Implementing Cisco Network Security (IINS)

 

QUESTION 141

Which type of firewall can act on the behalf of the end device?

 

A.

Stateful packet

B.

Application

C.

Packet

D.

Proxy

 

Correct Answer: D

 

 

QUESTION 142

In the router ospf 200 command, what does the value 200 stands for?

 

A.

Administrative distance value

B.

process ID

C.

area ID

D.

ABR ID

 

Correct Answer: B

Explanation:

Recall that the area is defined in the following command: hostname(config-router)#network 10.0.0.0 255.0.0.0 area 0

 

 

QUESTION 143

What mechanism does asymmetric cryptography use
to secure data?

 

A.

an RSA nonce

B.

a public/private key pair

C.

an MD5 hash

D.

shared secret keys

 

Correct Answer: B

 

 

QUESTION 144

Which type of mirroring does SPAN technology perform?

 

A.

Remote mirroring over Layer 2

B.

Remote mirroring over Layer 3

C.

Local mirroring over Layer 2

D.

Local mirroring over Layer 3

 

Correct Answer: C

 

 

QUESTION 145

Which security zone is automatically defined by the system?

 

A.

The source zone

B.

The self zone

C.

The destination zone

D.

The inside zone

 

Correct Answer: B

 

 

QUESTION 146

What is the most common Cisco Discovery Protocol version 1 attack?

 

A.

Denial of Service

B.

MAC-address spoofing

C.

CAM-table overflow

D.

VLAN hopping

 

Correct Answer: A

 

 

QUESTION 147

Refer to the following:

 

R1

Interface GigabitEthernet 0/0

IP address 10.20.20.4 255.255.255.255.0

Crypto isakmp policy 1

Authentication pre-share

Lifetime 84600

Crypto isakmp key test67890 address 10.20.20.4

 

R2

Interface GigabitEthernet 0/0

IP address 10.20.20.4 255.255.255.255.0

Crypto isakmp policy 10

Authentication pre-share

Lifetime 84600

Crypto isakmp key test12345 address 10.30.30.5

 

You have configured R1 and R2 as shown, but the routers are unable to establish a site-tosite VPN tunnel. What action can you take to correct the problem?

 

A.

Edit the crypto keys on R1 and R2 to match.

B.

Edit the crypto isakmp key command on each router with the address value of its own interface.

C.

Edit the ISAKMP policy sequence numbers on R1 and R2 to match.

D.

Set a valid value for the crypto key lifetime on each router.

 

Correct Answer: A

 

 

QUESTION 148

How does a device on a network using ISE receive its digital certificate during the new-device registration process?

 

A.

ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server.

B.

The device request a new certificate directly from a central CA.

C.

ISE issues a pre-defined certificate from a local database.

D.

ISE issues a certificate from its internal CA server.

 

Correct Answer: A

 

 

QUESTION 149

What are purposes of the Internet Key Exchange in an IPsec VPN?

 

A.

The Internet Key Exchange protocol establishes security associations.

B.

The Internet Key Exchange protocol provides data confidentiality.

C.

The Internet Key Exchange protocol provides replay detection.

D.

The Internet Key Exchange protocol is responsible for mutual authentication.

Correct Answer: AD

 

 

QUESTION 150

What is the best way to confirm that AAA authentication is working properly?

 

A.

Use the test aaa command

B.

Use the Cisco-recommended configuration for AAA authentication

C.

Log into and out of the router, and then check the NAS authentication log

D.

Ping the NAS to confirm connectivity

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 210-260 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …