Download CCNA Security -Implementing Cisco Network Security (IINS v3-0).test-king.210-260.2018-10-24.1e.162q.vcex

Download Exam

File Info

Exam CCNA Security - Implementing Cisco Network Security (IINS v3.0)
Number 210-260
File Name CCNA Security -Implementing Cisco Network Security (IINS v3-0).test-king.210-260.2018-10-24.1e.162q.vcex
Size 26.44 Mb
Posted October 24, 2018
Downloads 186
Download CCNA Security -Implementing Cisco Network Security (IINS v3-0).test-king.210-260.2018-10-24.1e.162q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

What is an advantage of placing an IPS on the inside of a network?

  • A: It can provide higher throughput.
  • B: It receives traffic that has already been filtered.
  • C: It receives every inbound packet.
  • D: It can provide greater security.

Correct Answer: B

Your IPS will generally be placed at an edge of the network, such as immediately inside an Internet firewall, or in front of a server farm. Position the IPS where it will see the bare minimum of traffic it needs to, in order to keep performance issues under tight control. 

Question 2

What is the FirePOWER impact flag used for?

  • A: A value that indicates the potential severity of an attack.
  • B: A value that the administrator assigns to each signature.
  • C: A value that sets the priority of a signature.
  • D: A value that measures the application awareness.

Correct Answer: A

The impact level in this field indicates the correlation between intrusion data, network discovery data, and vulnerability information. 

Question 3

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

  • A: Rate-Based Prevention
  • B: Portscan Detection
  • C: IP Defragmentation
  • D: Inline Normalization

Correct Answer: A

The detection_filter keyword and the thresholding and suppression features provide other ways to filter either the traffic itself or the events that the system generates. You can use rate-based attack prevention alone or in any combination with thresholding, suppression, or the detection_filter keyword to prevent SYN attacks. 

Question 4

Which Sourcefire logging action should you choose to record the most detail about a connection?

  • A: Enable logging at the end of the session.
  • B: Enable logging at the beginning of the session.
  • C: Enable alerts via SNMP to log events off-box.
  • D: Enable eStreamer to log events off-box.

Correct Answer: A

When the system detects a connection, in most cases you can log it at its beginning or its end. 
However, because blocked traffic is immediately denied without further inspection, in most cases you can log only beginning-of-connection events for blocked or blacklisted traffic; there is no unique end of connection to log. An exception occurs when you block encrypted traffic. When you enable connection logging in an SSL policy, the system logs end-of-connection rather than beginning-of-connection events. This is because the system cannot determine if a connection is encrypted using the first packet in the session, and thus cannot immediately block encrypted sessions. 

Question 5

What can the SMTP preprocessor in FirePOWER normalize?

  • A: It can extract and decode email attachments in client to server traffic.
  • B: It can look up the email sender.
  • C: It compares known threats to the email sender.
  • D: It can forward the SMTP traffic to an email filter server.
  • E: It uses the Traffic Anomaly Detector.

Correct Answer: A

Transport and network layer preprocessors detect attacks that exploit IP fragmentation, checksum validation, and TCP and UDP session preprocessing. Before packets are sent to preprocessors, the packet decoder converts packet headers and payloads into a format that can be easily used by the preprocessors and the intrusion rules engine and detects various anomalous behaviors in packet headers. After packet decoding and before sending packets to other preprocessors, the inline normalization preprocessor normalizes traffic for inline deployments. 

Question 6

You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. 
What two solutions can you use? (Choose two).

  • A: Configure a proxy server to hide users' local IP addresses.
  • B: Assign unique IP addresses to all users.
  • C: Assign the same IP address to all users.
  • D: Install a Web content filter to hide users' local IP addresses.
  • E: Configure a firewall to use Port Address Translation.

Correct Answer: AE

To restrain servers to collect IP addresses of individual users, you have to configure a proxy server to hide users’ local IP addresses and configure a firewall to use port address translation or PAT.

Question 7

You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address?

  • A: Create a whitelist and add the appropriate IP address to allow the traffic.
  • B: Create a custom blacklist to allow the traffic.
  • C: Create a user based access control rule to allow the traffic.
  • D: Create a network based access control rule to allow the traffic.
  • E: Create a rule to bypass inspection to allow the traffic.

Correct Answer: A

When a blacklist is too broad in scope, or incorrectly blocks traffic that you want to allow (for example, to vital resources), you can override a blacklist with a custom whitelist. 

Question 8

A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware.

  • A: Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list.
  • B: Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router's local URL list.
  • C: Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall's local URL list.
  • D: Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router.
  • E: Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.

Correct Answer: A

URL filtering window displays the global settings for URL filtering on the router. You can maintain the local URL list and the URL filter server list in the Additional Tasks screens or in the Application Security windows. The Global settings for URL filtering can only be maintained from this Additional Tasks window. Use the Edit Global Settings button to change these values. 

Question 9

When is the best time to perform an anti-virus signature update?

  • A: Every time a new update is available.
  • B: When the local scanner has detected a new virus.
  • C: When a new virus is discovered in the wild.
  • D: When the system detects a browser hook.

Correct Answer: A

You can automatically check for Anti-Virus signature updates from Cisco’s signature server every 24 hours or to manually check for Anti-Virus signature updates at any time by clicking Update. When a newer signature file is available on the server, the new signature file will be downloaded to your device. 

Question 10

Which statement about application blocking is true?

  • A: It blocks access to specific programs.
  • B: It blocks access to files with specific extensions.
  • C: It blocks access to specific network addresses.
  • D: It blocks access to specific network services.

Correct Answer: A

Application filters allow you to quickly create application conditions for access control rules. They simplify policy creation and administration, and grant you assurance that the system will control web traffic as expected. For example, you could create an access control rule that identifies and blocks all high risk, low business relevance applications. If a user attempts to use one of those applications, the session is blocked. 





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files