Share your CCNA Security Experience
November 5th, 2015
Go to comments
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Become a member to practice all the questions on our site!
@anton
Q494 Which two problems can arise when a proxy firewall serves as the gateway between networks?
(Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.
Answer: A, B
I would assume this Q is also wrong as E is a typo (ktrtf)
I would say A for sure and probably D.
Proxys do prevent a direct connection as they sit between you and the external network so B would not be correct.
@anton
Q525 Which two statements about hardware-based encryption are true? (Choose two)
A. It is potentially easier to compromise than software-based encryption.
B. It requires minimal configuration.
C. It can be implemented without impacting performance.
D. It is widely accessible.
E. It is highly cost-effective.
Answer: B, C
This one is not really fair depends on the hardware being encrypted and size of organisation.. it could also be C,E but i am open to suggestion on this!
@ anton
i’m also wondering about copp and cppr questions regarding protecting control plane and data plane.
So i think Policy and Class maps for control plane Q as both cppr and copp use these features:
CPPr
https://tools.cisco.com/security/center/resources/understanding_cppr
COPP
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/copp.html
@ anton
for data plane Q we have to use ACL/Antispoof/dhcp-snoop to protect
www. ciscopress. com/articles/article.asp?p=1924983&seqNum=5
@travis – hi and welcome to the forum.
There is some questions in my file which have not been verified as they are from the older PassLeader dumps so no one bothered to actually research them – these sections are labelled in blue.
Now with regards to the questions:
Q14 Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10? (Choose two)
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. enabling BPDU guard on all access ports
C. using switchport trunk native vlan 10 command on trunk ports
D. using switchport nonegotiate command on dynamic desirable ports
E. applying ACL between VLANs
F: using switchport mode access command on all host ports
Answer: A, F
I will stick to A&F here – it is actually one of the Cisco’s recommendation to use unused VLAN as NATIVE VLAN for trunk ports – this is what I actually do when configuring networks at work.
With regards to your suggestion “D”, I’m not even sure if this is possible – to configure “switchport nonegotiate” command on an interface witch is configured as “dynamic desirable”. Dynamic Desirable uses DTP and “switchport nonegotiate” disables DTP so the switch will possibly return an error when you try to do that.
Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: A, B
I haven’t researched this as this Q is from [July-2018] – Answers not verified
Q494 Which two problems can arise when a proxy firewall serves as the gateway between networks?(Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.
Answer: A, B
Same as Q404 – this is from [May-2019] – Answers no verified and as you have said incomplete/incorrect
Q525 Which two statements about hardware-based encryption are true? (Choose two)
A. It is potentially easier to compromise than software-based encryption.
B. It requires minimal configuration.
C. It can be implemented without impacting performance.
D. It is widely accessible.
E. It is highly cost-effective.
Answer: B, C
Again, I would stick to B, C on this one. From my experience having a dedicated hardware to encrypt the traffic in your network is very expensive and not very scalable. It is cheaper to use encrypted protocols (SSH. HTTPS, etc) or encrypted tunnels to provide data confidentiality.
Anubis/ C0achGreece do you have the lasist dumps hard to scroll back to find your links?
Also Youki managed to find yours but when i try and open the vce file it says error retrieving decrypt key. any help would be appreciated
@travis – with regards ti CoPP&CPPr – can you post the entire question here as I’m not sure which one are you referring to.
With regards to Data Plane question, yes – we established the same:
What features can protect the data plane? (Choose three)
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping
Answer: B, D, F
Which two features of Cisco Web Reputation tracking can mitigate web-based threats? (Choose Two)
A. outbreak filter
B. buffer overflow filter
C. bayesian filter
D. web reputation filter
E. exploit filtering
is the answer AD or is it AE
@travis
Q.14: AF
You can’t use switchport nonegotiate on dynamic desirable mode ports – only on trunk/access. Also, A is basically the default VLAN hopping prevention measure for Cisco.
Q.404: Yeah, BC
I’ve seen this question as: “Which two are valid types of VLANs using PVLANs? (choose two)” with answer like you posted.
Q.494: AE
E because BCD are all wrong.
Q.525: BC
It’s not about “hardware being encrypted” – which is impossible. It’s about hardware used to encrypt. Size of organisation doesn’t matter – I can’t think of any not-even-so-modern IT device that doesn’t have some kind of software encryption implemented by default. And not many have specialized hardware dedicated to encryption – sometimes you can pay extra for it (NOT E), sometimes you won’t be able to have it at all (NOT D) – depending on the device. As for NOT B – usually you only have to enable hardware encryption.
@travis
Is this the question:
Which two features do CoPP and CPPr use to protect the control plane? (choose two)
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
If so, I’d go with AB – Cisco says:
“The Control Plane Protection feature is an extension of the policing functionality provided by the existing Control-Plane Policing feature. The Control-Plane Policing feature allows Quality of Service (QoS) policing of aggregate control-plane traffic destined to the route processor. The Control Plane Protection feature extends this policing functionality by allowing finer policing granularity.
The functionality added with Control Plane Protection includes a traffic classifier, which intercepts traffic and classifies it into three control-plane categories. “
@EMK
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?
Answer is AE
On February 24, Cisco will have major changes, the exam difficulty will be upgraded, and it will be difficult to obtain a stable dump in a short period of time. It was easy to pass the CCNP and CCIE exams before February, and the dump is very stable. Now is the best time to take the exam. Cisco certifications obtained before the reform are still valid and more valuable.
This is a URL ↓↓↓
forums.delphiforums.com/happy2020/messages/1/1
Hi All,
I have completed reading/understanding CCNA Sec. 210-260 Study guide and planning to appear for the certification by next weekend.
I have very basic to No knowledge of working with ASA/Security devices.
I have downloaded dumps which Mr. BOLO had shared via cloud (Youki,Anubis and PL). I will start going through them and also will follow this thread to get better understanding about Dumps.
My CONCERN is Lab/Scenario being asked in the Exam. As I have very little/No exposure with ASA GUI.
How can I do hands-on before I appear for Exam ?
I request all the mentors here to give your suggestions pls.
QUESTION 406 Why does ISE require its own certification issued by a trusted CA?
A. ISE certificate allow guest device to validate it as a trusted network device
B. ISE certificate allow it to join the network security framework
C. It request certificates for guest device from the CA server based on its own certificate
D. It generate certificates for guest device based on it own certificate
@Bolo – Please share the answer for this.
QUESTION 406 Why does ISE require its own certification issued by a trusted CA?
A. ISE certificate allow guest device to validate it as a trusted network device
B. ISE certificate allow it to join the network security framework
C. It request certificates for guest device from the CA server based on its own certificate
D. It generate certificates for guest device based on it own certificate
@Bolo – Please share the answer for this..
QUESTION 406 Why does ISE require its own certification issued by a trusted CA?
A. ISE certificate allow guest device to validate it as a trusted network device
B. ISE certificate allow it to join the network security framework
C. It request certificates for guest device from the CA server based on its own certificate
D. It generate certificates for guest device based on it own certificate
Answer is A
Guys
Free chinese(in English) dumps.
Valid.
mycertexam.com
Just visit mycertexam.com and thanks me later. Everything is free in this site
@travis – just tested it and as I have said it is not possible to use switchport nonegotiate command on dynamic desirable ports therefore answer F can not be correct:
Q14 Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10? (Choose two)
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. enabling BPDU guard on all access ports
C. using switchport trunk native vlan 10 command on trunk ports
D. using switchport nonegotiate command on dynamic desirable ports
E. applying ACL between VLANs
F: using switchport mode access command on all host ports
Answer: A, F
SWITCH01(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel set trunking mode to TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
private-vlan Set private-vlan mode
trunk Set trunking mode to TRUNK unconditionally
SWITCH01(config-if)#switchport mode dynamic ?
auto Set trunking mode dynamic negotiation parameter to AUTO
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE
SWITCH01(config-if)#switchport mode dynamic desirable
SWITCH01(config-if)#switchport nonegotiate
Command rejected: Conflict between ‘nonegotiate’ and ‘dynamic’ status on this interface: Gi1/0/10
@travis – I meant to say answer D can not be correct.
Correct answers are A&F
Hi guys passed my exam 984 thanks so much for the information shared here @bolo and @Anton big thank you. Passleader coachgrees youki you are good to go.
Security concepts 88
Secure access 100
Vpn 100
Secure routing and switching 85
Cisco firewall 100
Ips 100
Content and endpoint security 100
All the best
@EMK – nice score! Congrats!
Hi All,
I have completed reading/understanding CCNA Sec. 210-260 Study guide and planning to appear for the certification by next weekend.
I have very basic to No knowledge of working with ASA/Security devices.
I have downloaded dumps which Mr. BOLO had shared via cloud (Youki,Anubis and PL). I will start going through them and also will follow this thread to get better understanding about Dumps.
My CONCERN is Lab/Scenario being asked in the Exam. As I have very little/No exposure with ASA GUI.
How can I do hands-on before I appear for Exam ?
Can anyone help me out here ?
From Youki dump:
QUESTION 332
Which type of VLANs can communicate to PVLANs? (something like this) (choose 2)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: A, B
Does the answer make sense to anyone?
@anton @bolo
thanks for confirming
Q14 agree the cisco best practice is to change native from vlan1 to any other number – thanks for the update on nonegotiate
Q494 thanks for confirming
Q525 ok this make sense regarding the cost of hardware
anton/bolo yes this was the Q
Which two features do CoPP and CPPr use to protect the control plane? (choose two)
did anyone get this Q and answer AB and pass the exam recently? im not disputing bolo’s answer its just that DE seems valid too as the Q asks about ‘Feature’ even bolos answer says ‘Control-Plane Policing feature’ How do we police…we do this within the class map of the policy map. Even the best practice doc (below) for this is not clear – i hate cisco exam technique!
‘The policy-map command is used to associate a traffic class, defined by the class-map command, with one or more QoS policies.’ so all of our answers are in this statement!!
https://tools.cisco.com/security/center/resources/copp_best_practices#2
@anton
QUESTION 332
I wouldn’t bother wasting time on it as its not a proper Q and they’ve admitted it.
I think this is the real Q.. from your doc
Which two are valid types of VLANs using PVLANs? (Choose two)
A. Backup VLAN
B. Secondary VLAN
C. Promiscuous VLAN
D. Community VLAN
E. Isolated VLAN
Answer: D, E
@travis – thanks, yes I have seen that question too – very similar, it could be the same as the one I posted but the author couldn’t remember it properly.
@EMK
Grats. And thanks for the section scores. I know that answers I provided to ppl were enough for 99x scores, failing in Secure Routing and Switching section only. Of course I don’t know what questions exactly ppl had on their exams, but it was mostly the current version – so the question we are discussing here since last summer.
Quite possible that damn TACACS enable question is the one I advised on incorrectly before, and it would fall into this category.
@DPatel
Somewhere in this thread, in original Youki’s material you had all GNS configs necessary to lab things up. You can look for them, I think there were even 2 videos in Arab language with someone doing those sims/labs. But really, screenshots in dumps are enough.
And do study the dumps and answers from here, because the official Cert Guide book from Cisco is a piece of shit. Knowing it all by heart doesn’t even cover 50% of what you need to know for the exam.
For all PVLANs question, just learn it. 2 types of VLANs (iso, comm) and 3 types of ports (iso, comm, promi) :P
@Bolo – true, it’s just easier to learn the PVLANs than trying to remember the questions… and yes, official cert guide is rubbish – I have studied the topics before looking at this forum and it covers very little from what I can see.
mycertexam.com
PDF + VCE + VCE Software
Don’t need to pay.
Site is improving day by day.
Sharing is caring.
Heppy to help.
@Bolo – Thank a lot for getting back to me.
Surely I will go through Yuoki’s material and also checking this blog space.
Yes I have seen one of those videos where an Arab instructor is performing these labs. I will check the screenshots in the dump also.
Thanks again.
Hi all
Can you please someone confirm regarding the lab , once we finish and confirm all is ok.
Do we need to save the config and how ?
Thanks
download most updated CCNA 210-260 exam questions answers from www . exam4lead. com and pass your exam in first attempt
Hi all,
Passed the exam today, a big thank you to @Bolo and @Anton.
Please note , On my exam I had only the sim lab , which I was facing a issue the Remote VPN option was not available , I mentioned that to the exam center and then they opened a ticket to cisco.
Coach greece and Youki still valid,
D&D shutdown…
1-lab-sim.
Thanks
Congts theo just for clarification do u get ASA SSLVPN sim where u answer the multiple questions and don’t configure it. Please confirm
Thx
@Theo – congrats!!!
Are you saying the “Remote Access VPN” tab wasn’t available in ASDM sim?
How did you answer the question? Without checking the configuration?
@Susi I’d only the 4-multi sim not the lab which recuires config
@Anton I just choose what I thought were right
The center said it might be a issue with their center not sure
@Theo
Thanks for confirming , last thing can u please confirm if ur answer were different or same from below question
1)A. AAA with LOCAL database
2)Which two statements regarding the ASA VPN configurations are correct? (Choose two)
a)B. The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method.
b) D. Only Clientless SSL VPN access is allowed with the Sales group policy
ans) Sales
Ans
A. Clientless SSL VPN
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
@Bolo
Can you tell me the right answer on this question I am seeing on passleader its BDF. and I see on others its ABF
Q11
What features can protect the data plane?
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping
Answer : ABF
Which statement about smart tunnels on a Cisco firewall are true? (choose two).
A. Smart tunnels can be used by clients that do not have administrator privileges
B. Smart tunnels support all operating system
C. Smart tunnels offer better performance that port forwarding
D. Smart tunnels require the client to have the application installed locally
AC or AD?
Q92
Which components does HMAC use to determine the authenticity and integrity of a message?
A. The password
B. The hash
C. The Key
D. The transform set
c or bc?
Q124
What is the Cisco preffered countermeasure to mitigate CAM overflows?
A. Port security
B. Dynamic port security
C. IP source guard
D. Root guard
A or B?
When administrator initiates a device wipe command from the ISE, what is the immediate effect?
A. It request the administrator to choose between erasing all device data or only manage corporate data
B. It request the administrator to enter the device PIN or password be proceeding with the operation
C. It immediately erases the data on the device
D. It notifies the device user and proceed with the erase operation.
A or C?
Which type of social engineering attack targets top executives?
A. Baiting
B. Vishing
C. Whaling
D. Spear phising
A or C?
top executives – whaling
Just passed the exam with 9XX. Anton file is enough to pass the exam
q404 fits better promiscus + community i think…
Isolated: These ports are access ports that are assigned to an isolated VLAN. An isolated port has complete Layer 2 separation from other ports within the same primary PVLAN, except for a promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports. Traffic that is received from an isolated port is forwarded only to promiscuous ports.
Promiscuous: These ports are access ports that are assigned to a primary VLAN and typically connect to a router or firewall. A promiscuous port can communicate with all ports within the PVLAN, including the community and isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, given that all devices in the PVLAN need to communicate with that port.
Community: These ports are access ports that are assigned to a community VLAN. Community ports communicate among themselves and with the promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or in isolated ports within their primary PVLAN.
@ztech – thank you and congrats!
Congratulations!
I passed my 210-260 exam with 960/1000 on 10/Jan/2020.
I study the PassLeader 210-260 questions bank, all the questions in the test is word by word as PassLeader file.
1 SIM: Connection less VPN, 4 questions as PassLeader, the same answers.
D&D : Drag and drop the each port-security violation.
1 new qustion: what is true about STP attack.
I mainly learned the PassLeader 210-260 dumps (552q NEW version), all questions are available in PassLeader.
Really helpful.
P.S.
Part of PassLeader 210-260 dumps are available here FYI:
drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg
(552q~~~NEW VERSION DUMPS Updated Recently!!!)
Good luck, all!
[copy that link and open it in your web browser]
And,
Part of PassLeader 210-260 IINS new questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 546
Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.
Answer: C
NEW QUESTION 547
Which effect of the secure boot-image command is true?
A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.
Answer: C
NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)
A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes the actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.
Answer: BC
NEW QUESTION 549
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?
A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.
Answer: C
NEW QUESTION 550
Which 802.1x component enforces the network access policy?
A. authentication server
B. authenticator
C. RADIUS server
D. supplicant
Answer: A
NEW QUESTION 551
Drag and Drop
Drag and drop the each port-security violation mode from the left onto the corresponding action on the right.
Answer:
NEW QUESTION 552
……
Download more NEW PassLeader 210-260 dumps from Google Drive here:
drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg
(552q~~~NEW VERSION DUMPS Updated Recently!!!)
Good luck, all!
[copy that link and open it in your web browser]
@Anton Thanks!!!
fcfcfc IS FAKE FAKE FAKE
fcfcfc IS FAKE FAKE FAKE
NEW QUESTION 546
Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.
Answer: C
NEW QUESTION 547
Which effect of the secure boot-image command is true?
A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.
Answer: C
NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)
A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes the actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.
Answer: BC
NEW QUESTION 549
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?
A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.
Answer: C
NEW QUESTION 550
Which 802.1x component enforces the network access policy?
A. authentication server
B. authenticator
C. RADIdwUS server
D. supplicant
Answer: A
NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)
A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes tweqhe actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.
Answer: BC
QUESTION 335
How does Zone-Based Firewall Handle traffic to and from self-zone ?
A. Drop
B. Inspect with logging
C. Inspect without logging
D. Another option that I can’t recall
Correct Answer: B
My understanding was that by default the traffic TO and FROM self-zone is permitted (Action: PASS) and it can not be inspected or rate limited as it is self-zone. Is that a mistake with another incomplete question?
@Anton, Can you please send me latest dump mdamin10.ctg @gmail.com
What is a valid implicit permit rule for traffic that is traversing the ASA firewall?
A. Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only.
B. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
C. Only BPDUs from a higher security interface to a lower security interface are permitted in transparent mode.
D. ARPs in both directions are permitted in transparent mode only.
E. Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode.
is it A/D?
@Andromeda – it has been shared few pages ago by Bolo & Myself
Passed today scored 989 , Anton file with Bolo’s correction is enough to pass the exam.
Big thanks to Bolo and everyone who has made effort to correct the answer .
Scored 100% in everything except secure routing and switching got 92% so needs to check which one has wrong answer.
Thx again Bolo & Anton
Scored 100% in everything except secure routing and switching got 92% so needs to check which one has wrong answer.
Thx again Bolo & Anton
@Caan, Which files did you use?
Lets know so that we are able to collect the wrong questions in secure routing and switching
@Caan, Did you use Youki file to study?
according to the shared experience in this forum , the valid files one can use to pass are:
Anton file
coachgreese
Bolo correction.
Name any other file…
Personally I did my test in August and passed, willing to contribute to help other before the Syllabus is changed
then i used Youki, Anubis and Yako Files to revise (Guess they aren’t enough to pass as per now)
Can I have Anton file please? i got exam next week.
a b d o 7 2 3 @ h o t m a i l . c o m
@Caan – congrats and thanks for sharing your experience. Nice score btw.
Anton’s file is made of merged C0achGreece, Yako and PassLeader PDFs with corrected by Bolo answers.
989 point is probably 2-3 incorrect answers.
@Snew, you dont need to study Youki or Anubus , Anton file is enough to pass the test, its 100% Valid .
@Anton i ve just realised i got 83% in IPS Section and 92% in secure routing and switching so need to check what are the wrong aswer in your file..
@Cann, Thank you.
Great thanks to BOLO and Anton for your time and love , I got it yesterday with 98x.. I had problem with the Sim Portal and couldn´t expand the panel but i just selected the answers in other not to waste time. Have a blessed day
@Anton : I have Anubis, Yuoki, Coachgreece files.
Is Anton’s files different ? Can anyone please share it ? Appearing for exam on this 16th.
got 89*. Thank you Brian for telling me about FREE dumps at mycertexam.com. I got a pdf file with Coachgreece and Prepaway’s dumps in single pdf file. Almost questions were from that pdf.
@Caan – thanks for your feedback, did you actually study Youki or Anubis or just Anton pdf?
Also, I will share another version of my PDF with you guys later on today with corrected answers for PassLeader’s questions (currently marked as not verified) – I have the answers from Youki and these appear to be correct.
Can i got this valid PDF file ?
{email not allowed}
From Youki’s PDF
QUESTION 105
Which option is the most effective placement of an IPS device within the infrastructure?
A. Inline, behind the internet router and firewall
B. Inline, before the internet router and firewall
C. Promiscuously, after the Internet router and before the firewall
D. Promiscuously, before the Internet router and the firewall
Correct Answer: A
So my understanding always was that the traffic going to the IPS should already be filtered by the firewall (L3/L4) so I would place it “behind” the firewall looking from the outside (attacker traffic flow) or “before” the firewall by looking from my/administrator point of view.
What is the rule here? Are you looking by sitting inside of the network you need to secure (in that case it would be answer B) or as the traffic flows – Attacker/Hacker –> Firewall –> Your_Network?
@Anton
well I guess that having the question mentioned “within the infrastructure”, most probably the point of view would be from the inside. Which in this case would set A as the correct answer.
@Faber – thanks for your comment. Are you saying the attacker’s traffic should hit the IPS first (answer “A” – behind the firewall by looking from inside) go through all the signature/policy/anomaly/reputation-checks, etc and then hit the firewall?
@Anton,
nope…I meant the traffic hits first the Internet router, then the FW and then the IPS.
If we are the admin, we sits within the infrastructure and we see the traffic coming from the outside hitting the router…then the FW and then the IPS. That is why I would go for A
ahem…In this case it would make B more sense ;-)
…Most probably this is another stupid trick from Cisco…trying to make an easy answer complicated due to the “guessing”
@Faber – LoL, that’s what I’m saying – confusing – I would also go for “B”
I don’t think this question appeared anytime recently but I just wanted to clarify how the others see that and if there is a golden rule to follow.
However (last but not least), given the device sequence within the answers (…the internet router and firewall), it seems the traffic hits the firewall as SECOND device, this would change the perspective and then the IPS would sits automatically BEHIND.
Which would select A
doesn’t seem to be a golden rule here…ahahaha
@Anton.
do you have your corrected pdf already ?
As per recent updates, only 2 LAB/SIM questions are appearing.
1) SIM with clientless VPN ASDM
2) LAB to configure NAT & ACL to a). allow HTTP access from outside to DMZ and b). To allow ping to internet from inside.
Any other LAB/SIM seen in Exam ? or which we need to prepare for ?
Please let me know .. I am taking exam on coming Thursday..
Q03 Which attack can be prevented by OSPF authentication?
A. smurf attack
B. IP spoofing attack
C. buffer overflow attack
D. denial of service attack
plz help
D – Denial of Service attack
@Faber – yes, there you go (not too many changer tho – just verified/changed some answers for the 2018 PassLeader questions [Not Verified]) – remove spaces from the link
drive.google.com / open?id = 18rz9mqGx0r1qMRFOcnfzN54CQ3pc9OgU
@Sami
Q03 Which attack can be prevented by OSPF authentication?
A. smurf attack
B. IP spoofing attack
C. buffer overflow attack
D. denial of service attack
Answer: D
@DPatel – the LAB ASA Question you are referring to (to configure static NAT from outside to server in DMZ) hasn’t been seen for a while now – only SIM with clientless VPN and 4x questions
@anton – hope the study is going well I am getting there 2 weeks to go!
@faber i agree with A also
QUESTION 105
Which option is the most effective placement of an IPS device within the infrastructure?
A. Inline, behind the internet router and firewall
B. Inline, before the internet router and firewall
C. Promiscuously, after the Internet router and before the firewall
D. Promiscuously, before the Internet router and the firewall
Correct Answer: A
everything is the customer network is behind the ce router. even if your are within the customer network you are behind. ‘A’ for sure is the answer. Before always implies infront of the ce router in which case it would be between the ce router and isp nte which would never work.
@Anton
Perfect…will have a look and let you know ;-)
@Bolo
I need to verify July 2018, Oct 2018 and May 2019 questions from PL. I have confirmed most of the questions from them with your answers.
Are there other wrong questions in them?
@anton
I am new to this, so your pdf has few questions and it jumps to question no 300, it has total 36 pages, is these all we need to review?
@pluto – welcome to the forum, some people say it is enough, some say it is good to study Youki PDF too.
@Travis – are you saying we should always look from the Internet side? Isn’t the point-of-view dependent on where you sit?
That’s what I found online
Outside zone: When you deploy the IPS on the outside of the firewall, the IPS
may catch attacks and attempts before they even hit the firewall. This way, you can
detect new attacks or trends and provide additional data for correlating with the
other sensor. However, you will probably get many false positives. The reason is that
you usually tune IPS in such deployments to be very sensitive to detect unwanted
traffic. Because there will probably be many false positives, IPS is usually not used
to prevent attacks.
Inside zone: When you deploy the IPS on the inside of the firewall, the IPS will
detect attacks that pass the firewall from outside to inside. This implementation also
prevents suspicious traffic from leaving your network. The inside of the firewall is
the typical location of the IPS. Because only the traffic that the firewall permits is
inspected, you will probably receive fewer false positives.
That explains where to deploy the IPS/IDS but isn’t really clear on “before/behind” terms.
Should I now go by feelings, I would go for A…as what drives me is the direction of the traffic as seen from within the infrastructure…incoming traffic seen by the administrator…so first the router, then the firewall and behind the IPS
@Anton,
I reviewed your dump…all ok correct to my understanding…
EXCEPT question 450 about the OSPF authentication:
Correct answer seems to be B
– keychain authentication would not be used here …this is on ospfv2 with command interface
# ip ospf authentication key-chain CISCOPASS
Since the passwords are CISCOPASS and…C1SCOPASS, the message digest will be different
The two routers will not be able to auth each other.
However the command #ip ospf message-digest enables the OSPF auth at the interface level
Guess that Bolo was correct
@Anton : Thank you :)
@Faber : which dump/file are you referring to ?
What would be best suitable answer of below ? According to Anubis > Its A. , But I think it should be either B or C.
Q.How would you verify that TACACS+ is working ?
A.SSH to the device and login prompt appears
B.login to device using enable password
C.login to device using ACS password
D.console the device using something