of y bits if x > y. If an algorithm has a security level of x bits, the relative effort it would take to "beat" the algorithm is of the same magnitude of breaking a secure x-bit symmetric key algorithm (without reduction or other attacks). The 128-bit security level is for sensitive information and the 192-bit level is for information of higher importance. 



Question 4

Which three ESP fields can be encrypted during transmission? (Choose three.)

  • A: Security Parameter Index
  • B: Sequence Number
  • C: MAC Address
  • D: Padding
  • E: Pad Length
  • F: Next Header

Correct Answer: DEF

The remaining four parts of the ESP are all encrypted during transmission across the network. Those parts are as follows:
The Payload Data is the actual data that is carried by the packet. 
The Padding, from 0 to 255 bytes of data, allows certain types of encryption algorithms to require the data to be a multiple of a certain number of bytes. The padding also ensures that the text of a message terminates ona four-byte boundary (an architectural requirement within IP). 
The Pad Length field specifies how much of the payload is padding rather than data. 
The Next Header field, like a standard IP Next Header field, identifies the type of data carried and the protocol. 

Question 5

What are two default Cisco IOS privilege levels? (Choose two.)

  • A: 0
  • B: 1
  • C: 5
  • D: 7
  • E: 10
  • F: 15

Correct Answer: BF

By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.

Question 6

Which two authentication types does OSPF support? (Choose two.)

  • A: plaintext
  • B: MD5
  • C: HMAC
  • D: AES 256
  • E: SHA-1
  • F: DES

Correct Answer: AB

These are the three different types of authentication supported by OSPF. 
Null Authentication—This is also called Type 0 and it means no authentication information is included in the packet header. It is the default. 
Plain Text Authentication—This is also called Type 1 and it uses simple clear-text passwords. 
MD5 Authentication—This is also called Type 2 and it uses MD5 cryptographic passwords. 
Authentication does not need to be set. However, if it is set, all peer routers on the same segment must have the same password and authentication method. The examples in this document demonstrate configurations for both plain text and MD5 authentication. 

Question 7

Which two features do CoPP and CPPr use to protect the control plane? (Choose two.)

  • A: QoS
  • B: traffic classification
  • C: access lists
  • D: policy maps
  • E: class maps
  • F: Cisco Express Forwarding

Correct Answer: AB

Question 8

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

  • A: Deny the connection inline.
  • B: Perform a Layer 6 reset.
  • C: Deploy an antimalware system.
  • D: Enable bypass mode.

Correct Answer: A

This action prevents the attacker from communicating with the victim on any port. However, the attacker could communicate with other hosts, making this action better suited for exploits that target a specific host. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal. 

Question 9

What is an advantage of implementing a Trusted Platform Module for disk encryption?

  • A: It provides hardware authentication.
  • B: It allows the hard disk to be transferred to another device without requiring re-encryption.dis
  • C: It supports a more complex encryption algorithm than other disk-encryption technologies.
  • D: It can protect against single points of failure.

Correct Answer: A

A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication.  
Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software. The Storage Root Key (SRK) is created when a user or administrator takes ownership of the system. This key pair is generated by the TPM based on the Endorsement Key and an owner-specified password. 

Question 10

In a security context, which action can you take to address compliance?

  • A: Implement rules to prevent a vulnerability.
  • B: Correct or counteract a vulnerability.
  • C: Reduce the severity of a vulnerability.
  • D: Follow directions from the security appliance manufacturer to remediate a vulnerability.

Correct Answer: A

Addressing compliance is an integral part of security context. It implement rules to prevent vulnerability.  





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files