[2017-Oct.-New]100% Valid 210-260 Questions and Answers 362Q Provided by Braindump2go[136-150]

2017 Oct New 210-260 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 210-250 Questions:

1.|2017 New 210-260 Exam Dumps (PDF & VCE) 362Q&As Download:
https://www.braindump2go.com/210-260.html

 

2.|2017 New 210-260 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNV1RGaFJYZkxGWFk?usp=sharing

 

QUESTION 136
Which FirePOWER preprocessor engine is used to prevent SYN attacks?

A.    Anomaly.
B.    Rate-Based Prevention
C.    Portscan Detection
D.    Inline Normalization

Answer: B

QUESTION 137
What is the only permitted operation for processing multicast traffic on zone-based firewalls?

A.    Stateful inspection of multicast traffic is supported only for the self-zone.
B.    Stateful inspection of multicast traffic is supported only between the self-zone and the internal zone.
C.    Only control plane policing can protect the control plane against multicast traffic.
D.    Stateful inspection of multicast traffic is supported only for the internal zone

Answer: C
Explanation:
Stateful inspection of multicast traffic is NOT supported by Cisco Zone based firewalls OR Cisco Classic firewall.

QUESTION 138
Which of encryption technology has the broadcast platform support to protect operating systems?

A.    Middleware
B.    Hardware
C.    software
D.    file-level

Answer: C

QUESTION 139
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?

A.    holistic understanding of threats
B.    graymail management and filtering
C.    signature-based IPS
D.    contextual analysis

Answer: D

QUESTION 140
Which Sourfire secure action should you choose if you want to block only malicious traffic from a particular end-user?

A.    Trust
B.    Block
C.    Allow without inspection
D.    Monitor
E.    Allow with inspection

Answer: E
Explanation:
Allow with Inspection allows all traffic except for malicious traffic from a particular end-user. The other options are too restrictive, too permissive, or don’t exist.

QUESTION 141
Which two next-generation encryption algorithms does Cisco recommends? (Choose two)

A.    SHA-384
B.    MD5
C.    DH-1024
D.    DES
E.    AES
F.    3DES

Answer: AE
Explanation:
From Cisco documentation:
A. SHA-384 – YES
B. MD5 – NO
C. DH-1024 – NO
D. DES – NO
E. AES – YES (CBC, or GCM modes)
F. 3DES – Legacy

QUESTION 142
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?

A.    It requests the administrator to choose between erasing all device data or only managed corporate data.
B.    It requests the administrator to enter the device PIN or password before proceeding with the operation
C.    It immediately erases all data on the device.
D.    It notifies the device user and proceeds with the erase operation

Answer: A

QUESTION 143
How does a device on a network using ISE receive its digital certificate during the new-device registration process?

A.    ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server
B.    The device request a new certificate directly from a central CA
C.    ISE issues a pre-defined certificate from a local database
D.    ISE issues a certificate from its internal CA server.

Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide.pdf

QUESTION 144
How can you detect a false negative on an IPS?

A.    View the alert on the IPS
B.    Use a third-party to audit the next-generation firewall rules
C.    Review the IPS console
D.    Review the IPS log
E.    Use a third-party system to perform penetration testing

Answer: E
Explanation:
Only penetration testing can confirm this. All the other options lead to inconclusive results and may still result in false negatives.

QUESTION 145
Which two statement about stateless firewalls is true? (Choose two)

A.    the Cisco ASA is implicitly stateless because it blocks all traffic by default.
B.    They compare the 5-tuple of each incoming packets against configurable rules.
C.    They cannot track connections..
D.    They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS..
E.    Cisco IOS cannot implement them because the platform is Stateful by nature

Answer: BC
Explanation:
5-tuple is: source/destination IP, ports, and protocols. Stateless firewalls cannot track connections.

QUESTION 146
Which three ESP fields can be encrypted during transmission? (Choose three)

A.    Next Header
B.    MAC Address
C.    Padding
D.    Pad Length
E.    Sequence Number
F.    Security Parameter Index

Answer: ACD
Explanation:
The last encrypted part is the Payload Data. The unencrypted parts are the Security Parameter Index and the Sequence Number.

QUESTION 147
Which type of PVLAN port allows host in the same VLAN to communicate directly with the other?

A.    promiscuous for hosts in the PVLAN
B.    span for hosts in the PVLAN
C.    Community for hosts in the PVLAN
D.    isolated for hosts in the PVLAN

Answer: C
Explanation:
Hosts in the same PVLAN Community can communicate with one another.

QUESTION 148
Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows?
 

A.    IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2
B.    IKE Phase 1 main mode has successfully negotiate between 10.1.1.5 and10.10.10.2
C.    IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2
D.    IKE Phase 1 aggressive mode was create on 10.1.1.5, but it failed to negotiate with 10.10.10.2

Answer: A
Explanation:
The MM_NO_STATE state indicates that the phase 1 policy does not match on both sides, therefore main mode failed to negotiate. Aggressive mode is indicated by AG instead of MM.

QUESTION 149
Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows?
 

A.    IPSec Phase 2 established between 10.10.10.2 and 10.1.1.5
B.    IPSec Phase 1 established between 10.10.10.2 and 10.1.1.5
C.    IPSec Phase 2 is down due to a QM_IDLE state.
D.    IPSec Phase 1 is down due to a QM_IDLE state.

Answer: B
Explanation:
An IDLE state is good and means that the connection and key exchange have taken place successfully. QM indicates that the device is ready for phase 2 (quick mode) and subsequent data transfer.

QUESTION 150
Refer to the exhibit. You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?
 

A.    Edit the crypto keys on R1 and R2 to match.
B.    Edit the crypto isakmp key command on each router with the address value of its own interface
C.    Edit the ISAKMP policy sequence numbers on R1 and R2 to match.
D.    set a valid value for the crypto key lifetime on each router.

Answer: A
Explanation:
The crypto keys don’t match here. I’ve inferred and assumed that the destination address at the end of the “Crypto isakmp key test12345 address 10.30.30.5” line is the IP address of R1. By extension, this would produce an MM_NO_STATE state if you ran the “show crypto isakmp sa” command, as it would never connect to begin phase 1.


!!!RECOMMEND!!!

1.|2017 New 210-260 Exam Dumps (PDF & VCE) 362Q&As Download:
https://www.braindump2go.com/210-260.html

 

2.|2017 New 210-260 Study Guide Video:
https://youtu.be/9yy5IlptXYw

         

Categories 210-260 Dumps/210-260 Exam Questions/210-260 PDF/210-260 VCE/Cisco Exam

Post Author: mavis

Categories

Archives

Cisco Exam Dumps Download

200-301 PDF and VCE Dumps

200-901 PDF and VCE Dumps

350-901 PDF and VCE Dumps

300-910 PDF and VCE Dumps

300-915 PDF and VCE Dumps

300-920 PDF and VCE Dumps

350-401 PDF and VCE Dumps

300-410 PDF and VCE Dumps

300-415 PDF and VCE Dumps

300-420 PDF and VCE Dumps

300-425 PDF and VCE Dumps

300-430 PDF and VCE Dumps

300-435 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-801 PDF and VCE Dumps

300-810 PDF and VCE Dumps

300-815 PDF and VCE Dumps

300-820 PDF and VCE Dumps

300-835 PDF and VCE Dumps

350-801 PDF and VCE Dumps

200-201 PDF and VCE Dumps

350-601 PDF and VCE Dumps

300-610 PDF and VCE Dumps

300-615 PDF and VCE Dumps

300-620 PDF and VCE Dumps

300-625 PDF and VCE Dumps

300-635 PDF and VCE Dumps

600-660 PDF and VCE Dumps

350-601 PDF and VCE Dumps

352-001 PDF and VCE Dumps

350-701 PDF and VCE Dumps

300-710 PDF and VCE Dumps

300-715 PDF and VCE Dumps

300-720 PDF and VCE Dumps

300-725 PDF and VCE Dumps

300-730 PDF and VCE Dumps

300-735 PDF and VCE Dumps

350-701 PDF and VCE Dumps

350-501 PDF and VCE Dumps

300-510 PDF and VCE Dumps

300-515 PDF and VCE Dumps

300-535 PDF and VCE Dumps

350-501 PDF and VCE Dumps

010-151 PDF and VCE Dumps

100-490 PDF and VCE Dumps

810-440 PDF and VCE Dumps

820-445 PDF and VCE Dumps

840-450 PDF and VCE Dumps

820-605 PDF and VCE Dumps

700-805 PDF and VCE Dumps

700-070 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

500-173 PDF and VCE Dumps

500-174 PDF and VCE Dumps

200-401 PDF and VCE Dumps

644-906 PDF and VCE Dumps

600-211 PDF and VCE Dumps

600-212 PDF and VCE Dumps

600-210 PDF and VCE Dumps

600-212 PDF and VCE Dumps

700-680 PDF and VCE Dumps

500-275 PDF and VCE Dumps

500-285 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

Microsoft Exams Will Be Retired

AZ-103(retiring August 31, 2020)

AZ-203(retiring August 31, 2020)

AZ-300(retiring August 31, 2020)

AZ-301(retiring August 31, 2020)

77-419(retiring June 30, 2020)

70-333(retiring January 31, 2021)

70-334(retiring January 31, 2021)

70-339(retiring January 31, 2021)

70-345(retiring January 31, 2021)

70-357(retiring January 31, 2021)

70-410(retiring January 31, 2021)

70-411(retiring January 31, 2021)

70-412(retiring January 31, 2021)

70-413(retiring January 31, 2021)

70-414(retiring January 31, 2021)

70-417(retiring January 31, 2021)

70-461(retiring January 31, 2021)

70-462(retiring January 31, 2021)

70-463(retiring January 31, 2021)

70-464(retiring January 31, 2021)

70-465(retiring January 31, 2021)

70-466(retiring January 31, 2021)

70-467(retiring January 31, 2021)

70-480(retiring January 31, 2021)

70-483(retiring January 31, 2021)

70-486(retiring January 31, 2021)

70-487(retiring January 31, 2021)

70-537(retiring January 31, 2021)

70-705(retiring January 31, 2021)

70-740(retiring January 31, 2021)

70-741(retiring January 31, 2021)

70-742(retiring January 31, 2021)

70-743(retiring January 31, 2021)

70-744(retiring January 31, 2021)

70-745(retiring January 31, 2021)

70-761(retiring January 31, 2021)

70-762(retiring January 31, 2021)

70-764(retiring January 31, 2021)

70-765(retiring January 31, 2021)

70-767(retiring January 31, 2021)

70-768(retiring January 31, 2021)

70-777(retiring January 31, 2021)

70-778(retiring January 31, 2021)

70-779(retiring January 31, 2021)

MB2-716(retiring January 31, 2021)

MB6-894(retiring January 31, 2021)

MB6-897(retiring January 31, 2021)

MB6-898(retiring January 31, 2021)