Questions Ask for cisco ccna security 210 260 pdf

Pass4sure offers free demo for 210 260 pdf exam. "IINS Implementing Cisco Network Security", also known as 210 260 vce exam, is a Cisco Certification. This set of posts, Passing the Cisco 210 260 vce exam, will help you answer those questions. The ccna security 210 260 official cert guide pdf free download Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco ccna security 210 260 lab exams and revised by experts!


If you would certainly such as to recognize more concerning 210-260 exam, call us or merely visit us at our internet 2PASSEASY.COM site.

P.S. Approved 210-260 torrent are available on Google Drive, GET MORE: https://drive.google.com/open?id=15Wj8GqxvfYTz0nGHdJkfV_zMadDrezid


New Cisco 210-260 Exam Dumps Collection (Question 11 - Question 20)

Question No: 11

Which option is the resulting action in a zone-based policy firewall configuration with these conditions?

A. no impact to zoning or policy

B. no policy lookup (pass)

C. drop

D. apply default policy

Answer: C

Explanation:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-zone- pol-fw.html

Zone Pairs

A zone pair allows you to specify a unidirectional firewall policy between two security zones.

To define a zone pair, use the zone-pair security command. The direction of the traffic is specified by source and destination zones. The source and destination zones of a zone pair must be security zones.

You can select the default or self zone as either the source or the destination zone. The self zone is a systemdefined zone which does not have any interfaces as members. A zone pair that includes the self zone, along with the associated policy, applies to traffic directed to the device or traffic generated by the device. It does not apply to traffic through the device.

The most common usage of firewall is to apply them to traffic through a device, so you need at least two zones (that is, you cannot use the self zone).

To permit traffic between zone member interfaces, you must configure a policy permitting (or inspecting) traffic between that zone and another zone. To attach a firewall policy map to the target zone pair, use the servicepolicy type inspect command.

The figure below shows the application of a firewall policy to traffic flowing from zone Z1 to zone Z2, which means that the ingress interface for the traffic is a member of zone Z1 and the egress interface is a member of zone Z2.

Figure 2. Zone Pairs

If there are two zones and you require policies for traffic going in both directions (from Z1 to Z2 and Z2 to Z1), you must configure two zone pairs (one for each direction).

If a policy is not configured between zone pairs, traffic is dropped. However, it is not necessary to configure a zone pair and a service policy solely for the return traffic. By default, return traffic is not allowed. If a service policy inspects the traffic in the forward direction and there is no zone pair and service policy for the return traffic, the return traffic is inspected. If a service policy passes the traffic in the forward direction and there is no zone pair and service policy for the return traffic, the return traffic is dropped. In both these cases, you need to configure a zone pair and a service policy to allow the return traffic. In the above figure, it is not mandatory that you configure a zone pair source and destination for allowing return traffic from Z2 to Z1. The service policy on Z1 to Z2 zone pair takes care of it.


Question No: 12

What is the only permitted operation for processing multicast traffic on zone-based firewalls?

A. Only control plane policing can protect the control plane against multicast traffic.

B. Stateful inspection of multicast traffic is supported only for the self-zone.

C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone.

D. Stateful inspection of multicast traffic is supported only for the internal zone.

Answer: A


Question No: 13

What is an advantage of placing an IPS on the inside of a network?

A. It can provide higher throughput.

B. It receives traffic that has already been filtered.

C. It receives every inbound packet.

D. It can provide greater security.

Answer: B


Question No: 14

Which statement about zone-based firewall configuration is true?

A. Traffic is implicitly denied by default between interfaces the same zone

B. Traffic that is desired to or sourced from the self-zone is denied by default

C. The zone must be configured before a can be assigned

D. You can assign an interface to more than one interface

Answer: C


Question No: 15

Which two characteristics of an application layer firewall are true? (Choose two)

A. provides protection for multiple applications

B. is immune to URL manipulation

C. provides reverse proxy services

D. provides stateful firewall functionality

E. has low processor usage

Answer: A,C


Question No: 16

What is a valid implicit permit rule for traffic that is traversing the ASA firewall?

A. ARPs in both directions are permitted in transparent mode only.

B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only.

C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.

D. Only BPDUs from a higher security interface to a lower security interface are permitted in transparent mode.

E. Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode.

Answer: A


Question No: 17

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

A. Rate-Based Prevention

B. Portscan Detection

C. IP Defragmentation

D. Inline Normalization

Answer: A


Question No: 18

Which filter uses in Web reputation to prevent from Web Based Attacks? (Choose two)

A. outbreak filter

B. buffer overflow filter

C. bayesian overflow filter

D. web reputation

E. exploit filtering

Answer: A,D


Question No: 19

In the router ospf 200 command, what does the value 200 stand for?

A. process ID

B. area ID

C. administrative distance value

D. ABR ID

Answer: A


Question No: 20

Which option describes information that must be considered when you apply an access list to a physical interface?

A. Protocol used for filtering

B. Direction of the access class

C. Direction of the access group

D. Direction of the access list

Answer: C


P.S. Easily pass 210-260 Exam with Surepassexam Approved Dumps & pdf vce, Try Free: https://www.surepassexam.com/210-260-exam-dumps.html (387 New Questions)