[Free] 2018(May) EnsurePass Braindumps Cisco 210-260 Dumps with VCE and PDF 191-200

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 210-260
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Network Security

Question No: 191

You want to allow all of your company#39;s users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two).

  1. Configure a proxy server to hide users#39; local IP addresses.

  2. Assign unique IP addresses to all users.

  3. Assign the same IP address to all users.

  4. Install a Web content filter to hide users#39; local IP addresses.

  5. Configure a firewall to use Port Address Translation.

Answer: A,E

Question No: 192

What technology can you use to provide data confidentiality, data integrity and data origin authentication on your network?

  1. Certificate Authority

  2. IKE

  3. IPSec

  4. Data Encryption Standards

Answer: C

Question No: 193

Which network device does NTP authenticate?

  1. Only the time source

  2. Only the client device

  3. The firewall and the client device

  4. The client device and the time source

Answer: A

Question No: 194

What is a possible reason for the error message?Router(config)#aaa server?% Unrecognized command

  1. The command syntax requires a space after the word “server”

  2. The command is invalid on the target device

  3. The router is already running the latest operating system

  4. The router is a new device on which the aaa new-model command must be applied before continuing

Answer: D

Question No: 195

Which statement about zone-based firewall configuration is true?

  1. Traffic is implicitly denied by default between interfaces the same zone

  2. Traffic that is desired to or sourced from the self-zone is denied by default

  3. The zone must be configured before a can be assigned

  4. You can assign an interface to more than one interface

Answer: C

Question No: 196

In the router ospf 200 command, what does the value 200 stand for?

  1. process ID

  2. area ID

  3. administrative distance value

  4. ABR ID

Answer: A

Question No: 197

What are two challenges faced when deploying host-level IPS? (Choose Two)

  1. The deployment must support multiple operating systems.

  2. It does not provide protection for offsite computers.

  3. It is unable to provide a complete network picture of an attack.

  4. It is unable to determine the outcome of every attack that it detects.

  5. It is unable to detect fragmentation attacks.

Answer: A,B Explanation:

Advantages of HIPS: The success or failure of an attack can be readily determined. A network IPS sends an alarm upon the presence of intrusive activity but cannot always ascertain the success or failure of such an attack. HIPS does not have to worry about fragmentation attacks or variable Time to Live (TTL) attacks

because the host stack takes care of these issues. If the network traffic stream is encrypted, HIPS has access to the traffic in unencrypted form.

Limitations of HIPS: There are two major drawbacks to HIPS:

HIPS does not provide a complete network picture: Because HIPS examines information only at the local host level, HIPS has difficulty constructing an accurate network picture or coordinating the events happening across the entire network.

HIPS has a requirement to support multiple operating systems: HIPS needs to run on every system in the network. This requires verifying support for all the different operating systems used in your network.

Source: http://www.ciscopress.com/articles/article.asp?p=1336425amp;seqNum=3

Question No: 198

Which options are filtering options used to display SDEE message types? (Choose two.)

  1. stop

  2. none

  3. error

  4. all

Answer: C,D

Question No: 199

What features can protect the data plane? (Choose three.)

  1. policing

  2. ACLs

  3. IPS

  4. antispoofing

  5. QoS

  6. DHCP-snooping

Answer: B,D,F

Question No: 200

Which of the following statements about access lists are true? (Choose three.)

  1. Extended access lists should be placed as near as possible to the destination

  2. Extended access lists should be placed as near as possible to the source

  3. Standard access lists should be placed as near as possible to the destination

  4. Standard access lists should be placed as near as possible to the source

  5. Standard access lists filter on the source address

  6. Standard access lists filter on the destination address

Answer: B,C,E

100% Ensurepass Free Download!
Download Free Demo:210-260 Demo PDF
100% Ensurepass Free Guaranteed!
210-260 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *