This page was exported from Braindump2go Free IT Certification Exams and Tests Collection [ http://www.braindump2go.org ] Export date:Tue Mar 24 22:01:16 2020 / +0000 GMT ___________________________________________________ Title: [2018-April-New]High Quality Braindump2go 210-260 Dumps PDF 368Q Free Share[138-148] --------------------------------------------------- 2018 April Latest Cisco 210-260 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 210-260 Real Exam Questions:1.|2018 Latest Cisco 210-260 Exam Dumps (PDF & VCE) 368Q Download:https://www.braindump2go.com/210-260.html2.|2018 Latest Cisco 210-260 Exam Questions & Answers Download:https://drive.google.com/drive/folders/0B75b5xYLjSSNV1RGaFJYZkxGWFk?usp=sharingQUESTION 138Which of encryption technology has the broadcast platform support to protect operating systems?A. MiddlewareB. HardwareC. softwareD. file-levelAnswer: CQUESTION 139Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?A. holistic understanding of threatsB. graymail management and filteringC. signature-based IPSD. contextual analysisAnswer: DQUESTION 140Which Sourfire secure action should you choose if you want to block only malicious traffic from a particular end-user?A. TrustB. BlockC. Allow without inspectionD. MonitorE. Allow with inspectionAnswer: EExplanation:Allow with Inspection allows all traffic except for malicious traffic from a particular end-user. The other options are too restrictive, too permissive, or don't exist.QUESTION 141Which two next-generation encryption algorithms does Cisco recommends? (Choose two)A. SHA-384B. MD5C. DH-1024D. DESE. AESF. 3DESAnswer: AEExplanation:From Cisco documentation:A. SHA-384 - YESB. MD5 - NOC. DH-1024 - NOD. DES - NOE. AES - YES (CBC, or GCM modes)F. 3DES - LegacyQUESTION 142When an administrator initiates a device wipe command from the ISE, what is the immediate effect?A. It requests the administrator to choose between erasing all device data or only managed corporate data.B. It requests the administrator to enter the device PIN or password before proceeding with the operationC. It immediately erases all data on the device.D. It notifies the device user and proceeds with the erase operationAnswer: AQUESTION 143How does a device on a network using ISE receive its digital certificate during the new-device registration process?A. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA serverB. The device request a new certificate directly from a central CAC. ISE issues a pre-defined certificate from a local databaseD. ISE issues a certificate from its internal CA server.Answer: AExplanation:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide.pdfQUESTION 144How can you detect a false negative on an IPS?A. View the alert on the IPSB. Use a third-party to audit the next-generation firewall rulesC. Review the IPS consoleD. Review the IPS logE. Use a third-party system to perform penetration testingAnswer: EExplanation:Only penetration testing can confirm this. All the other options lead to inconclusive results and may still result in false negatives.QUESTION 145Which two statement about stateless firewalls is true? (Choose two)A. the Cisco ASA is implicitly stateless because it blocks all traffic by default.B. They compare the 5-tuple of each incoming packets against configurable rules.C. They cannot track connections..D. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS..E. Cisco IOS cannot implement them because the platform is Stateful by natureAnswer: BCExplanation:5-tuple is: source/destination IP, ports, and protocols. Stateless firewalls cannot track connections.QUESTION 146Which three ESP fields can be encrypted during transmission? (Choose three)A. Next HeaderB. MAC AddressC. PaddingD. Pad LengthE. Sequence NumberF. Security Parameter IndexAnswer: ACDExplanation:The last encrypted part is the Payload Data. The unencrypted parts are the Security Parameter Index and the Sequence Number.QUESTION 147Which type of PVLAN port allows host in the same VLAN to communicate directly with the other?A. promiscuous for hosts in the PVLANB. span for hosts in the PVLANC. Community for hosts in the PVLAND. isolated for hosts in the PVLANAnswer: CExplanation:Hosts in the same PVLAN Community can communicate with one another.QUESTION 148Refer to the exhibit while troubleshooting site-to-site VPN, you issued the show crypto isakamp sa command. What does the given output shows? A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2B. IKE Phase 1 main mode has successfully negotiate between 10.1.1.5 and10.10.10.2C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2 D. IKE Phase 1 aggressive mode was create on 10.1.1.5, but it failed to negotiate with 10.10.10.2Answer: AExplanation:The MM_NO_STATE state indicates that the phase 1 policy does not match on both sides, therefore main mode failed to negotiate. Aggressive mode is indicated by AG instead of MM.!!!!RECOMMEND!!!!1.|2018 Latest Cisco 210-260 Exam Dumps (PDF & VCE) 368Q Download:https://www.braindump2go.com/210-260.html2.|2018 Latest Cisco 210-260 Exam Study Guide: YouTube Video: YouTube.com/watch?v=RmOe8jLMDJ4 --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2018-04-20 07:05:58 Post date GMT: 2018-04-20 07:05:58 Post modified date: 2018-04-20 07:05:58 Post modified date GMT: 2018-04-20 07:05:58 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com