Share your CCNA Security Experience
November 5th, 2015
Go to comments
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Become a member to practice all the questions on our site!
@”no name because I passed the exam”
The new question you are talking about looks similar to Q15 from yako PDF:
Q15 Which two statement about STP attacks are true? (Choose two)
A. The attacker sets up a rogue DHCP server to intercept requests
B. They can be performed only when Cisco Discovery protocol is running
C. Then can mitigate by disabling STP
D. They can create the opportunity for subsequent man-in-the middle attacks
E. The attacker sends BPDU messages to become the root bridge
F. They can be executed only from a hub
Answer: D, E
@EMK
How is management traffic isolated on a Cisco ASR 1002?
A. Traffic is isolated based upon how you configure routing on the device.
B. There is no management traffic isolation on a Cisco ASR 1002.
C. The management interface is configured in a special VRF that provides traffic isolation from the default routing table.
D. Traffic isolation is done on the VLAN level.
Answer: C
Which type of social engineering attack targets top executives?
A. baiting
B. vishing
C. whaling
D. spear phishing
Answer: C
Which two actions can an end user take to manage a lost or stolen device in Cisco ISE? (Choose two.)
A. Reinstate a device that the user previously marked as lost or stolen.
B. Activate Cisco ISE Endpoint protection Services to quarantine the device.
C. Request revocation of the digital certificate of the device.
D. Add the MAC address of the device to a list of blacklisted devices.
E. Force the device to be locked with a PIN.
Answer: A, E
Which command do you enter to verify the Phase 1 status of a VPN connection?
A. debug crypto isakmp
B. sh crypto session
C. sh crypto isakmp sa
D. sh crypto ipsec sa
Answer: C
Just remember ISAKMP – Phase1l; IPSEC – Phase2
@luay
Are you done with exam? Kindly share the feedback.
How is management traffic isolated on a Cisco ASR 1002?
A. Traffic is isolated based upon how you configure routing on the device.
B. There is no management traffic isolation on a Cisco ASR 1002.
C. The management interface is configured in a special VRF that provides traffic isolation from the default routing table.
D. Traffic isolation is done on the VLAN level.
Answer: C
Which type of social engineering attack targets top executives?
A. baiting
B. vishing
C. whaling
D. spear phishing
Answer: C
I’m a bit confused about Simulation question.
Step1: Firewall, Configuration, NAT Rules, Name=Http, IP version IPv4, IP address=172.16.1.2 Static NAT=209.165.201.30
But I have seen they filled reversely.
Step1: Firewall, Configuration, NAT Rules, Name=Http, IP version IPv4, IP address=209.165.201.30 Static NAT=172.16.1.2
Which one is the correct way to configure?
@Anonymous I would say the 1st one. You NAT the real address 172.16.1.2 (inside local) to the public accesible global address 209.165.201.30.
In addition when you create the ACL to allow traffic to the webserver you reference teh “Real address) 172.16.1.2 NOT the translated address of 209.165.201.30. That was a big shift from the 8.2 to 8.3 ASA codebase
please could you confirm if the YUKI responses are correct ?thank you
Any help with these, Ive seen different anwers:
In which two models can the Cisco Web Security Appliance be deployed? (Choose two.)
A. as a transparent proxy using the Secure Sockets Layer Protocol
B. as a transparent proxy using the HyperText Transfer Protocol
C. explicit active mode
D. as a transparent proxy using the Web Cache Communication Protocol
E. explicit proxy mode
How will the traffic be affected if policy from the self-zone is removed?
A. all traffic will be inspected.
B. traffic will not be inspected.
C. traffic will be passed with logging action.
When is the default deny all policy an exception in zone-based firewalls?
A. When traffic sources from the router via the self zone
B. When traffic traverses two interfaces in the same zone
C. When traffic terminates on the router via the self zone
D. When traffic traverses two interfaces in different zones
Which two options are advantages of an application layer firewall? (Choose two.)
A. provides high-performance filtering
B. makes DoS attacks difficult
C. supports a large number of applications
D. authenticates devices
E. authenticates individuals
@Anton …yes yes the STP question is the same question 100% in the exam
Any help with this question,
A network security administrator checks the ASA firewall NAT policy table with the show nat command. Which statement is false?
A. First policy in the Section 1 is dynamic nat entry defined in the object configuration.
B. There are only reverse translation matches for the REAL_SERVER object.
C. NAT policy in Section 2 is a static entry defined in the object configuration.
D. Translation in Section 3 is used when a connection does not match any entries in first two sections.
Answer: A
which one is the correct answer? A or D ?
@Anonymous
You dont shoe me the “Show NAT” command but the answer cannot be A as Section 1 is Manual NAT not Auto NAT (defined in the object)
I say the answer is D,
@Anonymous & @Primal – where can I find that simulation question you are referring to in you posts above?
@”No name because I passed the exam” – thanks for confirming
@Anton The Access list sim? I had to go back a few pages it was a google link that had it in there with some other dumps. The sim is wrong though as the access list tells you to use the Trnslated IP and not the Real IP (priviate inside). That is 8.2 code.
@Anonymous – thanks for that, will try to dig it out.
What command can you use to verify the binding table status?
A . show ip dhcp snooping database
B . show ip dhcp snooping binding
C . show ip dhcp snooping statistics
D . show ip dhcp pool
E . show ip dhcp source binding
F . show ip dhcp snooping
Hello guys I got two answer’s for this q
which one is correct A/B ?
A network security administrator checks the ASA firewall NAT policy table with the show nat command. Which statement is false?
A. First policy in the Section 1 is dynamic nat entry defined in the object configuration.
A is false, no need to see the output. Section 1 is for manual NAT entries and those can not be defined in the object configuration.
@Adam
What command can you use to verify the binding table status?
A . show ip dhcp snooping database
B . show ip dhcp snooping binding
C . show ip dhcp snooping statistics
D . show ip dhcp pool
E . show ip dhcp source binding
F . show ip dhcp snooping
Answer: B
@Bolo – do you have that SIM question guys are discussing above somewhere in you docs?
I’m trying to find it
@Anton
IIRC it’s in Anubis file
@Anton /Bolo
Kindly assist with the coachgrees questions you can send them to my email address {email not allowed}
thanks in advance
Kindly assist with the coachgrees questions eric kiarie @ yahoo com
@Adam
Tricky question. I think it is A. As show ip dhcp snooping database does show the “status” as below:
Load for five secs: 4%/0%; one minute: 4%; five minutes: 3%
No time source, *05:54:35.898 EST Tue Jan 7 2020
Agent URL :
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : No
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts : 0 Startup Failures : 0
Successful Transfers : 0 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 0 Failed Writes : 0
Media Failures : 0
whereas sho ip dhcp snooping bindings show actual Mac to IP bindings. Just my opinion
@Anton /Bolo
Kindly assist with the coachgrees questions eric kiarie @ yahoo com
Thanks in advance
@ Bolo, is the Anubis sim correct with 172. being the inside local and the 209. being the static nat? I feel like that is correct but I have seen it switched around more than once.
@Andy138
I work on ASAs as part of my job. The NAT on Anubis looks good. The access list is wrong for 8.3 code and above though. You reference “Real” ips in the access-list in newrer code. So the destination on the access rule should be 172.16.1.2. Look up how access list work differntly bteween 8.2 code and 8.3 and above. You will get what I mean. As what Cisco really wants on the sim, who knows
@Bolo Appreciate the feedback, getting ready for my second attempt and got a document with all these corrected q&a’s. About enough to make my head spin! 846 the first time around.
@Andy138
Good luck! You were so close last time. What sim did you have for the last attempt?
@Primal, appreciate it. The last sim was verifying ASA configs and the DnD was the port security. It would be nice to get the same exam again but I doubt it so preparing for all possibilities
I’ll let you know how it goes, taking it Friday as it was the soonest I could re-take it.
@ ANDY138
KINDLY ASSIST WITH THE coachgrees questions YOU CAN SEND HERE
eric kiarie @ yahoo com
My Exam will be at Thursday 9/1
I studied kharajee with bolo correction.
is this enough?
Please advise.
My Exam will be on Thursday 9/1
I studied k h a g e n s i t e . c o m with bolo correction.
is this enough
Please advise. **
@ Anonymous I didnt use coach, been using PL and going through the last few pages of this feed getting some answers corrected.
Bolo bhai,
confirm me below answer please
Q526 What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources
B. to organise the egress packet queues
C. to define traffic classes
D. to maintain the policy map
A or C
@Caan
Q526 What is the main purpose of Control Plane Policing?
Answer to prevent exhaustion of route-processor resources
This seems to have diiferent answers. Anyone know the real ones?
QUESTION 106
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events
will occur when the TACACS+ server returns an error? (Choose two.)
A. Authentication attempts to the router will be denied
B. The user will be prompted to authenticate using the enable password
C. Authentication will use the router’s local database
D. Authentication attempts will be sent to the TACACS+ server
@ Caan , q526: A
I passed my test 789.
Thank you BoLo…
Sorry , I got 989… lol
Congrats! luay. Sim was ASDM SSL VPN? any other info?
Thank you Bolo, yes 4 questions ASDM SSL VPN . The same questions and answers in the dumps
@Luay from what dumps? Thanks!
@ Anonymous , I used Lead2Pass dumps . But its have alot of wrong answers , so i correct them by following Blolo answers in this form .
@Luay Is coachgreece and youki’s still valid? how about the drag and drop and sim?
What is the pass mark for ccna security 210-260.
Also please share drag and drop questions. I dont have any apart from shutdown,restrict,protect,shutdown vlan.
Also please share the sim. i have only that clientless sslvpn asdm sim. IS any other is coming for exam. @Anton,@x7x,@ Bolo.
@Anton – Thanks for port security D&D answer.
Reposting the link for PDFs of all important files, and some rubbish (remove spaces in the link):
drive.google.com /drive /folders /1hol5viWl3lH5req2F2WQR_ffzCR-kxi8
Corrected answers, discussion etc. are all on this forum – don’t be lazy and read last few pages.
@Luay
Grats! Good score too, nice
About that sim:
ASA version can be checked in ASDM, in the Device Dashboard. Primal is right about differences between ASA versions and ACL config.
If this sim comes up in the exam (which I haven’t seen anyone mentioning here in past months) you can check the ASA version, or just configure the ACL one way and see if it works.
Keep in mind that devices in the sim are accessible and you have tools to verify if the config is correct. And TBH, you should not leave the sim without verifying everything.
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server
AB ?
@bolo
Anyone has exam simulator to open ete and vcex files?
Thank you!
@Luay – congrats!!!
From Youki PDF:
QUESTION 149
Which feature filters CoPP packets?
A. Policy maps
B. Class maps
C. Access control lists
D. Route maps
Answer: C
Is this the correct answer?
@Bolo – thanks a lot! Got it now!
1. Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hashing.
B. TACACS is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS is used for access to network resources more than administrator access to network devices.
D. TACACS server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext
Is it B or C?
2. How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?
A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.
Is it C or D?
3. What are two advanced features of the Cisco AMP solution for endpoints? (Choose two.)
A. sandboxing
B. reflection
C. reputation
D. foresight
E. contemplation
Is it A,B or A,C?
4. In which two models can the Cisco Web Security Appliance be deployed? (Choose two.)
A. as a transparent proxy using the Secure Sockets Layer Protocol
B. as a transparent proxy using the HyperText Transfer Protocol
C. explicit active mode
D. as a transparent proxy using the Web Cache Communication Protocol
E. explicit proxy mode
Is it D,E?
@Bolo, thanks for all you do!
@Andy138
1. Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hashing.
B. TACACS is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS is used for access to network resources more than administrator access to network devices.
D. TACACS server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext
Answer: B
2. How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?
A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.
Answer: D
3. What are two advanced features of the Cisco AMP solution for endpoints? (Choose two.)
A. sandboxing
B. reflection
C. reputation
D. foresight
E. contemplation
Answer: A, C
4. In which two models can the Cisco Web Security Appliance be deployed? (Choose two.)
A. as a transparent proxy using the Secure Sockets Layer Protocol
B. as a transparent proxy using the HyperText Transfer Protocol
C. explicit active mode
D. as a transparent proxy using the Web Cache Communication Protocol
E. explicit proxy mode
Answer: D, E
@Anton appreciate it, thanks for all you do as well!
@Primal & Adam – I would still go with answer B
What command can you use to verify the binding table status?
A . show ip dhcp snooping database
B . show ip dhcp snooping binding
C . show ip dhcp snooping statistics
D . show ip dhcp pool
E . show ip dhcp source binding
F . show ip dhcp snooping
From my switch:
SWITCH01#show ip dhcp snooping ?
binding DHCP snooping bindings
database DHCP snooping database agent
statistics DHCP snooping statistics
| Output modifiers
SWITCH01#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
—————— ————— ———- ————- —- ——————–
Total number of bindings: 0
SWITCH01#show ip dhcp snooping database
Agent URL :
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : No
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts : 0 Startup Failures : 0
Successful Transfers : 0 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 0 Failed Writes : 0
Media Failures : 0
I haven’t got DHCP snooping enabled here but my understanding is that the database agent usually points to an tftp location where the database with dhcp snooping bindings is stored (Configure the DHCP snooping database agent. This step ensures that database
entries are restored after a restart or switchover).
The command will display the information about the agent (URL) and some statistics not the binding.
@Anon – there is a massive debate with regards to this question hence different answer choices:
QUESTION 106
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events
will occur when the TACACS+ server returns an error? (Choose two.)
A. Authentication attempts to the router will be denied
B. The user will be prompted to authenticate using the enable password
C. Authentication will use the router’s local database
D. Authentication attempts will be sent to the TACACS+ server
After careful command inspection the only right answer choice is “B” but because we have to go with 2x choices, I would go for “B” & “D”.
I will have some time tomorrow to get this tested in the office on one of the spare routers and let you all know the results.
My grade in my test was:
Security concepts 100%
Security Routing and switching 88%
Vpn 92%
I passed my test 942. dumps are valid
Thank you BoLo…
@M&M – congrats!!!
Which Dumps have you used?
coachgreece, youki’s and PassLeader Oct/Nov 2019
67 questions
1 Simulation ASA
1 Drag and Drop (Shutdown)
@M&M – great, thank you for confirming!!!
Q528
D is correct
‘The DCE/RPC preprocessor uses these and other protocol-specific characteristics to monitor both protocols for anomalies and other evasion techniques, and to decode and defragment traffic before passing it to the rules engine’
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/application_layer_preprocessors.html
@Anton Thanks, that is nice. I can confirm ALOT of these questions are on the exam. I just passed late yesterday. On to JNCIA-Sec!
@Primal – thanks and congrats!!! I have a feeling this would be enough to pass but won’t take my chances and study Youki too.
Good luck with your Juniper certifications!
QUESTION 106
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events
will occur when the TACACS+ server returns an error? (Choose two.)
A. Authentication attempts to the router will be denied
B. The user will be prompted to wsauthenticate using the enable password
C. Authentication will use the router’s local database
D. Authentication attempts will be sent to the TACACS+ server
After careful command inspection the only right answer choice is “B
Can anyone share the latest dump (valid) i can use to study ccna sec?
Anyone can help me a bit, I’m confused about this question
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. loop guard
B. root guard
C. EtherChannel guard
D. BPDU guard
which one is correct answer ? B or D ?
its b
@Anonymous
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. loop guard
B. root guard
C. EtherChannel guard
D. BPDU guard
Answer: B
Passed today with 950+ score.
Many thanks to @Youki, @Bolo.
@Arun – congrats!!!
@Arun what was in your exam? what sim? what did you use?
Root guard puts it in a blocking state, BDPU puts it in err-disabled state
@all
QUESTION 106
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)
A. Authentication attempts to the router will be denied
B. The user will be prompted to authenticate using the enable password
C. Authentication will use the router’s local database
D. Authentication attempts will be sent to the TACACS+ server
So I have finally managed to test this. My config below:
###########################################################
enable secret 5 $1$R7Xc$LiC8W5/TfSWAgHxqtwa82/
username ciscoadmin privilege 15 secret 5 $1$R7Xc$LiC8W5/TfSWAgHxqtwa82/
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
tacacs-server host 10.10.10.10 key Password1
tacacs-server host 10.10.10.11 key Password1
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
transport input telnet ssh
###########################################################
I have tested with a console cable as well as by telneting to the device and the behavior is the same – I can log in to the device with the enable password successfully.
With “debug aaa authentication” enabled I can see the requests going to the TACACS+ hosts, but because there is no configuration on the Cisco ACS done for my Router, after 5s it falls back to enable Password.
If I try to SSH to the router, it won’t work because SSH requires username&password – I would have to add local method to the default list to make it work.
If I unplug the LAN cable from the router, it asks for the enable password immediately (doesn’t wait 5s) as it can not contact the TACACS+ servers (tested via Console).
It will never accept the local credentials even tho I had “ciscoadmin” configured and tried to SSH.
@Anton – Thanks
@kris – 67 questions, 1 SIM with 4 questions and 1 drag and drop [Shutdown, Shutdown VLAN, Protect & Restrict]
Youki/Coachgreece/this thread.
hi everyone would like to get a clarification on this question
What features can protect the data plane? (choose 3)
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping
on the official guide it says the following are used for security measures:Access control lists (ACL)
Layer 2 controls, such as private
VLANs, Spanning Tree Protocol
(STP) guards
IOS IPS, zone-based firewall
I believe with Anton’s and Bolo’s answers and explanations plus passleader we are good to go . All the best to everyone sitting for their exams. Thank you everyone on this forum . doing mine tomorrow
Passed today with 984
Special thanks for Bolo
All the dumps from khagen site, I studied less than 100 questions but with bolo correction.
Thanks all
khagen site whats the address?
@EMK
B,D,F
@Anton
Thanks for labbing that up! I would say that confirms B and D for the answer.
k h a g e n s i t e . c o m
@Arun
How much of the exam was similar to Coachgreece questions?
@MQQ – congrats! Nice score by the way
@Primal – not a problem and yes, I would go for B&D
@EMK – good luck!
@Bolo
Which answer would you go for?
What features can protect the data plane? (Choose three)
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping
Answer: A, B, F or B, D, F
Hi all,
@Bolo, @ Anton,@Arun
Please someone can confirm which address should be applied on sim regarding ACL
the real or translated?
– Which IOS supports the real address since 8.4?
I
-if it ‘s the old ASDM which translated address need to be applied onto ACL,
do we need to permit the traffic to the global address, as well?
I’d really appreciated if someone can clarify it.
Thanks
Policing is more associated with the Control Plane. B,D, and F are def. Data plane.
has anyone got anything to open ETE files?
@Primal – thanks for clarifying
@aek – you can have a look at Primal’s comment with regards to ASA (bottom of the page 256)
If I would get the LAB during my exam (which apparently haven’t happened for w while now) I would just get it tested with both options and see which one works.
@aek
8.3 and above use real address for the acces-list 8.2 and below use the translated. Anton gave good advice. See which one works although I would try the real address first since it is current ios.
@Andy
1=DE
2=YOU’RE MISSING THE D WHICH MIGHT BE CORRECT
3=B
4=BE
Thanks @Anton,@Primal for your answers were so helpful.
My questions is if the ASDM is 8.2 and below. If I’m not mistaken, it’s not enough just the translated addr, we have to permit traffic to global address , as well.
Any advice ?
thanks
@aek The internal address (inside local) is translated to inside global , so lots of times its the same IP as outside global depending on your perimeter design. just use the IP that you translated the inside ip to. It will work. Google some examples on th diffrence btween 8.2 and 8.3 nat, You will find TONS of examples.
@Arun which ASA sim was it configuring or verifying configs?
Hi all..
Anyone here can tell me how many configuration questions (labs) are in the exam ?
and what are the regular labs?
@anton thankyou for taking time to sumerise the last few page of this site awesome effort!
almost all i would go with the same answer but a few i have some queries:
Q14 Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10? (Choose
two)
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. enabling BPDU guard on all access ports
C. using switchport trunk native vlan 10 command on trunk ports
D. using switchport nonegotiate command on dynamic desirable ports
E. applying ACL between VLANs
F: using switchport mode access command on all host ports
Answer: A, F
I would say D,F as this means that access ports cannot become trunk which is required in vlan hop attack also see Q496
@anton
Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: A, B
I would assume this Q is wrong/ missing some detail and the answer is B,C also see Q441