Implementing Cisco Network Security (IINS)

 

QUESTION 21

What type of algorithm uses the same key to encrypt and decrypt data?

 

A.

a symmetric algorithm

B.

an asymmetric algorithm

C.

a Public Key Infrastructure algorithm

D.

an IP security algorithm

 

Correct Answer: A

 

 

QUESTION 22

Refer to the exhibit. How many times was a read-only string used to attempt a write operation?

 

clip_image002

 

A.

9

B.

6

C.

4

D.

3

E.

2

 

Correct Answer: A

 

 

QUESTION 23

Refer to the exhibit. Which statement about the device time is true?

 

clip_image004

 

A.

The time is authoritative, but the NTP process has lost contact with its servers.

B.

The time is authoritative because the clock is in sync.

C.

The clock is out of sync.

D.

NTP is configured incorrectly.

E.

The time is not authoritative.

 

Correct Answer: A

 

 

 

QUESTION 24

How does the Cisco ASA use Active Directory to authorize VPN users?

 

A.

It queries the Active Directory server for a specific attribute for the specified user.

B.

It sends the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server.

C.

It downloads and stores the Active Directory database to query for future authorization requests.

D.

It redirects requests to the Active Directory server defined for the VPN group.

 

Correct Answer: A

 

 

QUESTION 25

Which statement about Cisco ACS authentication and authorization is true?

 

A.

ACS servers can be clustered to provide scalability.

B.

ACS can query multiple Active Directory domains.

C.

ACS uses TACACS to proxy other authentication servers.

D.

ACS can use only one authorization profile to allow or deny requests.

 

Correct Answer: A

 

 

QUESTION 26

Refer to the exhibit. If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?

 

clip_image006

 

A.

The supplicant will fail to advance beyond the webauth method.

B.

The switch will cycle through the configured authentication methods indefinitely.

C.

The authentication attempt will time out and the switch will place the port into the unauthorized state.

D.

The authentication attempt will time out and the switch will place the port into VLAN 101.

 

Correct Answer: A

 

 

QUESTION 27

Which EAP method uses Protected Access Credentials?

 

A.

EAP-FAST

B.

EAP-TLS

C.

EAP-PEAP

D.

EAP-GTC

 

Correct Answer: A

 

 

QUESTION 28

What is one requirement for locking a wired or wireless device from ISE?

 

A.

The ISE agent must be installed on the device.

B.

The device must be connected to the network when the lock command is executed.

C.

The user must approve the locking action.

D.

The organization must implement an acceptable use policy allowing device locking.

 

Correct Answer: A

 

 

QUESTION 29

What VPN feature allows traffic to exit the security appliance through the same interface it entered?

 

A.

hairpinning

B.

NAT

C.

NAT traversal

D.

split tunneling

 

Correct Answer: A

 

 

QUESTION 30

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?

 

A.

split tunneling

B.

hairpinning

C.

tunnel mode

D.

transparent mode

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 210-260 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …