Limited Time Discount Offer 30% Off - Ends in 02:00:00


Cisco CCNA Security 210-260 Exam - CCNA Security Implementing Cisco Network Security

Download Free Cisco 210-260 Exam Questions

Questions & Answers for Cisco 210-260

Showing 1-15 of 186 Questions

Question #1

Given the new additional connectivity requirements and the topology diagram, use ASDM
to accomplish the required ASA configurations to meet the requirements.
New additional connectivity requirements:
Once the correct ASA configurations have been configured:
To access ASDM, click the ASA icon in the topology diagram.
To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology
To access the Command prompt on the Inside PC, click the Inside PC icon in the topology
After you make the configuration changes in ASDM, remember to click Apply to apply the
configuration changes.
Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to
use different methods to configure the ASA to meet the requirements.
In this simulation, some of the ASDM screens may not look and function exactly like the
real ASDM.


Follow the explanation part to get answer on this sim question.

First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can
be given any name.

Then, create the firewall rules to allow the HTTP access:

You can verify using the outside PC to HTTP into
For step two, to be able to ping hosts on the outside, we edit the last service policy shown

And then check the ICMP box only as shown below, then hit Apply.

After that is done, we can to verify:

Question #2

In this simulation, you have access to ASDM only. Review the various ASA configurations
using ASDM then answer the five multiple choice questions about the ASA SSLVPN
To access ASDM, click the ASA icon in the topology diagram.
Note: Not all ASDM functionalities are enabled in this simulation.
To see all the menu options available on the left navigation pane, you may also need to un-
expand the expanded menu first.


A. test

B. clientless

C. Sales

D. DfltGrpPolicy

E. DefaultRAGroup

F. DefaultWEBVPNGroup

First navigate to the Connection Profiles tab as shown below, highlight the one with the test

Then hit the edit button and you can clearly see the Sales Group Policy being applied.

Question #3

What command can you use to verify the binding table status?

A. show ip dhcp snooping database

B. show ip dhcp snooping binding

C. show ip dhcp snooping statistics

D. show ip dhcp pool

E. show ip dhcp source binding

F. show ip dhcp snooping

Question #4

Which three ESP fields can be encrypted during transmission? (Choose three.)

A. Security Parameter Index

B. Sequence Number

C. MAC Address

D. Padding

E. Pad Length

F. Next Header

Question #5

What are two ways to prevent eavesdropping when you perform device-management
tasks? (Choose two.)

A. Use an SSH connection.

B. Use SNMPv3.

C. Use out-of-band management.

D. Use SNMPv2.

E. Use in-band management.

Question #6

Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command.
What does the given output show?

A. IPSec Phase 2 is established between and

B. ISAKMP security associations are established between and

C. IKE version 2 security associations are established between and

D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets.

Question #7

When an IPS detects an attack, which action can the IPS take to prevent the attack from

A. Deny the connection inline.

B. Perform a Layer 6 reset.

C. Deploy an antimalware system.

D. Enable bypass mode.

Question #8

Which accounting notices are used to send a failed authentication attempt record to a AAA
server? (Choose two.)

A. start-stop

B. stop-record

C. stop-only

D. stop

Question #9

If a switch receives a superior BPDU and goes directly into a blocked state, what
mechanism must be in use?

A. portfast

B. EtherChannel guard

C. loop guard

D. BPDU guard

Question #10

Which feature filters CoPP packets?

A. access control lists

B. class maps

C. policy maps

D. route maps

Question #11

Which command initializes a lawful intercept view?

A. username cisco1 view lawful-intercept password cisco

B. parser view cisco li-view

C. li-view cisco user cisco1 password cisco

D. parser view li-view inclusive

Question #12

A proxy firewall protects against which type of attack?

A. cross-site scripting attack

B. worm traffic

C. port scanning

D. DDoS attacks

Question #13

Which two statements about Telnet access to the ASA are true? (Choose two).

A. You may VPN to the lowest security interface to telnet to an inside interface.

B. You must configure an AAA server to enable Telnet.

C. You can access all interfaces on an ASA using Telnet.

D. You must use the command virtual telnet to enable Telnet.

E. Best practice is to disable Telnet and use SSH.

Question #14

Which statement about Cisco ACS authentication and authorization is true?

A. ACS servers can be clustered to provide scalability.

B. ACS can query multiple Active Directory domains.

C. ACS uses TACACS to proxy other authentication servers.

D. ACS can use only one authorization profile to allow or deny requests.

Question #15

Refer to the exhibit.

If a supplicant supplies incorrect credentials for all authentication methods configured on
the switch, how will the switch respond?

A. The supplicant will fail to advance beyond the webauth method.

B. The switch will cycle through the configured authentication methods indefinitely.

C. The authentication attempt will time out and the switch will place the port into the unauthorized state.

D. The authentication attempt will time out and the switch will place the port into VLAN 101.


Exam-Labs Special Discount
You save

Enter Your Email Address to Receive Your 30% Discount Code


Exam-Labs Special Discount
You save

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from [email protected] and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

  • Realistic exam simulation and exam editor with preview functions
  • Whole exam in a single file with several different question types
  • Customizable exam-taking mode & detailed score reports