210-260 CCNA Security – IINS Exam Questions with Answers – Q91 to Q105

210-260 CCNA Security – IINS Exam Questions with Answers – Q91 to Q105

Question 91.
Which of the following are features of IPsec transport mode? (Choose three.)
A. IPsec transport mode is used between gateways
B. IPsec transport mode is used between end stations
C. IPsec transport mode supports multicast
D. IPsec transport mode supports unicast
E. IPsec transport mode encrypts only the payload
F. IPsec transport mode encrypts the entire packet
Correct Answer: BDE
Section: (none)


Answer: B, D and E

Confidence level: 100%

Note: Be aware that there is a reverse version of this question, worded such as “Which of the following are features of IPsec tunnel mode?”.


+ IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.
+ IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only the data portion (payload) of each packet and leaves the packet header untouched. Transport mode is applicable to either gateway or host implementations, and provides protection for upper layer protocols as well as selected IP header fields.

Source: http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/ IPsecPG1.html

Generic Routing Encapsulation (GRE) is often deployed with IPsec for several reasons, including the following:
+ IPsec Direct Encapsulation supports unicast IP only. If network layer protocols other than IP are to be supported, an IP encapsulation method must be chosen so that those protocols can be transported in IP packets.
+ IPmc is not supported with IPsec Direct Encapsulation. IPsec was created to be a security protocol between two and only two devices, so a service such as multicast is problematic. An IPsec peer encrypts a packet so that only one other IPsec peer can successfully perform the de-encryption. IPmc is not compatible with this mode of operation.

Source: https://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ ccmigration_09186a008074f26a.pdf

Question 92.
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
A. no switchport nonnegotiate
B. switchport
C. no switchport mode dynamic auto
D. no switchport
Correct Answer: D
Section: (none)


The no switchport command makes the interface Layer 3 capable.

Source: http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3- intervlanrouting.html

Question 93.
Which TACACS+ server-authentication protocols are supported on Cisco ASA firewalls? (Choose three.)
Correct Answer: BCE
Section: (none)


The ASA supports TACACS+ server authentication with the following protocols: ASCII, PAP, CHAP, and MSCHAPv1 .

Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ aaa_tacacs.pdf

Question 94.
Which type of IPS can identify worms that are propagating in a network?
A. Policy-based IPS
B. Anomaly-based IPS
C. Reputation-based IPS
D. Signature-based IPS
Correct Answer: B
Section: (none)

An example of anomaly-based IPS/IDS is creating a baseline of how many TCP sender requests are generated on average each minute that do not get a response. This is an example of a half-opened session. If a system creates a baseline of this (and for this discussion, let’s pretend the baseline is an average of 30 halfopened sessions per minute), and then notices the half-opened sessions have increased to more than 100 per minute, and then acts based on that and generates an alert or begins to deny packets, this is an example of anomaly-based IPS/IDS. The Cisco IPS/IDS appliances have this ability (called anomaly detection), and it is
used to identify worms that may be propagating through the network.

Source: Cisco Official Certification Guide, Anomaly-Based IPS/IDS, p.464

Question 95.
Which command verifies phase 1 of an IPsec VPN on a Cisco router?
A. show crypto map
B. show crypto ipsec sa
C. show crypto isakmp sa
D. show crypto engine connection active
Correct Answer: C
Section: (none)


Answer: C
Confidence level: 100%

Remember: Commands using the term “isakmp” refer to IKE phase 1. Commands using “ipsec” refer to phase 2.

A show crypto isakmp sa command shows the ISAKMP SA to be in MM_NO_STATE. This also means that main mode has failed.
Verify that the phase 1 policy is on both peers, and ensure that all the attributes match.

Source: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec debug-00.html#isakmp_sa

Question 96.
What is the purpose of a honeypot IPS?
A. To create customized policies
B. To detect unknown attacks
C. To normalize streams
D. To collect information about attacks
Correct Answer: D
Section: (none)


Honeypot systems use a dummy server to attract attacks. The purpose of the honeypot approach is to distract attacks away from real network devices. By staging different types of vulnerabilities in the honeypot server, you can analyze incoming types of attacks and malicious traffic patterns.

Source: http://www.ciscopress.com/articles/article.asp?p=1336425

Question 97.
Which type of firewall can act on the behalf of the end device?
A. Stateful packet
B. Application
C. Packet
D. Proxy
Correct Answer: D
Section: (none)


Application firewalls, as indicated by the name, work at Layer 7, or the application layer of the OSI model. These devices act on behalf of a client (aka proxy) for requested services.
Because application/proxy firewalls act on behalf of a client, they provide an additional “buffer” from port scans, application attacks, and so on. For example, if an attacker found a vulnerability in an application, the attacker would have to compromise the application/proxy firewall before attacking devices behind the firewall. The application/proxy firewall can also be patched quickly in the event that a vulnerability is discovered. The same may not hold true for patching all the internal devices.

Source: http://www.networkworld.com/article/2255950/lan-wan/chapter-1–types-of-firewalls.html

Question 98.
Which syslog severity level is level number 7?
A. Warning
B. Informational
C. Notification
D. Debugging
Correct Answer: D
Section: (none)


Answer: D
Confidence level: 100%

Remember: There is a mnemonic device for remembering the order of the eight syslog levels:
“Every Awesome Cisco Engineer Will Need Icecream Daily”

0 – Emergency
1 – Alert
2 – Critical
3 – Error
4 – Warning
5 – Notification
6 – Informational
7 – Debugging

Question 99.
By which kind of threat is the victim tricked into entering username and password information at a disguised website?
A. Spoofing
B. Malware
C. Spam
D. Phishing
Correct Answer: D
Section: (none)


Phishing presents a link that looks like a valid trusted resource to a user. When the user clicks it, the user is prompted to disclose confidential information such as usernames/passwords.

Source: Cisco Official Certification Guide, Table 1-5 Attack Methods, p.13

Question 100.
Which type of mirroring does SPAN technology perform?
A. Remote mirroring over Layer 2
B. Remote mirroring over Layer 3
C. Local mirroring over Layer 2
D. Local mirroring over Layer 3
Correct Answer: C
Section: (none)


You can analyze network traffic passing through ports or VLANs by using SPAN or RSPAN to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device.
Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs and destination ports are in the same switch or switch stack.
Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer:
+ If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.

Source: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/ configuration/guide/scg_2960/swspan.html

Question 101.
Which tasks is the session management path responsible for? (Choose three.)
A. Verifying IP checksums
B. Performing route lookup
C. Performing session lookup
D. Allocating NAT translations
E. Checking TCP sequence numbers
F. Checking packets against the access list
Correct Answer: BDF
Section: (none)


The ASA has to check the packet against access lists and perform other tasks to determine if the packet is allowed or denied. To perform this check, the first packet of the session goes through the ” session management path,” and depending on the type of traffic, it might also pass through the “control plane path.”

The session management path is responsible for the following tasks:
+ Performing the access list checks
+ Performing route lookups
+ Allocating NAT translations (xlates)
+ Establishing sessions in the “fast path”

Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/intro.html

Question 102.
Which network device does NTP authenticate?
A. Only the time source
B. Only the client device
C. The firewall and the client device
D. The client device and the time source
Correct Answer: A
Section: (none)


You can configure the device to authenticate the time sources to which the local clock is synchronized. When you enable NTP authentication, the device synchronizes to a time source only if the source carries one of the authentication keys specified by the ntp trusted-key command. The device drops any packets that fail the authentication check and prevents them from updating the local clock. NTP authentication is disabled by default.

Source: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/ configuration/guide/sm_nx_os_cg/sm_3ntp.html#wp1100303%0A

Question 103.
Which Cisco product can help mitigate web-based attacks within a network?
A. Adaptive Security Appliance
B. Email Security Appliance
C. Identity Security Appliance
D. Web Security Appliance
Correct Answer: D
Section: (none)


Answer: D
Confidence level: 0%

Note: Never bothered to research this question.

Web-based threats continue to rise. To protect your network you need a solution that prevents them. Cisco Advanced Malware Protection (AMP) for Web Security goes beyond the basics in threat detection, URL filtering, and application control. It provides continuous file analysis, retrospective security, and sandboxing to help your security team catch even the stealthiest threats.

Source: http://www.cisco.com/c/en/us/products/security/advanced-malware-protection/amp-for-websecurity.html

Question 104.
Which statement correctly describes the function of a private VLAN?
A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains
B. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains
C. A private VLAN enables the creation of multiple VLANs using one broadcast domain
D. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain
Correct Answer: A
Section: (none)

Private VLAN divides a VLAN (Primary) into sub-VLANs (Secondary) while keeping existing IP subnet and layer 3 configuration. A regular VLAN is a single broadcast domain, while private VLAN partitions one broadcast domain into multiple smaller broadcast subdomains.

Source: https://en.wikipedia.org/wiki/Private_VLAN

Question 105.
What hash type does Cisco use to validate the integrity of downloaded images?
A. Sha1
B. Sha2
C. MD5
D. Md1
Correct Answer: C
Section: (none)


The MD5 File Validation feature, added in Cisco IOS Software Releases 12.2(4)T and 12.0(22)S, allows network administrators to calculate the MD5 hash of a Cisco IOS software image file that is loaded on a device. It also allows administrators to verify the calculated MD5 hash against that provided by the user. Once the MD5 hash value of the installed Cisco IOS image is determined, it can also be compared with the MD5 hash provided by Cisco to verify the integrity of the image file.

verify /md5 filesystem:filename [md5-hash]

Source: http://www.cisco.com/c/en/us/about/security-center/ios-image-verification.html#11

About the author


Leave a Comment