Vendor: Cisco Exam Code: 210-260 Exam Name: Implementing Cisco https://www.pass4itsure.com/210-260.html Network Security Q&As: 329 (324Q&As & 5 Labs)QUESTION 1 Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header Correct Answer: DEF Explanation QUESTION 2 What mechanism does asymmetric cryptography use to secure data? A. a public/private key pair B. shared secret keys C. an RSA nonce D. an MD5 hash Correct Answer: A Explanation QUESTION 3 Whit which type of Leyer 2 attack can you "do something" for one host: A. MAC spoofing B. CAM overflow.... Correct Answer: A Explanation QUESTION 4 Refer to the exhibit. How many times was a read-only string used to attempt a write operation? A. 9 B. 6 C. 4 D. 3 E. 2 Correct Answer: A Explanation QUESTION 5 Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A. next IP B. round robin C. dynamic rotation D. NAT address rotation Correct Answer: B Explanation QUESTION 6 Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own? A. white hat hacker B. hacktivist C. phreaker D. script kiddy Correct Answer: D Explanation QUESTION 7 When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.) A. pass B. police C. inspect D. drop E. queue F. shape Correct Answer: ACD Explanation Explanation/Reference: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml Zone-Based Policy Firewall Actions ZFW provides three actions for traffic that traverses from one zone to another: Drop -- This is the default action for all traffic, as applied by the "class class-default" that terminates every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic. Traffic that is handled by the drop action is "silently" dropped (i.e., no notification of the drop is sent to the relevant end-host) by the ZFW, as opposed to an ACL's behavior of sending an ICMP "host unreachable" message to the host that sent the denied traffic. Currently, there is not an option to change the "silent drop" behavior. The log option can be added with drop for syslog notification that traffic was dropped by the firewall. Pass -- This action allows the router to forward traffic from one zone to another. The pass action does not track the state of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must be applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application traffic is better handled in the ZFW with the inspect action. Inspect--The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet zone in the earlier example network is inspected, the router maintains connection or session information for TCP and User Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to private zone connection requests. Also, inspect can provide application inspection and control for certain service protocols that might carry vulnerable or sensitive application traffic.Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume transferred, and source and destination addresses. QUESTION 8 Which type of security control is defense in depth? A. Threat mitigation B. Risk analysis C. Botnet mitigation D. Overt and covert channels Correct Answer: A Explanation QUESTION 9 Which statement about a PVLAN isolated port configured on a switch is true? A. The isolated port can communicate only with the promiscuous port. B. The isolated port can communicate with other isolated ports and the promiscuous port. C. The isolated port can communicate only with community ports. D. The isolated port can communicate only with other isolated ports. Correct Answer: A Explanation QUESTION 10 Which statement about Cisco cert4sure.netACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses TACACS to proxy other authentication servers. D. ACS can use only one authorization profile to allow or deny requests. Correct Answer: A Explanation ACSM-Certification Oracle Exam Questions

12件中 1~10件を表示しています

【東京】(BtoBメーカー様向け)辞退防止セミナー

(2019年01月15日

>続きはこちら

【東京】高収益を生む、中小企業の「人材投資」とは?

講師 プロフィール  株式会社トライアンフ 代表取締役 樋口 弘和 日本ヒューレット・パッカードにて、20年近く採用・教育・給与システムなどの人事部門に勤務し、コンピュータ事業部の人事部門を統括。米国本社でキャ […]

(2018年12月17日

>続きはこちら

【東京】VUCA時代における成長企業の人材ポートフォリオ戦略とは

講師 プロフィール  株式会社トライアンフ 代表取締役 樋口 弘和 日本ヒューレット・パッカードにて、20年近く採用・教育・給与システムなどの人事部門に勤務し、コンピュータ事業部の人事部門を統括。米国本社でキャ […]

(2018年12月17日

>続きはこちら

【東京】採用適性検査 導入支援セミナー

(2018年11月22日

>続きはこちら

【東京】[CUBIC顧客向け]適性検査 徹底活用セミナー

(2018年11月21日

>続きはこちら

【東京】採用基準設計体験 ワークショップセミナー

(2018年11月19日

>続きはこちら

【東京】マーケティング視点の母集団形成セミナー

(2018年07月17日

>続きはこちら

【東京】インパクト・プレゼンテーション・セミナー

(2018年05月18日

>続きはこちら

【東京】「アサーティブ」発展的・協調的自己主張セミナー

(2018年05月18日

>続きはこちら

【東京】面接官トレーニング 短時間集中講座

※お電話でのお申し込みは、株式会社トライアンフ セミナー事務局 0120-600-273(平日10:00~18:00)まで。 ご参加特典 特典1.「採用面接GuideBook」をプレゼント 講座参加者には、全員に「採用面 […]

(2017年12月05日

>続きはこちら