[Free] 2017(June) Ensurepass Passguide Cisco 210-260 Actual Tests 61-70

Ensurepass
2017 June Cisco Official New Released 210-260 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/210-260.html

Implementing Cisco Network Security (IINS)

QUESTION 61

A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware.

 

A.

Enable URL filtering on the perimeterrouter and add the URLs you want to block to the router’s local URL list.

B.

Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router’s local URL list.

C.

Enable URL filtering on the perimeterrouter and add the URLs you want to allow to thefirewall’s local URL list.

D.

Create a blacklist that contains the URL you want toblock and activate the blacklist on theperimeter router.

E.

Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.

 

Correct Answer: A

 

 

QUESTION 62

When is the best time to perform an anti-virus signature update?

 

A.

Every time a new update is available.

B.

When the local scanner has detected a new virus.

C.

When a new virus is discovered in the wild.

D.

When the system detects a browser hook.

 

Correct Answer: A

 

 

QUESTION 63

Which statement about application blocking is true?

 

A.

It blocks access to specific programs.

B.

It blocks access to files with specific extensions.

C.

It blocks access to specific network addresses.

D.

It blocks access to specific network services.

 

Correct Answer: A

 

 

QUESTION 64

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

 

To access ASDM, click the ASA icon in the topology diagram.

 

Note: Not all ASDM functionalities are enabled in this simulation.

 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.

 

clip_image002

clip_image004

clip_image006

clip_image008

clip_image010

clip_image012

clip_image014

clip_image016

clip_image018

clip_image020

clip_image022

clip_image024

clip_image026

clip_image028

clip_image030

clip_image032

clip_image034

clip_image036

clip_image038

clip_image040

clip_image042

clip_image044

clip_image046

clip_image048

clip_image050

clip_image052

clip_image054

clip_image056

clip_image058

clip_image060

clip_image061

clip_image063

clip_image065

clip_image067

clip_image069

clip_image071

clip_image073

clip_image075

clip_image077

clip_image079

clip_image081

clip_image083

clip_image085

clip_image087

clip_image089

clip_image091

clip_image093

clip_image095

clip_image097

clip_image099

clip_image101

clip_image103

clip_image105

clip_image107

 

Which four tunneling protocols are enabled in the DfltGrpPolicy group policy? (Choose four)

 

A.

Clientless SSL VPN

B.

SSL VPN Client

C.

PPTP

D.

L2TP/IPsec

E.

IPsec IKEv1

F.

IPsec IKEv2

 

Correct Answer: ADEF

Explanation:

By clicking one the Configuration-> Remote Access -> Clientless CCL VPN Access-> Group Policies tab you can view the DfltGrpPolicy protocols as shown below:

 

clip_image109

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 65

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

 

To access ASDM, click the ASA icon in the topology diagram.

 

Note: Not all ASDM functionalities are enabled in this simulation.

 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.

 

clip_image111

clip_image113

clip_image115

clip_image117

clip_image119

clip_image121

clip_image123

clip_image125

clip_image127

clip_image129

clip_image131

clip_image133

clip_image135

clip_image137

clip_image139

clip_image141

clip_image143

clip_image145

clip_image147

clip_image149

clip_image151

clip_image153

clip_image155

clip_image157

clip_image159

clip_image161

clip_image163

clip_image165

clip_image167

clip_image169

clip_image170

clip_image172

clip_image174

clip_image176

clip_image178

c
lip_image180

clip_image182

clip_image184

clip_image186

clip_image188

clip_image190

clip_image192

clip_image194

clip_image196

clip_image198

clip_image200

clip_image202

clip_ima
ge204

clip_image206

clip_image208

clip_image210

clip_image212

clip_image214

clip_image216

 

Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?

 

A.

AAA with LOCAL database

B.

AAA with RADIUS server

C.

Certificate

D.

Both Certificate and AAA with LOCAL database

E.

Both Certificate and AAA with RADIUS server

 

Correct Answer: A

Explanation:

This can be seen from the Connection Profiles Tab of the Remote Access VPN configuration, where the alias of test is being used.

 

clip_image218

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 66

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

 

To access ASDM, click the ASA icon in the topology diagram.

 

Note: Not all ASDM functionalities are enabled in this simulation.

 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.

 

clip_image220

clip_image222

clip_image224

clip_image226

clip_image228

clip_im
age230

clip_image232

clip_image234

clip_image236

clip_image238

clip_image240

clip_image242

clip_image244

clip_image246

clip_image248

clip_image250

clip_image252

clip_image254

clip_image256

clip_image258

clip_image260

clip_image262

clip_image263

clip_image265

clip_image267

clip_image269

clip_image271

clip_image273

clip_image275

clip_image277

clip_image278

clip_image280

clip_image282

clip_image284

clip_image286

clip_image288

clip_image290

clip_image292

clip_image294

clip_image296

clip_image298

clip_image300

clip_image302

clip_image304

clip_image306

clip_image308

clip_image310

clip_image312

clip_image314

clip_image316

clip_image318

clip_image319

clip_image321

clip_image323

 

Which two statements regarding the ASA VPN configurations are correct? (Choose two)

 

A.

The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1.

B.

The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method.

C.

The Inside-SRV bookmark references the https://192.168.1.2 URL.

D.

Only Clientless SSL VPN access is allowed with the Sales group policy.

E.

AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface.

F.

The Inside-SRV bookmark has not been applied to the Sales group policy.

 

Correct Answer: BC

Explanation:

For B:

clip_image325

 

For C, Navigate to the Bookmarks tab:

clip_image327

 

Then hit “edit” and you will see this:

clip_image329

 

Not A, as this is listed under the Identity Certificates, not the CA certificates:

clip_image331

 

Note E:

clip_image333

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 67

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

 

To access ASDM, click the ASA icon in the topology diagram.

 

Note: Not all ASDM functionalities are enabled in this simulation.

 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.

 

clip_image335

clip_image337

clip_image339

clip_image341

clip_image343

clip_image345

clip_image347

clip_image349

clip_image351

clip_image353

clip_image355

clip_image357

clip_image359

clip_image361

clip_image363

clip_image365

clip_image367

clip_image369

clip_image371

clip_image373

clip_image375

clip_image377

clip_image379

clip_image381

clip_image383

clip_image385

clip_image387

clip_image389

clip_image391

clip_image393

clip_image394

clip_image396

clip_image398

clip_image400

clip_image402

clip_image404

clip_image406

clip_image408

clip_image410

clip_image412

clip_image414

clip_image416

clip_image418

clip_image420

clip_image422

clip_image308[1]

clip_image425

clip_image427

clip_image429

clip_image431

clip_image433

clip_image319[1]

clip_image435

clip_image323[1]

 

When users login to the Clientless SSLVPN using https://209.165.201.2/test, which group policy will be applied?

 

A.

test

B.

clientless

C.

Sales

D.

DfltGrpPolicy

E.

DefaultRAGroup

F.

DefaultWEBVPNGroup

 

Correct Answer: C

Explanation:

First navigate to the Connection Profiles tab as shown below, highlight the one with the test alias:

 

clip_image437

 

Then hit the “edit” button and you can clearly see the Sales Group Policy being applied.

 

clip_image439

 

 

 

 

 

 

 

 

 

 

QUESTION 68

Scenario

Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements.

 

New additional connectivity requirements:

Currently, the ASA configurations only allow on the Inside and DMZ networks to access any hosts on the Outside. Your task is to use ASDM to configure the ASA to also allow any host only on the Outside to HTTP to the DMZ server. The hosts on the Outside will need to use the 209.165.201.30 public IP address when HTTPing to the DMZ server.

Currently, hosts on the ASA higher security level interfaces are not able to ping any hosts on the lower security level interfaces. Your task in this simulation is to use ASDM to enable the ASA to dynamically allow the echo-reply responses back through the ASA.

 

Once the correct ASA configurations have been configured:

You can test the connectivity tohttp://209.165.201.30from the Outside PC browser.

You can test the pings to the Outside (www.cisco.com) by opening the inside PC command prompt window. In this simulation, only testing pings towww.cisco.comwill work.

 

To access ASDM, click the ASA icon in the topology diagram.

 

To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.

 

To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.

 

Note:

After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes.

 

Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements.

 

In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.

 

clip_image441

clip_image443

clip_image445

clip_image447

clip_image448

clip_image450

clip_image345[1]

clip_image453

clip_image455

clip_image351[1]

clip_image353[1]

clip_image458

clip_image460

clip_image462

clip_image464

clip_image466

clip_image468

clip_image470

clip_image472

clip_image474

clip_image475

clip_image476

clip_image478

clip_image480

clip_image482

clip_image484

clip_image486

clip_image488

clip_image490

clip_image492

clip_image494

clip_image496

clip_image498

clip_image500

clip_image502

clip_image504

clip_image506

clip_image508

clip_image510

clip_image512

clip_image514

clip_image516

clip_image518

clip_image520

clip_image522

clip_image524

clip_image526

clip_image528

clip_image530

clip_image532

clip_image534

clip_image536

clip_image538

clip_image540

clip_image542

clip_image544

clip_image546

clip_image548

clip_image550

clip_image552

clip_image554

clip_image556

 

Correct Answer:

Follow the explanation part to get answer on this sim question.

First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can be given any name.

 

clip_image558

 

Then, create the firewall rules to allow the HTTP access:

 

clip_image560

clip_image562

 

You can verify using the outside PCto HTTP into209.165.201.30.

 

For step two, to be able to ping hosts on the outside, we edit the last service policy shown below:

 

clip_image564

 

And then check the ICMP box only as shown below, then hit Apply.

 

clip_image566

 

After that is done, we can pingwww.cisco.comagain to verify:

 

clip_image568

 

 

QUESTION 69

Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method?

 

A.

aaa authentication enable console LOCAL SERVER_GROUP

B.

aaa authentication enable console SERVER_GROUP LOCAL

C.

aaa authentication enable console local

D.

aaa authentication enable console LOCAL

 

Correct Answer: D

 

 

QUESTION 70

Which of the following statements about access lists are true? (Choose three.)

 

A.

Extended access lists should be placed as near as possible to the destination

B.

Extended access lists should be placed as near as possible to the source

C.

Standard access lists should be placed as near as possible to the destination

D.

Standard access lists should be placed as near as possible to the source

E.

Standard access lists filter on the source address

F.

Standard access lists filter on the destination address

 

Correct Answer: BCE

100% Free Download!
—Download Free Demo:210-260 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 210-260 Full Exam PDF and VCE Q&As:236
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.06.01-2017.06.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE