QUESTION 41
What command can you use to verify the binding table status?
|
A. |
show ip dhcp snooping database |
|
B. |
show ip dhcp snooping binding |
|
C. |
show ip dhcp snooping statistics |
|
D. |
show ip dhcp pool |
|
E. |
show ip dhcp source binding |
|
F. |
show ip dhcp snooping |
Correct Answer: A
QUESTION 42
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
|
A. |
root guard |
|
B. |
EtherChannel guard |
|
C. |
loop guard |
|
D. |
BPDU guard |
Correct Answer: D
QUESTION 43
Which statement about a PVLAN isolated port configured on a switch is true?
|
A. |
The isolated port can communicate only with the promiscuous port. |
|
B. |
The isolated port can communicate with other isolated ports and the promiscuous port. |
|
C. |
The isolated port can communicate only with community ports. |
|
D. |
The isolated port can communicate only with other isolated ports. |
Correct Answer: A
QUESTION 44
If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?
|
A. |
The trunk port would go into an error-disabled state. |
|
B. |
A VLAN hopping attack would be successful. |
|
C. |
A VLAN hopping attack would be prevented. |
|
D. |
The attacked VLAN will be pruned. |
Correct Answer: C
QUESTION 45
What is a reason for an organization to deploy a personal firewall?
|
A. |
To protect endpoints such as desktops from malicious activity. |
|
B. |
To protect one virtual network segment from another. |
|
C. |
To determine whether a host meets minimum security posture requirements. |
|
D. |
To create a separate, non-persistent virtual environment that can be destroyed after a session. |
|
E. |
To protect the network from DoS and syn-flood attacks. |
Correct Answer: A
QUESTION 46
Which statement about personal firewalls is true?
|
A. |
They can protect a system by denying probing requests. |
|
B. |
They are resilient against kernel attacks. |
|
C. |
They can protect email messages and private documents in a similar way to a VPN. |
|
D. |
They can protect the network against attacks. |
Correct Answer: A
QUESTION 47
Refer to the exhibit. What type of firewall would use the given configuration line?
|
A. |
a stateful firewall |
|
B. |
a personal firewall |
|
C. |
a proxy firewall |
|
D. |
an application firewall |
|
E. |
a stateless firewall |
Correct Answer: A
QUESTION 48
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
|
A. |
Only control plane policing can protect the control plane against multicast traffic. |
|
B. |
Stateful inspection of multicast traffic is supported only for the self-zone. |
|
C. |
Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. |
|
D. |
Stateful inspection of multicast traffic is supported only for the internal zone. |
Correct Answer: A
QUESTION 49
How does a zone-based firewall implementation handle traffic between interfaces in the same zone?
|
A. |
Traffic between two interfaces in the same zone is allowed by default. |
|
B. |
Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. |
|
C. |
Traffic between interfaces in the same zone is always blocked. |
|
D. |
Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair. |
Correct Answer: A
QUESTION 50
Which two statements about Telnet access to the ASA are true? (Choose two).
|
A. |
You may VPN to the lowest security interface to telnet to an inside interface. |
|
B. |
You must configure an AAA server to enable Telnet. |
|
C. |
You can access all interfaces on an ASA using Telnet. |
|
D. |
You must use the command virtual telnet to enable Telnet. |
|
E. |
Best practice is to disable Telnet and use SSH. |
Correct Answer: AE
Free VCE & PDF File for Cisco 210-260 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …