Implementing Cisco Network Security (IINS)

 

QUESTION 41

What command can you use to verify the binding table status?

 

A.

show ip dhcp snooping database

B.

show ip dhcp snooping binding

C.

show ip dhcp snooping statistics

D.

show ip dhcp pool

E.

show ip dhcp source binding

F.

show ip dhcp snooping

 

Correct Answer: A

 

QUESTION 42

If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?

 

A.

root guard

B.

EtherChannel guard

C.

loop guard

D.

BPDU guard

 

Correct Answer: D

 

 

QUESTION 43

Which statement about a PVLAN isolated port configured on a switch is true?

 

A.

The isolated port can communicate only with the promiscuous port.

B.

The isolated port can communicate with other isolated ports and the promiscuous port.

C.

The isolated port can communicate only with community ports.

D.

The isolated port can communicate only with other isolated ports.

 

Correct Answer: A

 

 

QUESTION 44

If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?

 

A.

The trunk port would go into an error-disabled state.

B.

A VLAN hopping attack would be successful.

C.

A VLAN hopping attack would be prevented.

D.

The attacked VLAN will be pruned.

 

Correct Answer: C

 

 

QUESTION 45

What is a reason for an organiza
tion to deploy a personal firewall?

 

A.

To protect endpoints such as desktops from malicious activity.

B.

To protect one virtual network segment from another.

C.

To determine whether a host meets minimum security posture requirements.

D.

To create a separate, non-persistent virtual environment that can be destroyed after a session.

E.

To protect the network from DoS and syn-flood attacks.

 

Correct Answer: A

 

 

QUESTION 46

Which statement about personal firewalls is true?

 

A.

They can protect a system by denying probing requests.

B.

They are resilient against kernel attacks.

C.

They can protect email messages and private documents in a similar way to a VPN.

D.

They can protect the network against attacks.

 

Correct Answer: A

 

 

QUESTION 47

Refer to the exhibit. What type of firewall would use the given configuration line?

 

clip_image002

 

A.

a stateful firewall

B.

a personal firewall

C.

a proxy firewall

D.

an application firewall

E.

a stateless firewall

 

Correct Answer: A

 

 

QUESTION 48

What is the only permitted operation for processing multicast traffic on zone-based firewalls?

 

A.

Only control plane policing can protect the control plane against multicast traffic.

B.

Stateful inspection of multicast traffic is supported only for the self-zone.

C.

Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone.

D.

Stateful inspection of multicast traffic is supported only for the internal zone.

 

Correct Answer: A

 

 

QUESTION 49

How does a zone-based firewall implementation handle traffic between interfaces in the same zone?

 

A.

Traffic between two interfaces in the same zone is allowed by default.

B.

Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command.

C.

Traffic between interfaces in the same zone is always blocked.

D.

Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.

 

Correct Answer: A

 

 

QUESTION 50

Which two statements about Telnet access to the ASA are true? (Choose two).

 

A.

You may VPN to the lowest security interface to telnet to an inside interface.

B.

You must configure an AAA server to enable Telnet.

C.

You can access all interfaces on an ASA using Telnet.

D.

You must use the command virtual telnet to enable Telnet.

E.

Best practice is to disable Telnet and use SSH.

 

Correct Answer: AE

 

Free VCE & PDF File for Cisco 210-260 Practice Test


Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …