Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 210-260

Cisco® 210-260 Exam Practice Questions (P. 4)

  • Full Access (620 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
Refer to the exhibit.

What is the effect of the given command sequence?
  1. A
    It configures IKE Phase 1.
  2. B
    It configures a site-to-site VPN tunnel.
  3. C
    It configures a crypto policy with a key size of 14400.
  4. D
    It configures IPSec Phase 2.

Correct Answer:
A
ikev2 policy command from global configuration mode. The prompt displays IKE policy configuration mode. For example: hostname(config)# crypto ikev1 policy 1 hostname(config-ikev1-policy)#
After creating the policy, you can specify the settings for the policy.
Reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_ike.html

Question #32
Refer to the exhibit.

What is the effect of the given command sequence?
  1. A
    It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24.
  2. B
    It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24.
  3. C
    It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24.
  4. D
    It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24.

Correct Answer:
A
Crypto map entry "mymap 30" references the dynamic crypto map set "mydynamicmap," which can be used to process inbound security association negotiation requests that do not match "mymap" entries 10 or 20. In this case, if the peer specifies a transform set that matches one of the transform sets specified in
"mydynamicmap," for a flow "permitted" by the access list 103, IPSec will accept the request and set up security associations with the remote peer without previously knowing about the remote peer. If accepted, the resulting security associations (and temporary crypto map entry) are established according to the settings specified by the remote peer.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/srfipsec.html

Question #33
Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?
  1. A
    IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.
  2. B
    IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.
  3. C
    IPSec Phase 1 is down due to a QM_IDLE state.
  4. D
    IPSec Phase 2 is down due to a QM_IDLE state.

Correct Answer:
A
Phase 1 of IPsec is used to establish a secure channel between the two peers that will be used for further data transmission. The ASAs will exchange secret keys, they authenticate each other and will negotiate about the IKE security policies. This is what happens in phase 1:
✑ Authenticate and protect the identities of the IPsec peers.
✑ Negotiate a matching IKE policy between IPsec peers to protect the IKE exchange.
✑ Perform an authenticated Diffie-Hellman exchange to have matching shared secret keys.
✑ Setup a secure tunnel for IKE phase 2.
Reference:
https://networklessons.com/security/cisco-asa-site-site-ikev1-ipsec-vpn/

Question #34
Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?
  1. A
    IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5.
  2. B
    ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1.
  3. C
    IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5.
  4. D
    IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets.

Correct Answer:
A
Once the secure tunnel from phase 1 has been established, we will start phase 2. In this phase the two firewalls will negotiate about the IPsec security parameters that will be used to protect the traffic within the tunnel. In short, this is what happens in phase 2:
✑ Negotiate IPsec security parameters through the secure tunnel from phase 1.
✑ Establish IPsec security associations.
✑ Periodically renegotiates IPsec security associations for security.
Reference:
https://networklessons.com/security/cisco-asa-site-site-ikev1-ipsec-vpn/

Question #35
Refer to the exhibit.

The Admin user is unable to enter configuration mode on a device with the given configuration. What change can you make to the configuration to correct the problem?
  1. A
    Remove the autocommand keyword and arguments from the Username Admin privilege line.
  2. B
    Change the Privilege exec level value to 15.
  3. C
    Remove the two Username Admin lines.
  4. D
    Remove the Privilege exec line.

Correct Answer:
A
The autocommand causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated.
Because the command can be any length and contain embedded spaces, commands using the autocommand keyword must be the last option on the line.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfpass.html#wp1030793

Question #36
After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?
  1. A
    The secure boot-image command is configured.
  2. B
    The secure boot-comfit command is configured.
  3. C
    The confreg 0x24 command is configured.
  4. D
    The reload command was issued from ROMMON.

Correct Answer:
A
Secured files will not appear on the output of a dir command issued from an executive shell because the IFS prevents secure files in a directory from being listed.
ROM monitor (ROMMON) mode does not have any such restriction and can be used to list and boot secured files.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-resil-config.html

Question #37
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
  1. A
    It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.
  2. B
    It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.
  3. C
    It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.
  4. D
    It configures the device to generate a new authentication key and transmit it to other devices at 23:59:00 local time on December 31, 2013.
  5. E
    It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.
  6. F
    It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely.

Correct Answer:
B
Send-lifetime infinite command configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely

Question #38
What type of packet creates and performs network operations on a network device?
  1. A
    control plane packets
  2. B
    data plane packets
  3. C
    management plane packets
  4. D
    services plane packets

Correct Answer:
A
Under normal network operating conditions, the vast majority of packets handled by network devices are data plane packets. These packets are handled in the fast path. Network devices are optimized to handle these fast path packets efficiently. Typically, considerably fewer control and management plane packets are required to create and operate IP networks. Thus, the punt path and route processor are significantly less capable of handling the kinds of packets rates experienced in the fast path since they are never directly involved in the forwarding of data plane packets
Reference:
http://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html

Question #39
An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?
  1. A
    The switch could offer fake DHCP addresses.
  2. B
    The switch could become the root bridge.
  3. C
    The switch could be allowed to join the VTP domain.
  4. D
    The switch could become a transparent bridge.

Correct Answer:
B
The BPDU guard feature is designed to allow network designers to keep the active network topology predictable. BPDU guard is used to protect the switched network from the problems that may be caused by the receipt of BPDUs on ports that should not be receiving them. The receipt of unexpected BPDUs may be accidental or may be part of an unauthorized attempt to add a switch to the network. BPDU guard is best deployed toward user-facing ports to prevent rogue switch network extensions by an attacker.

Question #40
In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity?
  1. A
    gratuitous ARP
  2. B
    ARP poisoning
  3. C
    IP spoofing
  4. D
    MAC spoofing

Correct Answer:
D
If your original MAC address is revealed, an hacker can use it to impersonate you! On many networks (wired or wireless) access is restricted based on MAC address to avoid access to unauthorized devices on the network. So, when you go offline, someone can use your machine's MAC address and access the network as 'you'.
Reference:
http://blog.technitium.com/2011/06/why-you-need-to-change-mac-address.html

Previous Questions Next Questions

All Pages