[Aug 2016] ccna security exam

Exam Code: 210-260 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Network Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 210-260 Exam.

2016 Aug 210-260 Study Guide Questions:

Q11. What is a reason for an organization to deploy a personal firewall? 

A. To protect endpoints such as desktops from malicious activity. 

B. To protect one virtual network segment from another. 

C. To determine whether a host meets minimum security posture requirements. 

D. To create a separate, non-persistent virtual environment that can be destroyed after a session. 

E. To protect the network from DoS and syn-flood attacks. 

Answer: A 

Q12. Which two services define cloud networks? (Choose two.) 

A. Infrastructure as a Service 

B. Platform as a Service 

C. Security as a Service 

D. Compute as a Service 

E. Tenancy as a Service 

Answer: A,B 



Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements. 

New additional connectivity requirements: 

. Currently, the ASA configurations only allow on the Inside and DMZ networks to access any hosts on the Outside. Your task is to use ASDM to configure the ASA to also allow any host only on the Outside to HTTP to the DMZ server. The hosts on the Outside will need to use the public IP address when HTTPing to the DMZ server. 

. Currently, hosts on the ASA higher security level interfaces are not able to ping any hosts on the lower security level interfaces. Your task in this simulation is to use ASDM to enable the ASA to dynamically allow the echo-reply responses back through the ASA. 

Once the correct ASA configurations have been configured: 

. You can test the connectivity to from the Outside PC browser. 

. You can test the pings to the Outside (www.cisco.com) by opening the inside PC command prompt window. In this simulation, only testing pings to www.cisco.com will work. 

To access ASDM, click the ASA icon in the topology diagram. 

To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram. 

To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram. 


After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes. 

Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements. 

In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM. 

Answer: Follow the explanation part to get answer on this sim question. 

210-260  practice question

Improve ccna security certification:

Q14. What is one requirement for locking a wired or wireless device from ISE? Cisco 210-260 : Practice Test 

A. The ISE agent must be installed on the device. 

B. The device must be connected to the network when the lock command is executed. 

C. The user must approve the locking action. 

D. The organization must implement an acceptable use policy allowing device locking. 

Answer: A 

Q15. How does a zone-based firewall implementation handle traffic between interfaces in the same zone? 

A. Traffic between two interfaces in the same zone is allowed by default. 

B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. 

C. Traffic between interfaces in the same zone is always blocked. 

D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair. 

Answer: A 

Q16. What is an advantage of placing an IPS on the inside of a network? 

A. It can provide higher throughput. 

B. It receives traffic that has already been filtered. 

C. It receives every inbound packet. 

D. It can provide greater security. 

Answer: B 


Tested ccna security certification:

Q17. Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) 

A. QoS 

B. traffic classification 

C. access lists 

D. policy maps 

E. class maps 

F. Cisco Express Forwarding 

Answer: A,B 

Q18. What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? 

A. split tunneling 

B. hairpinning 

C. tunnel mode 

D. transparent mode 

Answer: A 

Q19. Which Sourcefire logging action should you choose to record the most detail about a connection? 

A. Enable logging at the end of the session. 

B. Enable logging at the beginning of the session. 

C. Enable alerts via SNMP to log events off-box. 

D. Enable eStreamer to log events off-box. 

Answer: A 

Q20. If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? 

A. root guard 

B. EtherChannel guard 

C. loop guard 

D. BPDU guard 

Answer: A 

About 210-260 Information: 210-260 Dumps