210-260 CCNA Security – IINS Exam Questions with Answers – Q196 to Q210

210-260 CCNA Security – IINS Exam Questions with Answers – Q196 to Q210

Question 196.
Security well known terms Choose 2
A. Trojan
B. Phishing
C. Something LC
D. Ransomware
Correct Answer: BD
Section: (none)


The following are the most common types of malicious software:
+ Computer viruses
+ Worms
+ Mailers and mass-mailer worms
+ Logic bombs
+ Trojan horses
+ Back doors
+ Exploits
+ Downloaders
+ Spammers
+ Key loggers
+ Rootkits
+ Ransomware

Source: Cisco Official Certification Guide, Antivirus and Antimalware Solutions, p.498

If the question is asking about software then A and D are correct. But as it asks about security terms that are well known I suppose B and D could be chosen.

Question 197.
What is example of social engineering
A. Gaining access to a building through an unlocked door.
B. something about inserting a random flash drive.
C. gaining access to server room by posing as IT
D. Watching other user put in username and password (something around there)
Correct Answer: C
Section: (none)


Question 198.
Which port should (or would) be open if VPN NAT-T was enabled
A. port 4500 outside interface
B. port 4500 in all interfaces where ipsec uses
C. port 500
D. port 500 outside interface
Correct Answer: B
Section: (none)


NAT traversal: The encapsulation of IKE and ESP in UDP port 4500 enables these protocols to pass through a
device or firewall performing NAT.

Source: https://en.wikipedia.org/wiki/Internet_Key_Exchange

Also a good reference
Source: https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

Question 199.
Diffie-Hellman key exchange question
Correct Answer: A
Section: (none)


Source: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Question 200.
Which filter uses in Web reputation to prevent from web based attackts (somthing similar)?
A. outbreak filter
B. buffer overflow filter
C. bayesian overflow filter
D. web reputation
E. exploit filtering
Correct Answer: AE
Section: (none)


wael adel on securitytut.com
“in the EKE answer was AD but when i did some digging
check this out http://www.cisco.com/c/en/us/products/security/web-security-appliance/web_rep_index.html
so i guess A E is correct”
I suppose given the question that D is correct. As for A all I find is related to Email security through Cisco

Cisco IronPort Outbreak Filters provide a critical first layer of defense against new outbreaks. With this proven
preventive solution, protection begins hours before signatures used by traditional antivirus solutions are in place. Real-world results show an average 14-hour lead time over reactive antivirus solutions.
SenderBase, the world’s largest email and web traffic monitoring network, provides real-time protection. The
Cisco IronPort SenderBase Network captures data from over 120,000 contributing organizations around the

Question 201.
What show command can see vpn tunnel establish with traffic passing through.
A. show crypto ipsec sa
B. show crypto session
C. show crypto isakmp sa
D. show crypto ipsec transform-set
Correct Answer: A
Section: (none)


#show crypto ipsec sa – This command shows IPsec SAs built between peers

In the output you see
#pkts encaps: 345, #pkts encrypt: 345, #pkts digest 0
#pkts decaps: 366, #pkts decrypt: 366, #pkts verify 0

which means packets are encrypted and decrypted by the IPsec peer.

Question 202.
Where OAKLEY and SKEME come to play? (on the exam the question asked about inside ISAKM protocol)
A. ???
Correct Answer: B
Section: (none)


The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie–Hellman key exchange algorithm.
The protocol was proposed by Hilarie K. Orman in 1998, and formed the basis for the more widely used Internet key exchange protocol

Source: https://en.wikipedia.org/wiki/Oakley_protocol

IKE (Internet Key Exchange)
A key management protocol standard that is used in conjunction with the IPSec standard. IPSec is an IP security feature that provides robust authentication and encryption of IP packets. IPSec can be configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IKE is a hybrid protocol that implements the Oakley key exchange and Skeme key exchange inside of the Internet Security Association and Key Management Protocol (ISAKMP) framework. ISAKMP, Oakley, and Skeme are security protocols implemented by IKE

Source: https://www.symantec.com/security_response/glossary/define.jsp?letter=i&word=ike-internet-keyexchange

Question 203.
What does the key length represent
A. Hash block size
B. Cipher block size
C. Number of permutations
D. ???
Correct Answer: C
Section: (none)


In cryptography, an algorithm’s key space refers to the set of all possible permutations of a keys. If a key were eight bits (one byte) long, the keyspace would consist of 28 or 256 possible keys. Advanced Encryption Standard (AES) can use a symmetric key of 256 bits, resulting in a key space containing 2256 (or 1.1579 × 1077) possible keys.

Source: https://en.wikipedia.org/wiki/Key_space_(cryptography)

Question 204.
Which type of attack is directed against the network directly:
A. Denial of Service
B. phishing
C. trojan horse
D. …
Correct Answer: A
Section: (none)


Denial of service refers to willful attempts to disrupt legitimate users from getting access to the resources they intend to. Although no complete solution exists, administrators can do specific things to protect the network from a DoS attack and to lessen its effects and prevent a would-be attacker from using a system as a source of an attack directed at other systems. These mitigation techniques include filtering based on bogus source IP addresses trying to come into the networks and vice versa. Unicast reverse path verification is one way to assist with this, as are access lists. Unicast reverse path verification looks at the source IP address as it comes into an interface, and then looks at the routing table. If the source address seen would not be reachable out of the same interface it is coming in on, the packet is considered bad, potentially spoofed, and is dropped.

Source: Cisco Official Certification Guide, Best Practices Common to Both IPv4 and IPv6, p.332

Question 205.
With which technology do apply integrity, confidentially and authenticate the source
A. IPSec
C. Certificate authority
D. Data encryption standards
Correct Answer: A
Section: (none)

IPsec is a collection of protocols and algorithms used to protect IP packets at Layer 3 (hence the name of IP Security [IPsec]). IPsec provides the core benefits of confidentiality through encryption, data integrity through hashing and HMAC, and authentication using digital signatures or using a pre-shared key (PSK) that is just for the authentication, similar to a password.

Source: Cisco Official Certification Guide, IPsec and SSL, p.97

Question 206.
With which type of Layer 2 attack can you intercept traffic that is destined for one host?
A. MAC spoofing
B. CAM overflow….
C. ?
D. ?
Correct Answer: A
Section: (none)


Edit: I’m reconsidering the answer for this question to be A. MAC spoofing.

Cisco implemented a technology into IOS called Port Security that mitigates the risk of a Layer 2 CAM overflow attack.
Port Security on a Cisco switch enables you to control how the switch port handles the learning and storing of MAC addresses on a per-interface basis. The main use of this command is to set a limit to the maximum number of concurrent MAC addresses that can be learned and allocated to the individual switch port. If a machine starts broadcasting multiple MAC addresses in what appears to be a CAM overflow attack, the default action of Port Security is to shut down the switch interface

Source: http://www.ciscopress.com/articles/article.asp?p=1681033&seqNum=2

Question 207.
I had the “nested” question (wording has been different). Two answers ware related to hierarchy:
A. there are only two levels of hierarchy possible
B. the higher level hierarchy becomes the parent for lower one parent
C. inspect something is only possible with in a hierachy…
D. some command question….
Correct Answer: C
Section: (none)


Question 208.
How to verify that TACACS+ is working?
A. SSH to the device and login promt appears
B. loging to the device using enable password
C. login to the device using ASC password
D. console the device using some thing
Correct Answer: A
Section: (none)


Question 209.
What are the challenges faced when deploying host based IPS?
A. Must support multi operating systems
B. Does not have full network picture
C. ?
D. ?
Correct Answer: AB
Section: (none)


Advantages of HIPS: The success or failure of an attack can be readily determined. A network IPS sends an alarm upon the presence of intrusive activity but cannot always ascertain the success or failure of such an attack. HIPS does not have to worry about fragmentation attacks or variable Time to Live (TTL) attacks because the host stack takes care of these issues. If the network traffic stream is encrypted, HIPS has access to the traffic in unencrypted form.

Limitations of HIPS: There are two major drawbacks to HIPS:
+ HIPS does not provide a complete network picture: Because HIPS examines information only at the local host level, HIPS has difficulty constructing an accurate network picture or coordinating the events happening across the entire network.
+ HIPS has a requirement to support multiple operating systems: HIPS needs to run on every system in the network. This requires verifying support for all the different operating systems used in your network.

Source: http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3

Question 210.
Which statement about command authorization and security contexts is true?
A. If command authorization is configured, it must be enabled on all contexts
B. The changeto command invokes a new context session with the credentials of the currently logged-in user
C. AAA settings are applied on a per-context basis
D. The enable_15 user and admins with changeto permissions have different command authorization levels per context
Correct Answer: B
Section: (none)


The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
To move from one context on the ACE to another context, use the changeto command

Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.



About the author


Leave a Comment