This page was exported from Free Lead2pass Dumps VCE [ http://www.freepassit4sure.com ] Export date:Thu Dec 12 23:49:31 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] Lead2pass 2017 100% Real 210-260 Exam Questions (181-200) --------------------------------------------------- 2017 July Cisco Official New Released 210-260 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Amazing,100% candidates have passed the 210-260 exam by practising the preparation material of Lead2pass, because the braindumps are the latest and cover every aspect of 210-260 exam. Download the braindumps for an undeniable success in 210-260 exam. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html QUESTION 181A data breach has occurred and your company database has been copied. Which security principle has been violated? A.    ConfidentialityB.    AccessC.    ControlD.    AvailabilityAnswer: A QUESTION 182If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? A.    BPDU guardB.    portfastC.    EherCahannel guardD.    loop guard Answer: AExplanation:The key here is the word 'switch'. The entire switch goes into a blocked state, meaning that it can't participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP. QUESTION 183What is the primary purposed of a defined rule in an IPS? A.    to detect internal attacksB.    to define a set of actions that occur when a specific user logs in to the systemC.    to configure an event action that is pre-defined by the system administratorD.    to configure an event action that takes place when a signature is triggered. Answer: CExplanation:Defined rules are defined by the sysadmin, Event Action Rules take place when an event triggers an action. QUESTION 184How does PEAP protect EAP exchange? A.    it encrypts the exchange using the client certificate.B.    it validates the server-supplied certificate and then encrypts the exchange using the client certificateC.    it encrypts the exchange using the server certificateD.    it validates the client-supplied certificate and then encrypts the exchange using the server certificate. Answer: CExplanation:The client certificate is not used for encryption with PEAP. QUESTION 185How can firepower block malicious email attachments? A.    It forwards email requests to an external signature engineB.    It sends the traffic through a file policyC.    It scans inbound email messages for known bad URLsD.    It sends an alert to the administrator to verify suspicious email messages Answer: B QUESTION 186A proxy firewall protects against which type of attacks? A.    DDoSB.    port scanningC.    worm trafficD.    cross-site scripting attacks Answer: D QUESTION 187Which three statements are characteristics of DHCP Spoofing? (Choose three.) A.    Arp PoisoningB.    Modify Traffic in transitC.    Used to perform man-in-the-middle attackD.    Physically modify the network gatewayE.     Protect the identity of the attacker by masking the DHCP addressF.     Can access most network devices Answer: BCDExplanation:In DHCP spoofing attacks, the attacker takes over the DHCP server role and can serve IP addresses and his IP address as default gateway. By doing that he performs a man-in-the-middle attack, and because all the traffic passes through his computer he can modify traffic in transit and he physically changed the default gateway. QUESTION 188In which two situations should you use in-band management? (Choose two) A.    when a network device fails to forward packetsB.    when management applications need concurrent access to the deviceC.    when you require ROMMON accessD.    when you require administrator's access from multiple locationsE.    when the control plane fails to respond Answer: BD QUESTION 189Which three statements describe DHCP spoofing attacks? (Choose three.) A.    They can modify traffic in transit.B.    They are used to perform man-in-the-middle attacks.C.    They use ARP poisoning.D.    They can access most network devices.E.    They protect the identity of the attacker by masking the DHCP address.F.      They are can physically modify the network gateway. Answer: ABF QUESTION 190What security feature allows a private IP address to access the Internet by translating it to a public address? A.    NATB.    hairpinningC.    Trusted Network DetectionD.    Certification Authority Answer: A QUESTION 191Which Sourcefire event action should you choose if you want to block only malicious trafficfrom a particular end user? A.    Allow with inspectionB.    Allow without inspectionC.    BlockD.    TrustE.     Monitor Answer: A QUESTION 192Which two NAT types allows only objects or groups to reference an IP address? (choose two) A.    dynamic NATB.    dynamic PATC.    static NATD.    identity NAT Answer: ACExplanation:Adding Network Objects for Mapped AddressesFor dynamic NAT, you must use an object or group for the mapped addresses. Other NAT types have the option of using inline addresses, or you can create an object or group according to this section.* Dynamic NAT:+ You cannot use an inline address; you must configure a network object or group.+ The object or group cannot contain a subnet; the object must define a range; the group can include hosts and ranges.+ If a mapped network object contains both ranges and host IP addresses, then the ranges are used for dynamic NAT, and then the host IP addresses are used as a PAT fallback.* Dynamic PAT (Hide):+ Instead of using an object, you can optionally configure an inline host address or specify the interface address.+ If you use an object, the object or group cannot contain a subnet; the object must define a host, or for a PAT pool, a range; the group (for a PAT pool) can include hosts and ranges.* Static NAT or Static NAT with port translation:+ Instead of using an object, you can configure an inline address or specify the interface address (for static NAT-with-port-translation).+ If you use an object, the object or group can contain a host, range, or subnet.* Identity NAT+ Instead of using an object, you can configure an inline address.+ If you use an object, the object must match the real addresses you want to translate.http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ nat_objects.html#61711 QUESTION 193Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A.    next IPB.    round robinC.    dynamic rotationD.    NAT address rotation Answer: B QUESTION 194Which line in the following OSPF configuration will not be required for MD5 authentication to work? interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNA!router ospf 65000router-id 192.168.10.1area 20 authentication message-digestnetwork 10.1.1.0 0.0.0.255 area 10network 192.168.10.0 0.0.0.255 area 0! A.    ip ospf authentication message-digestB.    network 192.168.10.0 0.0.0.255 area 0C.    area 20 authentication message-digestD.    ip ospf message-digest-key 1 md5 CCNA Answer: C QUESTION 195Which of the following pairs of statements is true in terms of configuring MD authentication? A.    Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPFB.    Router process (OSPF, EIGRP) must be configured; key chain in EIGRPC.    Router process (only for OSPF) must be configured; key chain in EIGRPD.    Router process (only for OSPF) must be configured; key chain in OSPF Answer: C QUESTION 196Which component of CIA triad relate to safe data which is in transit. A.    ConfidentialityB.    IntegrityC.    AvailabilityD.    Scalability Answer: BExplanation:Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems.Corruption of data is a failure to maintain data integrity. QUESTION 197Which command help user1 to use enable,disable,exit&etc commands? A.    catalyst1(config)#username user1 privilege 0 secret us1passB.    catalyst1(config)#username user1 privilege 1 secret us1passC.    catalyst1(config)#username user1 privilege 2 secret us1passD.    catalyst1(config)#username user1 privilege 5 secret us1pass Answer: AExplanation:To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router:+ privilege level 0 -- Includes the disable, enable, exit, help, and logout commands.+ privilege level 1 -- Normal level on Telnet; includes all user-level commands at the router> prompt.+ privilege level 15 -- Includes all enable-level commands at the router# prompt.http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html QUESTION 198Command ip ospf authentication key 1 is implemented in which level. A.    InterfaceB.    processC.    globalD.    enable Answer: AExplanation:Use the ip ospf authentication-key interface command to specify this password. If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message- digest-key interface command.interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNACisco Official Certification Guide, Implement Routing Update Authentication on OSPF, p.348 The OSPFv2 Cryptographic Authentication feature allows you to configure a key chain on the OSPF interface to authenticate OSPFv2 packets by using HMAC-SHA algorithms. You can use an existing key chain that is being used by another protocol, or you can create a key chain specifically for OSPFv2.If OSPFv2 is configured to use a key chain, all MD5 keys that were previously configured using the ip ospf message-digest-key command are ignored.Device> enableDevice# configure terminalDevice(config)# interface GigabitEthernet0/0/0Device (config-if)# ip ospf authentication key-chain sample1 Device (config-if)# endhttp://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ospfv2-crypto-authen-xe.htmlIn both cases OSPF and OSPFv1 the ip ospf authentication is inserted at interface level QUESTION 199Which are two valid TCP connection states (pick 2) is the gist of the question. A.    SYN-RCVDB.    ClosedC.    SYN-WAITD.    RCVDE.    SENT Answer: ABExplanation:TCP Finite State Machine (FSM) States, Events and Transitions + CLOSED: This is the default state that each connection starts in before the process of establishing it begins.The state is called "fictional" in the standard.+ LISTEN+ SYN-SENT+ SYN-RECEIVED: The device has both received a SYN (connection request) from its partner and sent its own SYN. It is now waiting for an ACK to its SYN to finish connection setup.+ ESTABLISHED+ CLOSE-WAIT+ LAST-ACK+ FIN-WAIT-1+ FIN-WAIT-2+ CLOSING+ TIME-WAIThttp://tcpipguide.com/free/t_TCPOperationalOverviewandtheTCPFiniteStateMachineF-2.htm QUESTION 200Which of the following commands result in a secure bootset? (Choose all that apply.) A.    secure boot-setB.    secure boot-configC.    secure boot-filesD.    secure boot-image Answer: BD QUESTION 181A data breach has occurred and your company database has been copied. Which security principle has been violated? A.    ConfidentialityB.    AccessC.    ControlD.    Availability Answer: A QUESTION 182If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? A.    BPDU guardB.    portfastC.    EherCahannel guardD.    loop guard Answer: AExplanation:The key here is the word 'switch'. The entire switch goes into a blocked state, meaning that it can't participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP. QUESTION 183What is the primary purposed of a defined rule in an IPS? A.    to detect internal attacksB.    to define a set of actions that occur when a specific user logs in to the systemC.    to configure an event action that is pre-defined by the system administratorD.    to configure an event action that takes place when a signature is triggered. Answer: CExplanation:Defined rules are defined by the sysadmin, Event Action Rules take place when an event triggers an action. QUESTION 184How does PEAP protect EAP exchange? A.    it encrypts the exchange using the client certificate.B.    it validates the server-supplied certificate and then encrypts the exchange using the client certificateC.    it encrypts the exchange using the server certificateD.    it validates the client-supplied certificate and then encrypts the exchange using the server certificate. Answer: CExplanation:The client certificate is not used for encryption with PEAP. QUESTION 185How can firepower block malicious email attachments? A.    It forwards email requests to an external signature engineB.    It sends the traffic through a file policyC.    It scans inbound email messages for known bad URLsD.    It sends an alert to the administrator to verify suspicious email messages Answer: B QUESTION 186A proxy firewall protects against which type of attacks? A.    DDoSB.    port scanningC.    worm trafficD.    cross-site scripting attacks Answer: D QUESTION 187Which three statements are characteristics of DHCP Spoofing? (Choose three.) A.    Arp PoisoningB.    Modify Traffic in transitC.    Used to perform man-in-the-middle attackD.    Physically modify the network gatewayE.     Protect the identity of the attacker by masking the DHCP addressF.     Can access most network devices Answer: BCDExplanation:In DHCP spoofing attacks, the attacker takes over the DHCP server role and can serve IP addresses and his IP address as default gateway. By doing that he performs a man-in-the-middle attack, and because all the traffic passes through his computer he can modify traffic in transit and he physically changed the default gateway. QUESTION 188In which two situations should you use in-band management? (Choose two) A.    when a network device fails to forward packetsB.    when management applications need concurrent access to the deviceC.    when you require ROMMON accessD.    when you require administrator's access from multiple locationsE.    when the control plane fails to respond Answer: BD QUESTION 189Which three statements describe DHCP spoofing attacks? (Choose three.) A.    They can modify traffic in transit.B.    They are used to perform man-in-the-middle attacks.C.    They use ARP poisoning.D.    They can access most network devices.E.    They protect the identity of the attacker by masking the DHCP address.F.      They are can physically modify the network gateway. Answer: ABF QUESTION 190What security feature allows a private IP address to access the Internet by translating it to a public address? A.    NATB.    hairpinningC.    Trusted Network DetectionD.    Certification Authority Answer: A QUESTION 191Which Sourcefire event action should you choose if you want to block only malicious trafficfrom a particular end user? A.    Allow with inspectionB.    Allow without inspectionC.    BlockD.    TrustE.     Monitor Answer: A QUESTION 192Which two NAT types allows only objects or groups to reference an IP address? (choose two) A.    dynamic NATB.    dynamic PATC.    static NATD.    identity NAT Answer: ACExplanation:Adding Network Objects for Mapped AddressesFor dynamic NAT, you must use an object or group for the mapped addresses. Other NAT types have the option of using inline addresses, or you can create an object or group according to this section.* Dynamic NAT:+ You cannot use an inline address; you must configure a network object or group.+ The object or group cannot contain a subnet; the object must define a range; the group can include hosts and ranges.+ If a mapped network object contains both ranges and host IP addresses, then the ranges are used for dynamic NAT, and then the host IP addresses are used as a PAT fallback.* Dynamic PAT (Hide):+ Instead of using an object, you can optionally configure an inline host address or specify the interface address.+ If you use an object, the object or group cannot contain a subnet; the object must define a host, or for a PAT pool, a range; the group (for a PAT pool) can include hosts and ranges.* Static NAT or Static NAT with port translation:+ Instead of using an object, you can configure an inline address or specify the interface address (for static NAT-with-port-translation).+ If you use an object, the object or group can contain a host, range, or subnet.* Identity NAT+ Instead of using an object, you can configure an inline address.+ If you use an object, the object must match the real addresses you want to translate.http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ nat_objects.html#61711 QUESTION 193Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A.    next IPB.    round robinC.    dynamic rotationD.    NAT address rotation Answer: B QUESTION 194Which line in the following OSPF configuration will not be required for MD5 authentication to work? interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNA!router ospf 65000router-id 192.168.10.1area 20 authentication message-digestnetwork 10.1.1.0 0.0.0.255 area 10network 192.168.10.0 0.0.0.255 area 0! A.    ip ospf authentication message-digestB.    network 192.168.10.0 0.0.0.255 area 0C.    area 20 authentication message-digestD.    ip ospf message-digest-key 1 md5 CCNA Answer: C QUESTION 195Which of the following pairs of statements is true in terms of configuring MD authentication? A.    Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPFB.    Router process (OSPF, EIGRP) must be configured; key chain in EIGRPC.    Router process (only for OSPF) must be configured; key chain in EIGRPD.    Router process (only for OSPF) must be configured; key chain in OSPF Answer: C QUESTION 196Which component of CIA triad relate to safe data which is in transit. A.    ConfidentialityB.    IntegrityC.    AvailabilityD.    Scalability Answer: BExplanation:Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems.Corruption of data is a failure to maintain data integrity. QUESTION 197Which command help user1 to use enable,disable,exit&etc commands? A.    catalyst1(config)#username user1 privilege 0 secret us1passB.    catalyst1(config)#username user1 privilege 1 secret us1passC.    catalyst1(config)#username user1 privilege 2 secret us1passD.    catalyst1(config)#username user1 privilege 5 secret us1pass Answer: AExplanation:To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router:+ privilege level 0 -- Includes the disable, enable, exit, help, and logout commands.+ privilege level 1 -- Normal level on Telnet; includes all user-level commands at the router> prompt.+ privilege level 15 -- Includes all enable-level commands at the router# prompt.http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html QUESTION 198Command ip ospf authentication key 1 is implemented in which level. A.    InterfaceB.    processC.    globalD.    enable Answer: AExplanation:Use the ip ospf authentication-key interface command to specify this password. If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message- digest-key interface command.interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNACisco Official Certification Guide, Implement Routing Update Authentication on OSPF, p.348 The OSPFv2 Cryptographic Authentication feature allows you to configure a key chain on the OSPF interface to authenticate OSPFv2 packets by using HMAC-SHA algorithms. You can use an existing key chain that is being used by another protocol, or you can create a key chain specifically for OSPFv2.If OSPFv2 is configured to use a key chain, all MD5 keys that were previously configured using the ip ospf message-digest-key command are ignored.Device> enableDevice# configure terminalDevice(config)# interface GigabitEthernet0/0/0Device (config-if)# ip ospf authentication key-chain sample1 Device (config-if)# endhttp://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ospfv2-crypto-authen-xe.htmlIn both cases OSPF and OSPFv1 the ip ospf authentication is inserted at interface level QUESTION 199Which are two valid TCP connection states (pick 2) is the gist of the question. A.    SYN-RCVDB.    ClosedC.    SYN-WAITD.    RCVDE.    SENT Answer: ABExplanation:TCP Finite State Machine (FSM) States, Events and Transitions + CLOSED: This is the default state that each connection starts in before the process of establishing it begins.The state is called "fictional" in the standard.+ LISTEN+ SYN-SENT+ SYN-RECEIVED: The device has both received a SYN (connection request) from its partner and sent its own SYN. It is now waiting for an ACK to its SYN to finish connection setup.+ ESTABLISHED+ CLOSE-WAIT+ LAST-ACK+ FIN-WAIT-1+ FIN-WAIT-2+ CLOSING+ TIME-WAIThttp://tcpipguide.com/free/t_TCPOperationalOverviewandtheTCPFiniteStateMachineF-2.htm QUESTION 200Which of the following commands result in a secure bootset? (Choose all that apply.) A.    secure boot-setB.    secure boot-configC.    secure boot-filesD.    secure boot-image Answer: BD QUESTION 181A data breach has occurred and your company database has been copied. Which security principle has been violated? A.    ConfidentialityB.    AccessC.    ControlD.    Availability Answer: A QUESTION 182If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? A.    BPDU guardB.    portfastC.    EherCahannel guardD.    loop guard Answer: AExplanation:The key here is the word 'switch'. The entire switch goes into a blocked state, meaning that it can't participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP. QUESTION 183What is the primary purposed of a defined rule in an IPS? A.    to detect internal attacksB.    to define a set of actions that occur when a specific user logs in to the systemC.    to configure an event action that is pre-defined by the system administratorD.    to configure an event action that takes place when a signature is triggered. Answer: CExplanation:Defined rules are defined by the sysadmin, Event Action Rules take place when an event triggers an action. QUESTION 184How does PEAP protect EAP exchange? A.    it encrypts the exchange using the client certificate.B.    it validates the server-supplied certificate and then encrypts the exchange using the client certificateC.    it encrypts the exchange using the server certificateD.    it validates the client-supplied certificate and then encrypts the exchange using the server certificate. Answer: CExplanation:The client certificate is not used for encryption with PEAP. QUESTION 185How can firepower block malicious email attachments? A.    It forwards email requests to an external signature engineB.    It sends the traffic through a file policyC.    It scans inbound email messages for known bad URLsD.    It sends an alert to the administrator to verify suspicious email messages Answer: B QUESTION 186A proxy firewall protects against which type of attacks? A.    DDoSB.    port scanningC.    worm trafficD.    cross-site scripting attacks Answer: D QUESTION 187Which three statements are characteristics of DHCP Spoofing? (Choose three.) A.    Arp PoisoningB.    Modify Traffic in transitC.    Used to perform man-in-the-middle attackD.    Physically modify the network gatewayE.     Protect the identity of the attacker by masking the DHCP addressF.     Can access most network devices Answer: BCDExplanation:In DHCP spoofing attacks, the attacker takes over the DHCP server role and can serve IP addresses and his IP address as default gateway. By doing that he performs a man-in-the-middle attack, and because all the traffic passes through his computer he can modify traffic in transit and he physically changed the default gateway. QUESTION 188In which two situations should you use in-band management? (Choose two) A.    when a network device fails to forward packetsB.    when management applications need concurrent access to the deviceC.    when you require ROMMON accessD.    when you require administrator's access from multiple locationsE.    when the control plane fails to respond Answer: BD QUESTION 189Which three statements describe DHCP spoofing attacks? (Choose three.) A.    They can modify traffic in transit.B.    They are used to perform man-in-the-middle attacks.C.    They use ARP poisoning.D.    They can access most network devices.E.    They protect the identity of the attacker by masking the DHCP address.F.      They are can physically modify the network gateway. Answer: ABF QUESTION 190What security feature allows a private IP address to access the Internet by translating it to a public address? A.    NATB.    hairpinningC.    Trusted Network DetectionD.    Certification Authority Answer: A QUESTION 191Which Sourcefire event action should you choose if you want to block only malicious trafficfrom a particular end user? A.    Allow with inspectionB.    Allow without inspectionC.    BlockD.    TrustE.     Monitor Answer: A QUESTION 192Which two NAT types allows only objects or groups to reference an IP address? (choose two) A.    dynamic NATB.    dynamic PATC.    static NATD.    identity NAT Answer: ACExplanation:Adding Network Objects for Mapped AddressesFor dynamic NAT, you must use an object or group for the mapped addresses. Other NAT types have the option of using inline addresses, or you can create an object or group according to this section.* Dynamic NAT:+ You cannot use an inline address; you must configure a network object or group.+ The object or group cannot contain a subnet; the object must define a range; the group can include hosts and ranges.+ If a mapped network object contains both ranges and host IP addresses, then the ranges are used for dynamic NAT, and then the host IP addresses are used as a PAT fallback.* Dynamic PAT (Hide):+ Instead of using an object, you can optionally configure an inline host address or specify the interface address.+ If you use an object, the object or group cannot contain a subnet; the object must define a host, or for a PAT pool, a range; the group (for a PAT pool) can include hosts and ranges.* Static NAT or Static NAT with port translation:+ Instead of using an object, you can configure an inline address or specify the interface address (for static NAT-with-port-translation).+ If you use an object, the object or group can contain a host, range, or subnet.* Identity NAT+ Instead of using an object, you can configure an inline address.+ If you use an object, the object must match the real addresses you want to translate.http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ nat_objects.html#61711 QUESTION 193Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A.    next IPB.    round robinC.    dynamic rotationD.    NAT address rotation Answer: B QUESTION 194Which line in the following OSPF configuration will not be required for MD5 authentication to work? interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNA!router ospf 65000router-id 192.168.10.1area 20 authentication message-digestnetwork 10.1.1.0 0.0.0.255 area 10network 192.168.10.0 0.0.0.255 area 0! A.    ip ospf authentication message-digestB.    network 192.168.10.0 0.0.0.255 area 0C.    area 20 authentication message-digestD.    ip ospf message-digest-key 1 md5 CCNA Answer: C QUESTION 195Which of the following pairs of statements is true in terms of configuring MD authentication? A.    Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPFB.    Router process (OSPF, EIGRP) must be configured; key chain in EIGRPC.    Router process (only for OSPF) must be configured; key chain in EIGRPD.    Router process (only for OSPF) must be configured; key chain in OSPF Answer: C QUESTION 196Which component of CIA triad relate to safe data which is in transit. A.    ConfidentialityB.    IntegrityC.    AvailabilityD.    Scalability Answer: BExplanation:Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems.Corruption of data is a failure to maintain data integrity. QUESTION 197Which command help user1 to use enable,disable,exit&etc commands? A.    catalyst1(config)#username user1 privilege 0 secret us1passB.    catalyst1(config)#username user1 privilege 1 secret us1passC.    catalyst1(config)#username user1 privilege 2 secret us1passD.    catalyst1(config)#username user1 privilege 5 secret us1pass Answer: AExplanation:To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router:+ privilege level 0 -- Includes the disable, enable, exit, help, and logout commands.+ privilege level 1 -- Normal level on Telnet; includes all user-level commands at the router> prompt.+ privilege level 15 -- Includes all enable-level commands at the router# prompt.http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html QUESTION 198Command ip ospf authentication key 1 is implemented in which level. A.    InterfaceB.    processC.    globalD.    enable Answer: AExplanation:Use the ip ospf authentication-key interface command to specify this password. If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message- digest-key interface command.interface GigabitEthernet0/1ip address 192.168.10.1 255.255.255.0ip ospf authentication message-digestip ospf message-digest-key 1 md5 CCNACisco Official Certification Guide, Implement Routing Update Authentication on OSPF, p.348 The OSPFv2 Cryptographic Authentication feature allows you to configure a key chain on the OSPF interface to authenticate OSPFv2 packets by using HMAC-SHA algorithms. You can use an existing key chain that is being used by another protocol, or you can create a key chain specifically for OSPFv2.If OSPFv2 is configured to use a key chain, all MD5 keys that were previously configured using the ip ospf message-digest-key command are ignored.Device> enableDevice# configure terminalDevice(config)# interface GigabitEthernet0/0/0Device (config-if)# ip ospf authentication key-chain sample1 Device (config-if)# endhttp://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ospfv2-crypto-authen-xe.htmlIn both cases OSPF and OSPFv1 the ip ospf authentication is inserted at interface level QUESTION 199Which are two valid TCP connection states (pick 2) is the gist of the question. A.    SYN-RCVDB.    ClosedC.    SYN-WAITD.    RCVDE.    SENT Answer: ABExplanation:TCP Finite State Machine (FSM) States, Events and Transitions + CLOSED: This is the default state that each connection starts in before the process of establishing it begins.The state is called "fictional" in the standard.+ LISTEN+ SYN-SENT+ SYN-RECEIVED: The device has both received a SYN (connection request) from its partner and sent its own SYN. It is now waiting for an ACK to its SYN to finish connection setup.+ ESTABLISHED+ CLOSE-WAIT+ LAST-ACK+ FIN-WAIT-1+ FIN-WAIT-2+ CLOSING+ TIME-WAIThttp://tcpipguide.com/free/t_TCPOperationalOverviewandtheTCPFiniteStateMachineF-2.htm QUESTION 200Which of the following commands result in a secure bootset? (Choose all that apply.) A.    secure boot-setB.    secure boot-configC.    secure boot-filesD.    secure boot-image Answer: BD You can pass Cisco 210-260 exam if you get a complete hold of 210-260 braindumps in Lead2pass. What's more, all the 210-260 Certification exam Q and As provided by Lead2pass are the latest. 210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDOEdUelZwbnVuTHc 2017 Cisco 210-260 exam dumps (All 310 Q&As) from Lead2pass: https://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-28 02:27:13 Post date GMT: 2017-07-28 02:27:13 Post modified date: 2017-07-28 02:27:13 Post modified date GMT: 2017-07-28 02:27:13 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com