210-250 dumps 210-255 dumps 200-150 dumps 200-155pdf 300-160 dumps 300-165 dumps 300-170 dumps 300-175 dumps 300-180 dumps 300-210 dumps 70-698 dumps 70-734 dumps 70-741 dumps 70-742 dumps 70-743 dumps 70-761 dumps 70-764 dumps 70-767 dumps 70-765 dumps 70-740 dumps 70-357 dumps 70-773 dumps 70-774 dumps 70-775 dumps Vendor: Cisco Exam Code: 210-260 Exam Name: Implementing Cisco https://www.pass4itsure.com/210-260.html Network Security Q&As: 329 (324Q&As & 5 Labs)QUESTION 1 Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header Correct Answer: DEF Explanation QUESTION 2 What mechanism does asymmetric cryptography use to secure data? A. a public/private key pair B. shared secret keys C. an RSA nonce D. an MD5 hash Correct Answer: A Explanation QUESTION 3 Whit which type of Leyer 2 attack can you "do something" for one host: A. MAC spoofing B. CAM overflow.... Correct Answer: A Explanation QUESTION 4 Refer to the exhibit. How many times was a read-only string used to attempt a write operation? A. 9 B. 6 C. 4 D. 3 E. 2 Correct Answer: A Explanation QUESTION 5 Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A. next IP B. round robin C. dynamic rotation D. NAT address rotation Correct Answer: B Explanation QUESTION 6 Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own? A. white hat hacker B. hacktivist C. phreaker D. script kiddy Correct Answer: D Explanation QUESTION 7 When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.) A. pass B. police C. inspect D. drop E. queue F. shape Correct Answer: ACD Explanation Explanation/Reference: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml Zone-Based Policy Firewall Actions ZFW provides three actions for traffic that traverses from one zone to another: Drop -- This is the default action for all traffic, as applied by the "class class-default" that terminates every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic. Traffic that is handled by the drop action is "silently" dropped (i.e., no notification of the drop is sent to the relevant end-host) by the ZFW, as opposed to an ACL's behavior of sending an ICMP "host unreachable" message to the host that sent the denied traffic. Currently, there is not an option to change the "silent drop" behavior. The log option can be added with drop for syslog notification that traffic was dropped by the firewall. Pass -- This action allows the router to forward traffic from one zone to another. The pass action does not track the state of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must be applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application traffic is better handled in the ZFW with the inspect action. Inspect--The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet zone in the earlier example network is inspected, the router maintains connection or session information for TCP and User Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to private zone connection requests. Also, inspect can provide application inspection and control for certain service protocols that might carry vulnerable or sensitive application traffic.Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume transferred, and source and destination addresses. QUESTION 8 Which type of security control is defense in depth? A. Threat mitigation B. Risk analysis C. Botnet mitigation D. Overt and covert channels Correct Answer: A Explanation QUESTION 9 Which statement about a PVLAN isolated port configured on a switch is true? A. The isolated port can communicate only with the promiscuous port. B. The isolated port can communicate with other isolated ports and the promiscuous port. C. The isolated port can communicate only with community ports. D. The isolated port can communicate only with other isolated ports. Correct Answer: A Explanation QUESTION 10 Which statement about Cisco ACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses TACACS to proxy other authentication servers. D. ACS can use only one authorization profile to allow or deny requests. Correct Answer: A Explanation ACSM-Certification Oracle Exam Questions 9l0-012 101-400 300-085 og0-093 1z0-061 70-488 1z0-062