Share your CCNA Security Experience

@Anton

This question in my notes has the following exhibit:
nat (inside,any) dynamic interface

@Anton

Thank you and Happy new year. Good luck for your exam.

@Gabbar – thanks a lot!
@Bolo – does that mean the firewall would do dynamic PAT hiding any IPs behind the IP address of the inside interface?

Using a stateful Packet firewall and given an inside ACL entry of permit ip 192.16 1.0 0.0.0.255 any, what
would be the resulting dynamically configured ACL for the return traffic on the outside ACL?
A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300
B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300
C. permit tcp any eq 80 host 192 168.1.11 eq 2300
D. permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300
Correct Answer: A OR C?

^ question 310 on Youki

@x7x

A.
permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300

thanks gabbar. another one im confused about is the following:

In which two situations should you use in-band management? (Choose two.)
A. When a network device fails to forward packets
B. When management applications need concurrent access to the device
C. When you require administrator access from multiple locations
D. When you require ROMMON access
E. When the control plane fails to respond

don’t think the dumps have the right answer for this.

@Anton

It’s nat ( real_interface, mapped_interface ). Think that real_ interface is your inside local address and mapped_interface is inside global address. For example:

asa(config)# object network inside-network
asa(config-network-object)# subnet 10.10.10.0 255.255.255.0
asa(config-network-object)# nat (inside,outside) dynamic interface

means that inside network 10.10.10.0/24 is behind the outside interface. Keyword ‘any’ that appears in the exhibit means that traffic going from inside to any interface will be translated.

@x7x

A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations

As per my understanding these are correct

Get latest CCNA 200-260 exam real questions answers from https://www.exam4lead.com/cisco/210-2600-dumps.html and pass your exam in first attempt with 100% money back assurance.

thank you so much Exam4Lead i am passed in 210-260. :)

@Bolo – thank you for explaining

From Yako pdf:
Q2 Which three statements about host-based IPS are true? (Choose three)
A. It can view encrypted files
B. It can be deployed at the perimeter
C. It uses signature-based policies
D. It can have more restrictive policies than network-based IPS
E. It works with deployed firewalls
F. It can generate alerts based on behaviour at the desktop level.
Answer: A, D, F

Are these answers correct?

my exam will be 6th January please if any information about 210-260(ccna security) exam questions, please update me.

dumps say BDF. But someone here suggested IPS is mentioned in best practice in the OCG and DHCP-snooping as additional security. can someone clarify?

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three)
A. When matching ACL entries are configured
B. when matching NAT entries are configured
C. When the firewall requires strict HTTP inspection
D. When the firewall reqdwauires HTTP inspection
E. When Firewall Recieves a FIN packet
F. When the firewall already has a TCP connection

ABF?

Valid cisco dumps

khagen.site

Passed the exam today with 981! Coachgreece and Anubis should be enough. but beware, dumps have many wrong answers. so go through the comments here and do your own research to get the right answers!

@Bolo you deserve a special thanks man! bless you! happy new year!

Hi

Can anyone please share the coachgreece dump. i have anubis with me.

@x7x – please share the coachgreece dump

@Bolo – please share the coachgreece dump

@x7x – congrats and Happy New Year!!!
@Harikrishnan A – the link has been shared few pages ago

PassLeader [Oct-2019]:
Q526 What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources
B. to organise the egress packet queues
C. to define traffic classes
D. to maintain the policy map
Answer: A

C0achGreece:
Q56 What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources.
B. to define traffic classes.
C. to organise the egress packet queues.
D. to maintain the policy map.
Answer: B

I’m guessing there is a mistake in c0achGreece dump and the answer should be “A”?

Q526 What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources
B. to organise the egress packet queues
C. to define traffic classes
D. to maintain the policy map

A is the correct answer

Bolo, you are just a wonderful and good fellow to be associated with, I read through most of the post here as regards the CCNA Security exam, despite the way people are asking same questions over and over again, you still took time to respond and still give them the right answers without you referring them to your previous post, I really commend you for such a great sacrifice and effort you put into this, it so amazing the way you have been assisting and advising people all around the world as regards this. You are a shinning star. keep it up bro.

same goes to Coach’s dump and all other good fellow on this site, that are helping out in anyform.

Youki, you doing a great job out there do, appreciate all the time and effort you guys are putting into this.

Hi, can anyone help me with these questions? Your help will be much appreciated. Thanks!

Question 1
Which statement about an ASA in transparent mode is true?
A. It allows the use of dynamic NAT.
B. It requires an IP address for each interface.
C. It requires a management IP address.
D. It supports OSPF.

Question 2
Which statements about smart tunnels on a Cisco firewall are true? (Choose two)
A. Smart tunnels can be used by clients that do not have administrator privileges
B. Smart tunnels support all operating systems
C. Smart tunnels offer better performance than port forwarding
D. Smart tunnels require the client to have the application installed locally

Question 3
Which IDS/IPS state misidentifies acceptable behavior as an attack?
A. False positives
B. False negative
C. True positive
D. True negative

Question 4
Which NAT type allows only objects or groups to reference an IP address?
A. dynamic NAT
B. dynamic PAT
C. static NAT
D. identity NAT

Question 5
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server

Anyone know whats the answer for this question?

What is the maximum number of methods that can a single method list can contain?
A. 4
B. 3
C. 2
D. 5

@x7x – thanks for confirming! I heard Anubis pdf has many incorrect answers which have been corrected in Youki’s pdf

@Rance – answer A (have a look at CCNA Security 210-260 Official Cert Guide page48)

@Anton

Yes, ADF. Answers are based on the book “Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)” from 2009, a guide for old version of this certification. There’s a chapter there talking about Cisco Security Agent – a host IPS solution that’s dead since 2010.

@x7x
Congrats on passing!

@Hector
Q.1: A
Q.2: AD – You will see AC answers too, but my answer is AD. Tunnels have better performance than plugins – not port forwarding. Also, smart tunnels are specifically configured for locally installed applications, so…
Q.3: A
Q.4: A
Q.5: widely disputed question. We even labbed it. Depending on how you understand “server returns an error”, the answer is AD or BD.

With regards to Q5 – that’s what I have found online:

https://community.cisco.com/t5/other-security-subjects/what-is-in-method-list/td-p/52803

###########################################################
The method list is the defined ways that you will try to authenticate/authorize/account for your users. In the example you list above, your method list contains tacacs+. Since you used the keyword default, this method list will be applied to any ppp connections terminating on this router. If you would have used a name, say dial-up, you would have to manually apply the method list to each interface for the ppp connections.

Sometimes the tacacs+ server is not available and you do not want to just disconnect the user without trying some other way to authenticate the user. The following example will try tacacs+ first, then RADIUS, then local for authentication.

aaa authentication ppp default tacacs+ radius local

If tacacs+ returns a “error” message, it will move to the next method. It will not go to the next method if it returns “fail”.
###########################################################

It appears to me there is a clear difference between “error” and “fail” and the Q5 is asking about “error” therefore the authentication would failover to the second method on the default list which is enable password.

Therefore, if we understand the “error” as an issue with the TACACS server, it would be answer “A” but I’m not sure how shall I understand the answer “D”?

Tacacs already returned the “error” so why would the authentication attempts be sent to TACACS+ server (answer D)? Unless I should assume that because the “group” is configured, there will be more than one TACACS+ servers available?

@Anton

On page 251 you can read about this question, see the labs we did and all that. There are Cisco materials that say that fallback method is only used if AAA server is not available. What you posted also mentions it: “Sometimes the tacacs+ server is not available and you do not want to just disconnect the user without trying some other way to authenticate the user. ”
Based on this, and that the question says “server returned an error” – which means it is available, you could decide that enable method will not be used – so answers are BD. Also, interpreting the question like that is the only way to have 2 answers correct.

If you assume that it’s literally an ERROR message returned by TACACS daemon because server is not available/reachable, then the enable would be used. In this case I agree with you – the only good answer is really A. But since 2 answers have to be provided, and BC makes no sense at all if you assume ERROR answer, D is picked.
Again, I agree with you – understanding the question this way only the answer A is correct. But apparently have to pick 2…

The question is probably copied with errors, or only 1 answer is needed. The way we see this question in dumps does not really allow for a convincing 100% answer without some ‘extra’ interpretation.

@Bolo – thank you for your brief explanation.

@x7x – do you remember seeing this question during your exam?

Question 5
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server

Which path do you follow to enable AAA through the SDM?
A. Configure > Additional Tasks > AAA
B. Configure > AAA
C. Configure > Authentication > AAA
D. Configure > Additional Authentication > AAA
E. Configure > Tasks > AAA

Is the answer A? https://www.youtube.com/watch?v=K8KykDQxQf8 (I refer to this video)
However, a lot of people said its B?

@Jan – Yes, the correct answer is “A. Configure > Additional Tasks > AAA”

Thanks Anton! I have one more question..

Which two attack types can be prevented with the implementation of a Cisco IPS solution? (Choose two)
A. VLAN hopping
B. DDos
C. ARP spoofing
D. Worms
E. Man-in-the-middle

Is the answer BD or DE?

You have just deployed SNMPv3 in your environment. Your manager asks you make sure that
your agents can only talk to the SNMP Manager.
What would you configure on your SNMP agents to satisfy this request?
A. Routing Filter with the SNMP managers in it applied outbound
B. A SNMP View containing the SNMP managers
C. A standard ACL containing the SNMP managers applied to the SNMMP configuration.
D. A SNMP Group containing the SNMP managers

C or D?

Just passed this morning

9XX
67q,
1 DND(protect, shutdown vlan, restrict, shutdown),
MC Sim with 4q’s
k h a g e n s i t e . c o m

Everything is word for word from his site. Idk who he is but its free prepaway and another valid questions which i got.

Word for Word

A CCNP dump and CCIE dump that guarantees you pass the exam by February 23, 2020
At the same time, we have also started the preparation of CCIE Enterprise. Once a stable dump appears, we will update it as soon as possible.
（This is a website domain name）
forums.delphiforums.com/happy2020/messages/1/1

Rhys IS FAKE FAKE FAKE FAKE

Rhys IS FAKE FAKE FAKE FAKE

@x7x – @Anton – That coachgreece link is invalid now. Please share it again,am planning to take it on feb 1st week. Please do ASAP.

Anyone got a CCNA Secuirty Dump ? latest

Hi Guys, I pass the exam today. Score 963. All the 67 questions came from coachgreece, October&Novmber PL paper and what Bolo and Anonymou are publishing in this form. I want to say a MASSIVE thank you to Bolo as I considered all his answers in the to all confusing ones. Basically, I created own document which included the last 5 pages of this website and followed Bolo answers to pick the right ones. The Sim was selecting 4 answers for the usual diagram and one D&D for ports security selections. You don’t need to pass the exam more than the last few pages of the form. Thank you guys again for this wonderful page.

@Bolo
On an ASA, which maps are used to identify traffic?
A.Policy maps
B.Class maps
C.Route maps
D.Service maps

I think A .but dump answer is B. What is your idea?

@Andy – congrats mate and thanks for sharing your experience!!!

@Harikrishnan A

@supp

Trust me k h a g e n s i t e . c o m

free valid questions and its from the exams

Hello guys

I need to pre-test the ccna sec 210-260 exam and I do not have the question dump, if anyone had the kindness to send it to me, I will be totally grateful, j a g a r c i 8 4 1 1 @ h or t m a i l. com

thank you very much for your help

@Jan
BD

@Don
C

@Andy
Grats! And thanks. Anonymous is just some repeat spammer bot or smth.

@vengean
B – Class maps identify traffic. Policy maps specify actions to be taken on the traffic ‘filtered’ by a class map.

@BOLO DID YOU DO YOUR TEST?

@BOLO QUIZ

Long time ago.

k h a g e n s i t e . c o m dumps had lots of wrong answers , youki is better IMO

@ Andy
Can you please upload the document you created.

Can anyone share the drag and drop question answer.specifically for port,shutdown,restrict,protect,shutdownvlan.

@Bolo @x7x

Hi all,
can anyone answer the below-confused questions?
As I found diferent answers from dumps

@Bolo
1
In which two situations should you use out-of-band management? (Choose two.)
A. when a network device fails to forward packets
B. when you require ROMMON access
C. when management applications need concurrent access to the device
D. when you require administrator access from multiple locations
E. when the control plane fails to respond
2

A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop
Protocol on the portal web page. Which action should you take to begin troubleshooting?
A. Ensure that the RDP2 plug-in is installed on the VPN gateway
B. Reboot the VPN gateway
C. Instruct the user to reconnect to the VPN gateway
D. Ensure that the RDP plug-in is installed on the VPN gateway
3
Which Firepower Management Center feature detects and blocks exploits and hack attempts?
A. advanced malware protection
B. intrusion prevention
C. file control
D. content blocker
4
What are two challenges when deploying host-level IPS? (Choose two.)
A. It is unable to determine the outcome of every attack that it detects.
B. It is unable to provide a complete network picture of an attack.
C. The deployment must support multiple operating systems.
D. It does not provide protection for offsite computers.
E. It is unable to detect fragmentation attacks.

5
Which two actions does an IPS perform? (Choose two.)
A. It reconfigures a device to block the traffic
B. It reflects the traffic back to the sender
C. It encrypts the traffic
D. It terminates the user session or connection of the attacker
E. It spans the traffic
6
What are two challenges of using a network-based IPS? (Choose two.)
A. It requires additional storage and processor capacity on syslog servers
B. As the network expands, it requires you to add more sensors
C. It is unable to determine whether a detected attack was successful
D. It must support multiple operating systems
E. It is unable to detect attacks across the entire network
7
Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)
A. Smart tunnels can be used by clients that do not have administrator privileges
B. Smart tunnels require the client to have the application installed locally
C. Smart tunnels offer better performance than port forwarding
D. Smart tunnels support all operating systems
8
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events
will occur when the TACACS+ server returns an error? (Choose two.)
A. Authentication attempts to the router will be denied
B. The user will be prompted to authenticate using the enable password
C. Authentication will use the router’s local database
D. Authentication attempts will be sent to the TACACS+ server
9
In which two situations should you use in-band management? (Choose two.)
A. When a network device fails to forward packets
B. When management applications need concurrent access to the device
C. When you require administrator access from multiple locations
D. When you require ROMMON access
E. When the control plane fails to respond
10
What information does the key length provide in an encryption algorithm?
A. the packet size
B. the number of permutations
C. the hash block size
D. the cipher block size
11
What are two challenges faced when deploying host-level IPS? (Choose Two)
A. The deployment must support multiple operating systems.
B. It does not provide protection for offsite computers.
C. It is unable to provide a complete network picture of an attack.
D. It is unable to determine the outcome of every attack that it detects.
E. It is unable to detect fragmentation attacks.

12 )Which Firepower Management Center feature detects and blocks exploits and hack attempts?
A. intrusion prevention
B. advanced malware protection (AMP)
C. content blocker
D. file control

13
Which security principle has been violated if data is altered in an unauthorized manner?
A. accountability
B. availability
C. confidentiality
D. integrity
14
Which security principle has been violated if data is altered in an unauthorized manner?
A. accountability
B. availability
C. confidentiality
D. integrity
15
Which security principle has been violated if data is altered in an unauthorized manner?
A. accountability
B. availability
C. confidentiality
D. integrity

16
Which security principle has been violated if data is altered in an unauthorized manner?
A. accountability
B. availability
C. confidentiality
D. integrity
17

18

19
Which two actions does an IPS perform? (Choose two.)
A. It reconfigures a device to block the traffic
B. It reflects the traffic back to the sender
C. It encrypts the traffic
D. It terminates the user session or connection of the attacker
E. It spans the traffic

Can you please help ..

Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10? (Choose two.)

A. using switchport mode access command on all host ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACL between VLANs
E. using switchport trunk native vlan 10 command on trunk ports
F. using switchport nonegotiate command on dynamic desirable ports

@Luay – A&C

@Harikrishnan A

shutdown – the interface is error-disabled

shutdown vlan – the virtual Layer2 segment is disabled

restrict – when the number of secure MAC addresses o the port reaches a specified maximum limit, the port drops packets and send an SNMP trap

protect – when the number of secure MAC addresses o the port reaches a specified maximum limit, the port drops packets without notification

Monday will be exam anyone latest material about dumps, please share google drive link
or mail s.nazuohatgmail thanks

@Anton …
Thank you So much

1.Q09 Which action does standard antivirus software perform as part of the file‐analysis process?
A. execute the file in a simulated environment to examine its behavior
B. examine the execution instructions in the file
C. flag the unexamined file as a potential threat
D. create a backup copy of the file Answer: Aor B

which one is the correct answer.

What does the policy map do in CoPP?
A. defines the action to be performed
B. defines packet selection parameters
C. defines the packet filter
D. defines service parameters
answer please

Q43 What are two major considerations when choosing between a SPAN and a TAP when
implementing IPS? (Choose two.)
A. the amount of bandwidth available
B. the way in which dropped packets will be handled
C. the type of analysis the IPS will perform
D. whether RX and TX signals will use separate ports
E. the way in which media errors will be handled

4 Which information can you display by executing the show crypto ipsec sa command?
A. proxy information for the connection between two peers
B. IPsec SAs established between two peers
C. recent changes to the IP address of a peer router
D. ISAKMP SAs that are established between two peers
some place answer is B and other place C
which one is correct answer

What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources.
B. to define traffic classes.
C. to organize the egress packet queues.
D. to maintain the policy map.
A or B
Please, anyone, Identify the correct answer

Which term is most closely aligned with the basic purpose of a SIEM solution?
A. Causality
B. Accountability
C. Non-Repudiation
D. Repudiation
answer identify please B or C

Which type of firewall can perform deep packet inspection?
A. stateless firewall
B. packet-filtering firewall
C. application firewall
D. personal firewall
identify the correct answer
B or C

@NAZ
Q09 – B
QCoPP – A
Q43 – A&C

@Anonymous
Q4 – B
Qx – A
Qy – B
Qz – C

@Taz

1: AB
2: A
3: B
4: BC
5: AD
6: BC
7: AB
8: Not C. AD, BD, only B – make your pick. We can’t agree on 100% correct answer.
9: BC
10: B
11: repeated
12: repeated
13-16: D. If you have doubts about the question that is basically answered on page 1 of every cybersecurity book in the world, maybe rethink your exam choices?
19: repeated

That post above is @Theo.
Not sure how i made it ‘Taz’ there…..

Passed 9XX end of December,

thank you very much MR.Bolo , your corrections is correct.

All MCQ as dump + Bolo correction , one LAB as same dump, one DND ( port security)

Good luck all

Q43 What are two major considerations when choosing between a SPAN and a TAP when
implementing IPS? (Choose two.)
A. the amount of bandwidth available
B. the way in which dropped packets will be handled
C. the type of analysis the IPS will perform
D. whether RX and TX signals will use separate ports
E. the way in which media errors will be handled

@Anonymous – I have literally provided the answer to your question few posts back… scroll up!

Q43 What are two major considerations when choosing between a SPAN and a TAP when
implementing IPS? (Choose two.)
A. the amount of bandwidth available
B. the way in which dropped packets will be handled
C. the type of analysis the IPS will perform
D. whether RX and TX signals will use separate ports
E. the way in which media errors will be handled
Answer: A, C

Which two services define cloud networks? (Choose two):
A. Infrastructure as a Service
B. Platform as a Service
C. Security as a Service
D. Compute as a Service
E. Tenancy as a Service

What are the correct answers here guys?

Hi @Bolo, thanks for your great work here, it’s an excellent help for everyone.

What resources would you use to prepare for the exam if you had to take the exam in a couple of weeks?

I got some documents but I’m not sure if they are up to date or if they are reliable.
Do you think it is worth buying a VCE? Where would you buy it?

my email is {email not allowed}, if you (or any good guy) can share any updated documents or resources with me I would really appreciate it.

nakhan3 @ protonmail . com

@Bolo where can i get the dump ?

Congratulations!

Passed the 210-260 exam recently (3/Jan/2020)!

67 questions
1 Simulation
1 Drag and Drop (Shutdown, Restrict, Protect)

I mainly learned the PassLeader 210-260 dumps (553q NEW version), all questions are available in PassLeader.

Really helpful.

P.S.

Part of PassLeader 210-260 dumps are available here FYI:

drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg

(553q~~~NEW VERSION DUMPS Updated Recently!!!)

Good luck, all!

[copy that link and open it in your web browser]

And,

Part of PassLeader 210-260 IINS new questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 546
Which statement about TACACS+ is true?

A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.

Answer: C

NEW QUESTION 547
Which effect of the secure boot-image command is true?

A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.

Answer: C

NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)

A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes the actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.

Answer: BC

NEW QUESTION 549
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?

A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.

Answer: C

NEW QUESTION 550
Which 802.1x component enforces the network access policy?

A. authentication server
B. authenticator
C. RADIUS server
D. supplicant

Answer: A

NEW QUESTION 551
Drag and Drop
Drag and drop the each port-security violation mode from the left onto the corresponding action on the right.

Answer:

NEW QUESTION 552
……

Download more NEW PassLeader 210-260 dumps from Google Drive here:

drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg

(553q~~~NEW VERSION DUMPS Updated Recently!!!)

Good luck, all!

[copy that link and open it in your web browser]

@Rediat Asfaw.There is no new questions 552 and 553 on the link you provided.

QUESTION 30
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?
A. split tunnelling
B. hair-pinning
C. tunnel mode
D. transparent mode
Answer: A

Shouldn’t this be “B”? When split tunneling is enabled it would only route specified prefixes through the VPN and everything else directly through the Internet.

@Anton
Yes . The correct answer is B.
. My exam is today.. wish me luck

good luck, hope you makeit.

@luay – good luck mate! Please try to remember as much as you can and share you post exam experience with us.

I’m really wondering if C0achGreece and Nov/Oct PassLeader are enough or you actually need to study Youki dump too.

Anton, The answer IS A. Hairpinning is when traffic enters and exits the same interface.

Also , TONS of wrong answers in passleader. I would study youki. It has been the most accurate by far. Even C)achGreece has a few wrong. I’m not just memorizing the dumps but researching and learnign the concepts as I go along.

Hello, coachgrease has only 67 quiz… is it the file you guys are using?

@Primal – thanks for you comments

I have my own version with corrected answers for question from c0achgreece and PL (Oct/Nov).

Is Youki all correct or there are some obvious mistakes we are aware of?

Also, can you elaborate on your answer for the below question please?

QUESTION 30
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?
A. split tunnelling
B. hair-pinning
C. tunnel mode
D. transparent mode

Help here

Which two services define cloud networks? (Choose two.)
A. Infrastructure as a Service
B. Platform as a Service
C. Security as a Service
D. Compute as a Service
E. Tenancy as a Service

Youki is mostly correct and it has lots of explanations so you can actually learn the concepts so I like it. As far as hairpinning on the ASA. lets say the ASA is my default gateway. my traffic goes to the inside interface and the ASA and the ASA has a route to the host I want to get to on the same inside interface. It has to send it out the same inter face it came in on. That is hair-pinning (U-turn). As a side note the ASA wont allow this by default you have to give the Same-security traffic intra-interface command.

Split-tunneling is when you are in a VPN session and the ASA allows traffic to unsecured networks eg. Public internet sites to use your internet connection locally and not go through the secure tunnel. Does that make sense?

@Primal – thanks for your explanation.

I was a little bit confused as the question is asking for a feature which allows Internet traffic to go through the same Interface as local LAN/WAN traffic – isn’t this configured by default (split tunneling disabled) and if you would like to force the Internet traffic to go through you local breakout, instead of going through the VPN, you need to enable the split tunneling?

@Anton. Agreed the question is worded strange. Who know who translated it. You have to enable split tunneling. Without split tunneling ALL your traffic is going through the VPN tunnel. With split tunneling only the traffic to secured networks (your internal company network) would go over the VPN tunnel.

I passed my exam 996/1000 .

I study the PL 550 questions , all the question in the test is word by word as PL file.
The last 50 questions in PL has some wrong answers . So i collected the right answers from following @Bolo and @X7X in the last 3 pages in the form .
– 1 sim : Connection less VPN , 4 questions as PL, the same answers .
– D&D : Drag and drop the each port-security violation
– 1 new qustion : in my word : what is true about STP attack :
answers: A,B
A- the attacker installed swich to become root bridge
B- its kind of man – in -the middle attak.
c- XXXX not related
d- XXXX not related .

wish u guys best of luck

Thank you Bolo

Bolo … you are the man … Thank you so much and God bless u

@noname. Can I get a link to the 550 question PL. The one that I have has lots of wrong answers. OR can anyone link to it please.

@ Primal … all the questions in this form. if u collect all questions , it will be more than 67 questions , that what u will see in the test. correct for correct anserws just follow Bolo answers .

or send ur questions , and i will help u

Does anybody have questions 536 and 537 from PassLeader October?

Any good SIM material out there?

After about 40 days, Cisco will have major changes, and the exam will not be easy. Now is the best time to take the exam. Our questions and answers will help you pass the CCNA, CCNP and CCIE exams quickly during this time. Now is the last chance to pass the exam quickly. Free updates for one year. This is our website ↓↓↓
forums.delphiforums.com/happy2020/messages/1/1

Hi, check below links from both quizlet and dumps.. confirm as per your study experience if they are of benefit or if one can use them for preparations.
https : // www . brainscape.com/flashcards/210-260-dump-6457876/packs/10114503

https: // quizlet . com/425564687/ccna-security-092019-flash-cards/

Good Morning hope everyone is fine. Kindly assist on some questions here that have some queries?

How is management traffic isolated on a Cisco ASR 1002?
A. Traffic is isolated based upon how you configure routing on the device.
B. There is no management traffic isolation on a Cisco ASR 1002.
C. The management interface is configured in a special VRF that provides traffic isolation from the default routing table.
D. Traffic isolation is done on the VLAN level.

Which type of social engineering attack targets top executives?
A. baiting
B. vishing
C. whaling
D. spear phishing

Which two actions can an end user take to manage a lost or stolen device in Cisco ISE? (Choose two.)
A. Reinstate a device that the user previously marked as lost or stolen.
B. Activate Cisco ISE Endpoint protection Services to quarantine the device.
C. Request revocation of the digital certificate of the device.
D. Add the MAC address of the device to a list of blacklisted devices.
E. Force the device to be locked with a PIN.

Which command do you enter to verify the Phase 1 status of a VPN connection?
A. debug crypto isakmp
B. sh crypto session
C. sh crypto isakmp sa
D. sh crypto ipsec sa

in passleader they are saying sh crypto ipsec sa but i think the answer should be sh crypto isakmp sa in ccna security official guide page 230 says its c

Refer to the exhibit. Which area represents the data center? some dumps are saying A while others are saying C