Sharing cisco 210-260 dumps for the students of cisco security 210-260 exam, here below you can watch the actual ccna 210-260 dumps pdf Realdumpspdf fully updated 210-260 exam questions. QUESTION 149 Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows? A. IPSec Phase 2 established between 10.10.10.2 and 10.1.1.5 B. IPSec Phase 1 established between 10.10.10.2 and 10.1.1.5 C. IPSec Phase 2 is down due to a QM_IDLE state. D. IPSec Phase 1 is down due to a QM_IDLE state. Answer: B Explanation: An IDLE state is good and means that the connection and key exchange have taken place successfully. QM indicates that the device is ready for phase 2 (quick mode) and subsequent data transfer. QUESTION 150 Refer to the exhibit. You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem? A. Edit the crypto keys on R1 and R2 to match. B. Edit the crypto isakmp key command on each router with the address value of its own interface C. Edit the ISAKMP policy sequence numbers on R1 and R2 to match. D. set a valid value for the crypto key lifetime on each router. Answer: A Explanation: The crypto keys don’t match here. I’ve inferred and assumed that the destination address at the end of the “Crypto isakmp key test12345 address 10.30.30.5” line is the IP address of R1. By extension, this would produce an MM_NO_STATE state if you ran the “show crypto isakmp sa” command, as it would never connect to begin phase 1. QUESTION 151 Refer to the exhibit. Which statement about the given configuration is true? A. The timeout command causes the device to move to the next server after 20 seconds of TACACS inactivity. B. The single-connection command causes the device to process one TACACS request and then move to the next server. C. The single-connection command causes the device to establish one connection for all TACACS transactions. D. The router communicates with the NAS on the default port, TCP 1645 Answer: C Explanation: In order for TACACS+ servers to fail over, they must be configured in a TACACS server group, which these are not, which eliminates A and B. D is incorrect. QUESTION 152 Refer to the exhibit. What is the effect of the given command? A. It configure the network to use a different transform set between peers. B. It merges authentication and encryption methods to protect traffic that matches an ACL. C. It configures encryption for MD5 HMAC. D. It configures authentications as AES 256. Answer: B Explanation: Because a transform set defines a method to encrypt traffic: esp-aes-256 and a method to authenticate: esp-md5-hmac QUESTION 153 Refer to the exhibit. What are two effects of the given command? (Choose two.) A. It configures authentication to use AES 256. B. It configures authentication to use MD5 HMAC. C. It configures authorization use AES 256. D. It configures encryption to use MD5 HMAC. E. It configures encryption to use AES 256. Answer: BE QUESTION 154 What is a valid implicit permit rule for traffic that is traversing the ASA firewall? A. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only B. Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode. C. ARPs in both directions are permitted in transparent mode only D. Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only E. Only BPDUs from a higher security interface to a lower security interface are permitted in transparent mode. Answer: C Explanation: IPv4 and IPv6 traffic is permitted in both routed and transparent mode from higher to lower security interfaces. QUESTION 155 You have been tasked with blocking user access to website that violate company policy, but the site use dynamic IP Addresses. What is the best practice URL filtering to solve the problem? A. Enable URL filtering and create a blacklist to block the websites that violate company policy. B. Enable URL filtering and create a whitelist to allow only the websites the company policy allow users to access. C. Enable URL filtering and use URL categorization to allow only the websites the company policy allow users to access D. Enable URL filtering and create a whitelist to block the websites that violate company policy. E. Enable URL filtering and use URL categorization to block the websites that violate company policy. Answer: E Explanation: Categorization will catch a large number of related websites, regardless of the address or IP. QUESTION 156 What is the potential drawback to leaving VLAN 1 as the native VLAN? A. Gratuitous ARPs might be able to conduct a man-in-the-middle attack. B. The CAM might be overloaded, effectively turning the switch into hub. C. VLAN 1 might be vulnerable to IP address spoofing D. It may be susceptible to a VLAN hopping attack Answer: D QUESTION 157 Refer to the exhibit. Which line in this configuration prevents the HelpDesk user from modifying the interface configuration? A. Privilege exec level 9 show configure terminal B. Privilege exec level 7show start-up C. Privilege exec level 10 interface D. Username HelpDesk privilege 6 password help Answer: A QUESTION 158 Which IPS mode provides the maximum number of actions? A. Inline B. bypass C. span D. failover E. promiscuous Answer: A Explanation: Because IPS inline gets the live traffic as it’s passing through the network and can take direct action on the traffic if it detects any malicious activity. The actions are drop, block, TCP reset, shun, alert, log, modify. QUESTION 159 In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three) A. When matching ACL entries are configured B. when matching NAT entries are configured C. When the firewall requires strict HTTP inspection D. When the firewall requires HTTP inspection E. When the firewall receives a SYN-ACK packet F. When the firewall receives a SYN packet Answer: ABE Download Cisco 210-260 Exam Dumps (PDF & VCE) 368Q Dear visitor, you need to Register or Login to view links on Certify Chat.