Exam Prepartion Material For Cisco 210-260 Exam

DumpsSchool provides accurate CCNA Security 210-260 dumps. This preparation material possesses valid information about Implementing Cisco network security which guides you to pass this exam of CCNA Security certification. Get CCNA Security dumps now and embrace success in the exam.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Which countermeasures can mitigate ARP spoofing attacks? (Choose two.)

Answer: B, D

+ ARP spoofing attacks and ARP cache poisoning can occur because ARP allows a gratuitous reply from a host even if an ARP request was not received.

+ DAI is a security feature that validates ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the- middle attacks.

+ DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database.

Source: Cisco Official Certification Guide, Dynamic ARP Inspection, p.254

Question No. 2

Which Auto NAT policies are processed first ?

Answer: C

All packets processed by the ASA are evaluated against the NAT table. This evaluation starts at the top (Section 1) and works down until a NAT rule is matched. Once a NAT rule is matched, that NAT rule is applied to the connection and no more NAT policies are checked against the packet.

+ Section 1 – Manual NAT policies: These are processed in the order in which they appear in the configuration.

+ Section 2 – Auto NAT policies: These are processed based on the NAT type (static or dynamic) and the prefix (subnet mask) length in the object.

+ Section 3 – After-auto manual NAT policies: These are processed in the order in which they appear in the configuration.

Source: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation- firewalls/116388-technote-nat-00.html

Question No. 3

What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two.)

Answer: A, D

Question No. 4

The purpose of the RSA SecureID server/application is to provide what?

Answer: B

Question No. 5

How does the transparent firewall process traffic through the ASA?

Answer: B

Question No. 6

Which statement about interface and global access rules is true?

Answer: A

Question No. 7

Which two options are Private-VLAN secondary VLAN types?

Answer: A, C

Question No. 8

What is an advantage of split tunneling?

Answer: C

210-260 Dumps Google Drive: (Limited Version!!!)

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html