Cisco® 210-260 Exam Practice Questions (P. 2)
- Full Access (620 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
Which three statements about host-based IPS are true? (Choose three.)
- AIt can view encrypted files.
- BIt can have more restrictive policies than network-based IPS.
- CIt can generate alerts based on behavior at the desktop level.
- DIt can be deployed at the perimeter.
- EIt uses signature-based policies.
- FIt works with deployed firewalls.
Correct Answer:
ABC
Cisco Host based IPS can generate alerts based on behavior at desktop level. They can also be more restrictive in policies than network based IPS. And you can view encrypted files using Host-based IPS solution.
Reference:
http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3
ABC
Cisco Host based IPS can generate alerts based on behavior at desktop level. They can also be more restrictive in policies than network based IPS. And you can view encrypted files using Host-based IPS solution.
Reference:
http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3
send
light_mode
delete
Question #12
What three actions are limitations when running IPS in promiscuous mode? (Choose three.)
- Adeny attacker
- Bdeny packet
- Cmodify packet
- Drequest block connection
- Erequest block host
- Freset TCP connection
Correct Answer:
ABC
The following actions require the device to be deployed in Inline mode and are in affect for a user- configurable default time of 3600 seconds (60 minutes).
Deny attacker inline: This action is the most severe and effectively blocks all communication from the attacking host that passes through the IPS for a specified period of time. Because this event action is severe, administrators are advised to use this only when the probability of false alarms or spoofing is minimal.
Deny attacker service pair inline: This action prevents communication between the attacker IP address and the protected network on the port in which the event was detected. However, the attacker would be able to communicate on another port that has hosts on the protected network. This event action works well for worms that attack many hosts on the same service port. If an attack occurred on the same host but on another port, this communication would be allowed. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Deny attacker victim pair inline: This action prevents the attacker from communicating with the victim on any port. However, the attacker could communicate with other hosts, making this action better suited for exploits that target a specific host. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Deny connection inline: This action prevents further communication for the specific TCP flow. This action is appropriate when there is the potential for a false alarm or spoofing and when an administrator wants to prevent the action but not deny further communication.
Deny packet inline: This action prevents the specific offending packet from reaching its intended destination. Other communication between the attacker and victim or victim network may still exist. This action is appropriate when there is the potential for a false alarm or spoofing. Note that for this action, the default time has no effect.
Modify packet inline: This action enables the IPS device to modify the offending part of the packet. However, it forwards the modified packet to the destination.
This action is appropriate for packet normalization and other anomalies, such as TCP segmentation and IP fragmentation re-ordering.
Reference:
http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html
ABC
The following actions require the device to be deployed in Inline mode and are in affect for a user- configurable default time of 3600 seconds (60 minutes).
Deny attacker inline: This action is the most severe and effectively blocks all communication from the attacking host that passes through the IPS for a specified period of time. Because this event action is severe, administrators are advised to use this only when the probability of false alarms or spoofing is minimal.
Deny attacker service pair inline: This action prevents communication between the attacker IP address and the protected network on the port in which the event was detected. However, the attacker would be able to communicate on another port that has hosts on the protected network. This event action works well for worms that attack many hosts on the same service port. If an attack occurred on the same host but on another port, this communication would be allowed. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Deny attacker victim pair inline: This action prevents the attacker from communicating with the victim on any port. However, the attacker could communicate with other hosts, making this action better suited for exploits that target a specific host. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Deny connection inline: This action prevents further communication for the specific TCP flow. This action is appropriate when there is the potential for a false alarm or spoofing and when an administrator wants to prevent the action but not deny further communication.
Deny packet inline: This action prevents the specific offending packet from reaching its intended destination. Other communication between the attacker and victim or victim network may still exist. This action is appropriate when there is the potential for a false alarm or spoofing. Note that for this action, the default time has no effect.
Modify packet inline: This action enables the IPS device to modify the offending part of the packet. However, it forwards the modified packet to the destination.
This action is appropriate for packet normalization and other anomalies, such as TCP segmentation and IP fragmentation re-ordering.
Reference:
http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html
send
light_mode
delete
Question #13
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
- ADeny the connection inline.
- BPerform a Layer 6 reset.
- CDeploy an antimalware system.
- DEnable bypass mode.
Correct Answer:
A
This action prevents the attacker from communicating with the victim on any port. However, the attacker could communicate with other hosts, making this action better suited for exploits that target a specific host. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Reference:
http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html
A
This action prevents the attacker from communicating with the victim on any port. However, the attacker could communicate with other hosts, making this action better suited for exploits that target a specific host. This event action is appropriate when the likelihood of a false alarm or spoofing is minimal.
Reference:
http://www.cisco.com/c/en/us/about/security-center/ips-mitigation.html
send
light_mode
delete
Question #14
What is an advantage of implementing a Trusted Platform Module for disk encryption?
- AIt provides hardware authentication.
- BIt allows the hard disk to be transferred to another device without requiring re-encryption.dis
- CIt supports a more complex encryption algorithm than other disk-encryption technologies.
- DIt can protect against single points of failure.
Correct Answer:
A
A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication.
Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software. The
Storage Root Key (SRK) is created when a user or administrator takes ownership of the system. This key pair is generated by the TPM based on the Endorsement
Key and an owner-specified password.
Reference:
http://whatis.techtarget.com/definition/trusted-platform-module-TPM
A
A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication.
Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software. The
Storage Root Key (SRK) is created when a user or administrator takes ownership of the system. This key pair is generated by the TPM based on the Endorsement
Key and an owner-specified password.
Reference:
http://whatis.techtarget.com/definition/trusted-platform-module-TPM
send
light_mode
delete
Question #15
What is the purpose of the Integrity component of the CIA triad?
- Ato ensure that only authorized parties can modify data
- Bto determine whether data is relevant
- Cto create a process for accessing data
- Dto ensure that only authorized parties can view data
Correct Answer:
A
The I in CIA stands for Integrity specifically, data integrity. The key to this component of the CIA Triad is protecting data from modification or deletion by unauthorized parties, and ensuring that when authorized people make changes that shouldn't have been made the damage can be undone.
Reference:
http://www.techrepublic.com/blog/it-security/the-cia-triad/
A
The I in CIA stands for Integrity specifically, data integrity. The key to this component of the CIA Triad is protecting data from modification or deletion by unauthorized parties, and ensuring that when authorized people make changes that shouldn't have been made the damage can be undone.
Reference:
http://www.techrepublic.com/blog/it-security/the-cia-triad/
send
light_mode
delete
Question #16
In a security context, which action can you take to address compliance?
- AImplement rules to prevent a vulnerability.
- BCorrect or counteract a vulnerability.
- CReduce the severity of a vulnerability.
- DFollow directions from the security appliance manufacturer to remediate a vulnerability.
Correct Answer:
A
Addressing compliance is an integral part of security context. It implement rules to prevent vulnerability.
Reference:
http://www.cisco.com/security/
A
Addressing compliance is an integral part of security context. It implement rules to prevent vulnerability.
Reference:
http://www.cisco.com/security/
send
light_mode
delete
Question #17
Which type of secure connectivity does an extranet provide?
- Aother company networks to your company network
- Bremote branch offices to your company network
- Cyour company network to the Internet
- Dnew networks to your company network
Correct Answer:
A
Extranet or external network provides secure connectivity to other company networks from your own companys network.
Reference:
http://searchenterprisewan.techtarget.com/definition/extranet
A
Extranet or external network provides secure connectivity to other company networks from your own companys network.
Reference:
http://searchenterprisewan.techtarget.com/definition/extranet
send
light_mode
delete
Question #18
Which tool can an attacker use to attempt a DDoS attack?
- Abotnet
- BTrojan horse
- Cvirus
- Dadware
Correct Answer:
A
Attackers build networks of infected computers, known as 'botnets', by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners' knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.
Reference:
http://www.digitalattackmap.com/understanding-ddos/
A
Attackers build networks of infected computers, known as 'botnets', by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners' knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.
Reference:
http://www.digitalattackmap.com/understanding-ddos/
send
light_mode
delete
Question #19
What type of security support is provided by the Open Web Application Security Project?
- AEducation about common Web site vulnerabilities.
- BA Web site security framework.
- CA security discussion forum for Web site developers.
- DScoring of common vulnerabilities and exposures.
Correct Answer:
A
OWASP seeks to educate developers, designers, architects and business owners about the risks associated with the most common Web application security vulnerabilities. OWASP, which supports both open source and commercial security products, has become known as a forum in which information technology professionals can network and build expertise. The organization publishes a popular Top Ten list that explains the most dangerous Web application security flaws and provides recommendations for dealing with those flaws.
Reference:
http://searchsoftwarequality.techtarget.com/definition/OWASP
A
OWASP seeks to educate developers, designers, architects and business owners about the risks associated with the most common Web application security vulnerabilities. OWASP, which supports both open source and commercial security products, has become known as a forum in which information technology professionals can network and build expertise. The organization publishes a popular Top Ten list that explains the most dangerous Web application security flaws and provides recommendations for dealing with those flaws.
Reference:
http://searchsoftwarequality.techtarget.com/definition/OWASP
send
light_mode
delete
Question #20
What type of attack was the Stuxnet virus?
- Acyber warfare
- Bhacktivism
- Cbotnet
- Dsocial engineering
Correct Answer:
A
Stuxnet virus is part of cyber warfare unleashed by governments to hinder their opponents computer systems and steal vital information.
Reference:
https://en.wikipedia.org/wiki/Stuxnet
A
Stuxnet virus is part of cyber warfare unleashed by governments to hinder their opponents computer systems and steal vital information.
Reference:
https://en.wikipedia.org/wiki/Stuxnet
send
light_mode
delete
All Pages