[Free] 2017(Feb) Ensurepass Examcollection Cisco 210-260 Practice Test 121-130

Ensurepass

Implementing Cisco Network Security (IINS)

 

QUESTION 121

Which statement about extended access lists is true?

 

A.

Extended access lists perform filtering that is based on source and destination and are most effective when applied to the destination.

B.

Extended access lists perform filtering that is based on source and destination and are most effective when applied to the source.

C.

Extended access lists perform filtering that is based on destination and are most effective when applied to the source.

D.

Extended access lists perform filtering that is based on source and are most effective when applied to the destination.

 

Correct Answer: B

 

 

QUESTION 122

What is the transition order of STP states on a Layer 2 switch interface?

 

A.

listening, learning, blocking, forwarding, disabled

B.

listening, blocking, learning, forwarding, disabled

C.

blocking, listening, learning, forwarding, disabled

D.

forwarding, listening, learning, blocking, disabled

 

Correct Answer: C

 

 

QUESTION 123

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

 

A.

Modifying packets

B.

Requesting connection blocking

C.

Denying packets

D.

Resetting the TCP connection

E.

Requesting host blocking

F.

Denying frames

 

Correct Answer: BDE

 

 

 

 

 

 

QUESTION 124

Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)

 

A.

The password

B.

The hash

C.

The key

D.

The transform set

 

Correct Answer: BC

 

 

QUESTION 125

Which wildcard mask is associated with a subnet mask of /27?

 

A.

0.0.0.31

B.

0.0.0.27

C.

0.0.0.224

D.

0.0.0.255

 

Correct Answer: A

 

 

QUESTION 126

Which sensor mode can deny attackers inline?

 

A.

IPS

B.

fail-close

C.

IDS

D.

fail-open

 

Correct Answer: A

 

 

QUESTION 127

Which tasks is the session management path responsible for? (Choose three.)

 

A.

Verifying IP checksums

B.

Performing route lookup

C.

Performing session lookup

D.

Allocating NAT translations

E.

Checking TCP sequence numbers

F.

Checking packets against the access list

 


Correct Answer: BDF

 

 

QUESTION 128

Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.)

 

A.

EAP

B.

ASCII

C.

PAP

D.

PEAP

E.

MS-CHAPv1

F.

MS-CHAPv2

 

Correct Answer: CEF

 

 

QUESTION 129

What features can protect the data plane? (Choose three.)

 

A.

policing

B.

ACLs

C.

IPS

D.

antispoofing

E.

QoS

F.

DHCP-snooping

 

Correct Answer: BDF

 

 

QUESTION 130

Which type of PVLAN port allows host in the same VLAN to communicate directly with the other?

 

A.

promiscuous for hosts in the PVLAN

B.

span for hosts in the PVLAN

C.

Community for hosts in the PVLAN

D.

isolated for hosts in the PVLAN

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 210-260 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …