Best Study Materil For 210-260 Exam

DumpsSchool is offering valid and authentic CCNA Security 210-260 Dumps PDF format with comprehensive knowledge of Cisco network security. Your chances of success in the 210-260 exam are enhanced by using this preparation material.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: (FREE VERSION!!!)

Question No. 1

How can you protect CDP from reconnaissance attacks?

Answer: B

Question No. 2

Which IDS/IPS state misidentifies acceptable behavior as an attack?

Answer: A

Question No. 3

What type of firewall can perform deep packet inspection?

Answer: A

Question No. 4

What port option in a PVLAN that can communicate with every other port?

Answer: A

+ Promiscuous — A promiscuous port belongs to the primary VLAN. The promiscuous port can communicate with all interfaces, including the community and isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated with the primary VLAN.

+ Isolated — An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain, except that it can communicate with associated promiscuous ports

+ Community — A community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports Source: CLIConfigurationGuide/PrivateVLANs.html

Question No. 5

What hash type does Cisco use to validate the integrity of downloaded images?

Answer: C

The MD5 File Validation feature, added in Cisco IOS Software Releases 12.2(4)T and 12.0(22)S, allows network administrators to calculate the MD5 hash of a Cisco IOS software image file that is loaded on a device.

It also allows administrators to verify the calculated MD5 hash against that provided by the user. Once the MD5 hash value of the installed Cisco IOS image is determined, it can also be compared with the MD5 hash provided by Cisco to verify the integrity of the image file.

verify /md5 filesystem:filename [md5-hash]


Question No. 6

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)

Answer: A, F

The Suite B next-generation encryption (NGE) includes algorithms for authenticated encryption, digital signatures, key establishment, and cryptographic hashing, as listed here:

+ Elliptic Curve Cryptography (ECC) replaces RSA signatures with the ECDSA algorithm + AES in the Galois/Counter Mode (GCM) of operation

+ ECC Digital Signature Algorithm

+ SHA-256, SHA-384, and SHA-512

Source: Cisco Official Certification Guide, Next-Generation Encryption Protocols, p.97

Question No. 7

Which two attack types can be prevented with the implementation of a Cisco IPS solution? (Choose two)

Answer: D, E

Question No. 8

Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X


Answer: D

210-260 Dumps Google Drive: (Limited Version!!!)

Related Certification:

Leave a Reply

Your email address will not be published. Required fields are marked *