CCNA Security 210-260 Practice Test – 1 (Free)

Post Views: 16

This CCNA Security 210-260 Practice Test consists of 21 questions and is free of cost and can be taken multiple times. If you are one who have scheduled the exam, then these CCNA practice test is for you! Give a try today!

Please enter your email:

1. Which two statements about Telnet access to the ASA are true? (Choose two).

A. You may VPN to the lowest security interface to telnet to an inside interface.

B. You must configure an AAA server to enable Telnet.

C. You can access all interfaces on an ASA using Telnet.

D. You must use the command virtual telnet to enable Telnet.

E. Best practice is to disable Telnet and use SSH.

2. Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)

A. AES

B. 3DES

C. DES

D. MD5

E. DH-1024

F. SHA-384

3. What are two default Cisco IOS privilege levels? (Choose two.)

A. 0

B. 1

C. 5

D. 7

E. 10

F. 15

4. In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)

A. TACACS uses TCP to communicate with the NAS.

B. TACACS can encrypt the entire packet that is sent to the NAS.

C. TACACS supports per-command authorization.

D. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.

E. TACACS uses UDP to communicate with the NAS.

F. TACACS encrypts only the password field in an authentication packet.

5. According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)

A. BOOTP

B. TFTP

C. DNS

D. MAB

E. HTTP

F. 802.1x

6. Which statement about Cisco ACS authentication and authorization is true?

A. ACS servers can be clustered to provide scalability.

B. ACS can query multiple Active Directory domains.

C. ACS uses TACACS to proxy other authentication servers.

D. ACS can use only one authorization profile to allow or deny requests.

7. Which statement about communication over failover interfaces is true?

A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default.

B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default.

C. All information that is sent over the failover and stateful failover interfaces is encrypted by default.

D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text.

8. If a packet matches more than one class map in an individual feature type’s policy map, how does the ASA handle the packet?

A. The ASA will apply the actions from only the first matching class map it finds for the feature type.

B. The ASA will apply the actions from only the most specific matching class map it finds for the feature type.

C. The ASA will apply the actions from all matching class maps it finds for the feature type.

D. The ASA will apply the actions from only the last matching class map it finds for the feature type.

9. After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?

A. The secure boot-image command is configured.

B. The secure boot-comfit command is configured.

C. The confreg 0x24 command is configured.

D. The reload command was issued from ROMMON.

10. Which two authentication types does OSPF support? (Choose two.)

A. plaintext

B. MD5

C. HMAC

D. AES 256

E. SHA-1

F. DES

11. What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?

A. split tunneling

B. hairpinning

C. tunnel mode

D. transparent mode

12. What is the purpose of the Integrity component of the CIA triad?

A. to ensure that only authorized parties can modify data

B. to determine whether data is relevant

C. to create a process for accessing data

D. to ensure that only authorized parties can view data

13. What type of packet creates and performs network operations on a network device?

A. control plane packets

B. data plane packets

C. management plane packets

D. services plane packets

14. In what type of attack does an attacker virtually change a device’s burned-in address in an attempt to circumvent access lists and mask the device’s true identity?

A. gratuitous ARP

B. ARP poisoning

C. IP spoofing

D. MAC spoofing

15. Which three ESP fields can be encrypted during transmission? (Choose three.)

A. Security Parameter Index

B. Sequence Number

C. MAC Address

D. Padding

E. Pad Length

F. Next Header

16. In which two situations should you use out-of-band management? (Choose two.)

A. when a network device fails to forward packets

B. when you require ROMMON access

C. when management applications need concurrent access to the device

D. when you require administrator access from multiple locations

E. when the control plane fails to respond

17. An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?

A. The switch could offer fake DHCP addresses.

B. The switch could become the root bridge.

C. The switch could be allowed to join the VTP domain.

D. The switch could become a transparent bridge.

18. Which two statements about stateless firewalls are true? (Choose two.)

A. They compare the 5-tuple of each incoming packet against configurable rules.

B. They cannot track connections.

C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.

D. Cisco IOS cannot implement them because the platform is stateful by nature.

E. The Cisco ASA is implicitly stateless because it blocks all traffic by default.

19. What type of algorithm uses the same key to encrypt and decrypt data?

A. a symmetric algorithm

B. an asymmetric algorithm

C. a Public Key Infrastructure algorithm

D. an IP security algorithm

20. According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)

BOOTP

TFTP

DNS

MAB

HTTP

802.1x

21. What command can you use to verify the binding table status?

A. show ip dhcp snooping database

B. show ip dhcp snooping binding

C. show ip dhcp snooping statistics

D. show ip dhcp pool

E. show ip dhcp source binding

F. show ip dhcp snooping

Loading …

Question 1 of 21

Have a Query? Send it to us.

Name *

Numbers *

Email *

Comment or Message *

Message

Share this post

Dhawan Sagar

Hi all,
Good to see you here.
I'm your Trainer for CCIE, CCNP, CCNA, Firewall batches and many more courses coming up!
Stay tuned for latest updates!
Keep me posted over Whatsapp/Email about your experience learning from us.
Thanks for being part of - "Network Journey - A journey towards packet-life!!!"

21 DAYS CCNA BOOTCAMP	Click to Watch
PYTHON3/ANSIBLE for NETWORK AUTOMATION	Click to Watch
"FIREWALL MASTERY" : PA + FGT+ CP + ASA/FTD + F5 LTM	Click to Watch
OSPF+BGP+MPLS	Click to Watch
SDN ORCHESTRATION	Click to Watch

PYTHON NETWORK AUTOMATION	Read Course Outline
CCNA + CCNP ENTERPRISE	Read Course Outline
CCNA to CCIE SECURITY	Read Course Outline
CISCO DEVNET + DEVCOR	Read Course Outline
"MASTER CLOUD" : AZ700 + AWS + GCP	Read Course Outline
"FIREWALL MASTERY" : PA + FGT+ CP + ASA/FTD + F5 LTM	Read Course Outline
CISCO DNAC	Read Course Outline
CISCO ISE	Read Course Outline
MULTI-VENDOR TRAINING	Read Course Outline
SDN ORCHESTRATION	Read Course Outline

Dhawan Sagar

FREE 20 Basic Python3 Network Automation Scripts For Practicing

Cisco Devnet 200-901 Mock-up Test – 1 || July2021 (25 qstns)

About Us

Quick Links

Support Links

Have Questions?

CCNA Security 210-260 Practice Test – 1 (Free)

Dhawan Sagar

FREE 20 Basic Python3 Network Automation Scripts For Practicing

Cisco Devnet 200-901 Mock-up Test – 1 || July2021 (25 qstns)

Related Posts

OSPF Protocol: in-depth Overview & Video Tutorials

CCNP Enterprise Mock-up Test – 7 (Free) (25 questi

Cisco Devnet 200-901 Mock-up Test – 1 || July2021 (25 qstns)

PCNSE (Palo Alto) Mock-up Test – 5 (Paid) (35questions)