Exam Prepartion Material For Cisco 210-260 Exam

To get the highest marks in the Cisco 210-260 exam, the CCNA security 210-260 dumps is the ultimate choice. Only valid and update ccna security exam questions can ensure your success in the final implementing Cisco Network Security exam. Download the ccna security 210-260 dumps free now.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Refer to the exhibit.

Using a stateful packet firewall and given an inside ACL entry of permit ip any, what would be the resulting dynamically configured ACL for the return traffic on the outside ACL?

Answer: A


Understanding Inspection Rules

Inspection rules configure Context-Based Access Control (CBAC) inspection commands. CBAC inspects traffic that travels through the device to discover and manage state information for TCP and UDP sessions. The device uses this state information to create temporary openings to allow return traffic and additional data connections for permissible sessions.

CBAC creates temporary openings in access lists at firewall interfaces. These openings are created when inspected traffic exits your internal network through the firewall. The openings allow returning traffic (that would normally be blocked) and additional data channels to enter your internal network back through the firewall. The traffic is allowed back through the firewall only if it is part of the same session as the original traffic that triggered inspection when exiting through the firewall.

Inspection rules are applied after your access rules, so any traffic that you deny in the access rule is not inspected. The traffic must be allowed by the access rules at both the input and output interfaces to be inspected. Whereas access rules allow you to control connections at layer 3 (network, IP) or 4 (transport, TCP or UDP protocol), you can use inspection rules to control traffic using application-layer protocol session information.

For all protocols, when you inspect the protocol, the device provides the following functions:

*Automatically opens a return path for the traffic (reversing the source and destination addresses), so that you do not need to create an access rule to allow the return traffic. Each connection is considered a session, and the device maintains session state information and allows return traffic only for valid sessions. Protocols that use TCP contain explicit session information, whereas for UDP applications, the device models the equivalent of a session based on the source and destination addresses and the closeness in time of a sequence of UDP packets.

These temporary access lists are created dynamically and are removed at the end of a session.

*Tracks sequence numbers in all TCP packets and drops those packets with sequence numbers that are not within expected ranges.

*Uses timeout and threshold values to manage session state information, helping to determine when to drop sessions that do not become fully established. When a session is dropped, or reset, the device informs both the source and destination of the session to reset the connection, freeing up resources and helping to mitigate potential Denial of Service (DoS) attacks.

Question No. 2

Which primary security attributes can be achieved by BYOD Architecture?

Answer: A, C

Question No. 3

Which two characteristics of RADIUS are true? (Choose two.)

Answer: A, B

Question No. 4

Which IKE phase 1 parameter can you use to require the site-to-site VPN to us a pre-shared key?

Answer: C

Question No. 5

Which protocol provides security to Secure Copy?

Answer: B

The SCP is a network protocol, based on the BSD RCP protocol,[3] which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit.

Source: https://en.wikipedia.org/wiki/Secure_copy

Question No. 6

How does a device on a network using ISE receive its digital certificate during the new-device registration process?

Answer: A

SCEP Profile Configuration on ISE

Within this design, ISE is acting as a Simple Certificate Enrollment Protocol (SCEP) proxy server, thereby allowing mobile clients to obtain their digital certificates from the CA server. This important feature of ISE allows all endpoints, such as iOS, Android, Windows, and MAC, to obtain digital certificates through the ISE. This feature combined with the initial registration process greatly simplifies the provisioning of digital certificates on endpoints.

Source: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/ BYOD_Design_Guide/BYOD_ISE.html

Question No. 7

How is management traffic isolated on a Cisco ASK 1002?

Answer: C

Question No. 8

Which two statements about hardware based encryption are true? (Choose two.)

Answer: A, B

210-260 Dumps Google Drive: (Limited Version!!!)

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html

Leave a Reply

Your email address will not be published. Required fields are marked *