Share your CCNA Security Experience
November 5th, 2015
Go to comments
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…
Become a member to practice all the questions on our site!
@Patel…the latest Anton file above
@vengean
IIRC I reviewed and corrected Oct/Nov 2019 PL dumps. There is no need to do more. Anton did a great job to compile few recent months of work here in one file, just use it and thank him.
@Anton&Faber
Behind the router/fw etc. is always inside the local network. LANs are behind stuff, not WANs. So A is the correct answer for that question, as travis said.
@DPatel
Not A, and not B for the same reason. Without seeing the D, C is the most correct answer. ACS used RADIUS and TACACS. And since RADIUS is for network access and TACACS for device access, C is the most correct answer among those you posted.
@Faber : thanks..got it.
@Bolo: Really appreciate your revert… Thanks a lot!!
@Anton: Great compilation…Really helpful..Thanks :)
Anyone appeared for 210-260 today or during past few days ?
Please provide your inputs for the exam.
@Fabber – with regards to Q450 – why would the correct answer be “B” again?
@Bolo – thank you for clarifying – all makes sense now – with regards to the document, I just merged all you hard work so massive Thank You for all you have done to everyone here.
@Anton
For me yes…B is correct when the passwords are CISCOPASS and C1SCOPASS
If passwords are CISCOPASS on both routers config
Then D is correct
@Faber
Bolo has answered this question on page 255. If the keys are the same ‘CISCOPASS’ the correct answer is B, If not ‘C1SCOPASS and CISCOPASS’ the correct answer is C.
@Faber – so just for me to understand this better – are you saying the exhibit configuration is showing us that we are configuring OSPFv3 but the key-chain is actually reserved for OSPFv2 hence it can not be answer “C” but it should actually be “B”? Even tho the password does not match on both routers, the configuration will still enable the authentication?
Pasting here below the page 255.
What I said to comment Anton’s dump was to state that Bolo was correct.
Q450 Refer to the exhibit. What is the effect of the given configuration?
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router1(config-if)#ip ospf authentication message-digest
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router2(config-if)#ip ospf authentication message-digest
A. The two routers receive normal updates from one another.
B. It enables authentication.
C. It prevents keycham authentication.
D. The two devices are able to pass the message digest to one another.
Answer: D
Is the answer “D” the correct one?
Bolo
December 29th, 2019
@Anton
In this case, yes – D is correct. There is another version of this question, where keys are different: C1SCOPASS and CISCOPASS. For that other version answer C is the correct one.
And afterwards
Bolo
December 29th, 2019
@Anton
Hmm, after a second look, maybe it should be answer B: It enables authentication.
C option state keycham…which is as such not correct.
Keychain would be ok….but to have C as a valid option it should be written just “key”
Wording is confusing me
@Faber – there is only one version of this question and it is the one with 2x different passwords (CISCOPASS & C1SCOPASS) – the second version I have created by mistake when retyping the commands as I didn’t see there was “1” instead of “I”.
i need help for choice questions. all its corrects ?
@bolo
@anton
full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible
explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection
Answer: D
Q395 What is the primary purpose of the Integrated Services Routers (ISR) in the BYOD solution?
A. Provide connectivity in the home office environment back to the corporate campus
B. Provide WAN and Internet access for users on the corporate campus
C. Enforce firewall-type filtering in the data centre
D. Provide connectivity for the mobile phone environment back to the corporate campus
Answer: A
Q396 Which is not a function of mobile device management (MDM)?
A. Enforce strong passwords on BYOD devices
B. Deploy software updates to BYOD devices
C. Remotely wipe data from BYOD devices
D. Enforce data encryption requirements on BYOD devices
Answer: B
Q397 The purpose of the certificate authority (CA) is to ensure what?
A. BYOD endpoints are posture checked
B. BYOD endpoints belong to the organization
C. BYOD endpoints have no malware installed
D. BYOD users exist in the corporate LDAP directory
Answer: B
Q398 The purpose of the RSA SecureID server/application is to provide what?
A. Authentication, authorization, accounting (AAA) functions
B. One-time password (OTP) capabilities
C. 802.1X enforcement
D. VPN access
Answer: B
Q399 What does ASA Transparent mode support?
A. It supports OSPF.
B. It supports the use dynamic NAT.
C. IP for each interface.
D. Requires a management IP address.
Answer: B
Q400 What will happen with traffic if zone-pair created, but policy did not applied?
A. All traffic will be dropped.
B. All traffic will be passed with logging.
C. All traffic will be passed without logging.
D. All traffic will be inspected.
Answer: A
Q401 Which Cisco IOS device support firewall, antispyware, anti-phishing, protection, etc.?
A. Cisco IOS router
B. Cisco 4100 IOS IPS appliance
C. Cisco 5500 series ASA
D. Cisco 5500x next generation ASA
Answer: D
Q402 What configurations are under crypto map? (Choose two)
A. set peer
B. set host
C. set transform-set
D. interface
Answer: A, C
Q403 Which two options are Private-VLAN secondary VLAN types? (Choose two)
A. Isolated
B. Secured
C. Community
D. Common
E. Segregated
Answer: A, C
Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: A, B
Q405 What protocol provides CIA?
A. HA
B. ESP
C. IKEV1
D. IKEV2
Answer: B
@Anton
So to cut it short and fugue any misunderstanding…
Being the password different (CISCOPASS AND C1SCOPASS)
The correct answer would be ???
C – it prevents keycham authentication
???
And what would be the meaning of the word keycham ( or keychain in other dump versions) here?
Since it doesn’t make sense?
@sam
all ok but we are ignoring Q404 as it is not a valid Q but its probably B,C again
guys – anyone taken the exam in the past few days – any new Q’s appearing?
@Faber – it is “keychain” not “keycham” – it is a typo, but now you made me thinking. Cisco will always try to trick you and the password typo is quite obvious (even tho I couldn’t spot it) so everyone would go for C – “prevents keychain authentication”. From the scores the other candidates were sharing on the forum I can see there is definitely at least one question with a wrong answer from “Secure Routing & Switching” section therefore it could be the one…
@Anton
And that’s why my doubt :
The keychain authentication is used only in ospf v2…but the authentication sequence differs pretty much from ospf v1…( which is the case of the question).
So as per the exhibit, the authentication does not occur since the passwords are different.
BUT
The routers do send the messagedigest to each other ? In theory yes even will be different …answer D
Does the config enable authentication ? Yes since the # ip ospf authentication message-digest cmd enables ospf auth….answer B
What is the best choice ?
@Anton is the connectionless vpn sim with 4 question the sim included on your pdf file? The one with ASDM? Thank you. KEEP UP THE GOOD WORK
At the end of February, Cisco exams will change, the exam difficulty will become unpredictable, and it will be difficult to obtain a stable test dump in a short period of time. The dump is stable at the moment and will ensure you pass the exam quickly. Now is the last chance to pass the exam easily.As we all know, the sooner you get certified, the more valuable
This is a URL that can help you↓↓↓
forums.delphiforums.com/happy2020/messages/1/1
@Anton & @Faber:
What is the final answer to below ?
Q450 Refer to the exhibit. What is the effect of the given configuration?
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
Router1(config-if)#ip ospf authentication message-digest
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router2(config-if)#ip ospf authentication message-digest
A. The two routers receive normal updates from one another.
B. It enables authentication.
C. It prevents keycham authentication.
D. The two devices are able to pass the message digest to one another.
Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: A, B
Q405 What prouktocol provides CIA?
A. HA
B. ESP
C. IKEV1
D. IKEV2
Answer: B
@DPatel C. It prevents keychain authentication. look at the key string, they should be the same (C1SCOPASS and CISCOPASS)
@anonymous Q405 B. ESP refer to wikipedia’s definition of ESP
Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin authenticity through source authentication , data integrity through hash functions and confidentiality through encryption protection for IP packets
@Anton @Bolo Please help me with these questions cos I’m a little bit confused
1, Which attack can be prevented by OSPF authentication?
A. smurf attack
B. IP spoofing attack
C. buffer overflow attack
D. denial of service attack
Answer: B or D
2, What are two feature of transparent firewall mode
A. Enabled by default
B. Allow more connections than routed firewall
C. An attacker not see this type of firewall
D. Acts as a network hop in the network
E. Cisco ASA with this feature can route packets
Answer: B C
3, Which action does standard antivirus software perform as part of the file‐analysis process?
A. execute the file in a simulated environment to examine its behavior
B. examine the execution instructions in the file
C. flag the unexamined file as a potential threat
D. create a backup copy of the file
Answer: A or B
4, Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. enabling BPDU guard on all access ports
C. using switchport trunk native vlan 10 command on trunk ports
D. using switchport nonegotiate command on dynamic desirable ports
E. applying ACL between VLANs
F: using switchport mode access command on all host ports
Answer: AB or AF
5, Which type of VLANs can communicate to PVLANs? (choose 2)
A. promiscuous
B. isolated
C. community
D. backup
E. secondary
Answer: AB or BC
@SUPPY: thanks for the input…
Passed 210-260 today…Secure routing & switching 92 %…rest all 100 %…
All dumps were from Anton’s compilation file…. No new dumps…
CAUTION : The SIM was CLIENTLESS SSL VPN (ASDM) with 4 questions…The GUI did not present Menu to verify the configuration !!…But repeated preparation saved me.
Just want to add reg below Qustion,
Q450 Refer to the exhibit. What is the effect of the given configuration?
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
Router1(config-if)#ip ospf authentication message-digest
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router2(config-if)#ip ospf authentication message-digest
A. The two routers receive normal updates from one another.
B. It enables authentication.
C. It prevents keycham authentication.
D. The two devices are able to pass the message digest to one another.
I selected D, but seems its not correct.
=========================================
Once again thanks a lot for all your contribution to this blog…@BOLO,@Anton and all other active contributor..
@Dpatel congratulations. The SIM was CLIENTLESS SSL VPN (ASDM) is that the sim included in Anton’s pdf file? im having a hard time looking for sim or lab that is included in the exam, i only saw sim with 4 questions and is related to asdm
@DPatel Where did you get SIM was CLIENTLESS SSL VPN (ASDM) with 4 questions?
@Dpatel, Q450 showed different message digest key, indicating A and D to be incorrect, i would answer C since due to the mismatch but im thinking of B as well as both routers enable authentication through the command ip ospf authentication message-digest
dears,
How to register for exam?
@Suppy :the SIM is in Anton’s compilation file.
@Faber – thanks!
@DPatel – congrats and thanks for sharing your experience!
Q450 Refer to the exhibit. What is the effect of the given configuration?
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
Router1(config-if)#ip ospf authentication message-digest
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router2(config-if)#ip ospf authentication message-digest
A. The two routers receive normal updates from one another.
B. It enables authentication.
C. It prevents keychain authentication.
D. The two devices are able to pass the message digest to one another.
Answer: B – I’m pretty sure now this is the correct answer
Hi all,
Passed my exam today! Every single question was from Anton’s PDF – don’t waste your time with Youki.
The ASA SIM does work but you need to scroll down to see all the tabs within the Configuration Menu – spent few good seconds trying to figure that out.
Massive thanks to @Anton & @Bolo – you guys are great!!!
@DPatel
Grats. Your score is what I’d expect everyone on this forum to get ;). That secure routing&switching question is escaping me (maybe it’s the TACACS-enable question or the one below).
For the CISCOPASS question, after a third look :P – I’d still go for B. Here’s why:
A. No, there is nothing in the exhibit to say that routers exchange anything at all.
B. Yes, that’s definitely what this configuration does.
C. No, because it doesn’t prevent key-chain authentication. You can configure key-chain if you want, and actually configuring key-chain for OSPF (if software version permits) will invalidate all and any keys configured before.
D. No, because we don’t know enough. Are they even on the same network? And different key value does not prevent exchanging digests – it only prevents authenticating them, but both ends still receive the packet.
You are configuring a site-to-site tunnel between two cisco routers by using IPsec. Which option
do you set to specify the peer to which you want to connect?
A. IP address by using a crypto map
B. IP address of tunnel destination
C. Tunnel group that has a peer P address
D. IP address as part of the ISAKMP configuration
what’s the correct answer?
@Anonymous – thanks for sharing!
@Bolo – my bad – my impression was you voted for “C” – will correct this in the dump as it should be “B”
@Tutors – A
@Anton
We talked about this question, someone even posted it on this page. Originally I thought C, but then “had a second thought” about B. And thinking about it today, B seems the be the only correct answer.
Small detail anyway ;) – at this stage, your file is enough for 980+ scores – should be enough for anyone.
@bolo and @Anton can someone please share the latest dump. i am hoping to take the test before the new exams comes in place
@anton @feber
Could you please share .vce file for the dumps.
Which component of a security zone firewall policy defines how traffic is handled?
A. ACL
B. Service Policy
C. Policy map
D. Class map
Which one is the correct answer cos I’m confused, anyone please help me.
Right Bolo😉
Correct answer is B…definitely 😎
Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
A. SNMPv3 is secure because you can configure authentication and privacy.
B. SNMPv3 is a Cisco proprietary protocol.
C. SNMPv2 is secure because you can configure authentication and privacy.
D. SNMPv2 is insecure because it sends information in clear text.
E. SNMPv3 is insecure because it sends information in clear text.
Answer A,D
Is A a correct answer ?
@Bolo – yes we did – will get that updated.
@Mike – scroll up – I shared the link on this or previous page
@Anonymous – C. Policy Map
@tutors – yes, it is, hence v3 is secure.
@Travis thank you
@dpatel – great news well done
@anonymous – thanks for update
@anton / @bolo – again thanks for the clarification – i suppose we cannot assume anything!
@sam – no problems
Hi all,
I failed the exam today :(
I’m thinking of taking the exam again in a week.
Do the exam questions change ??
When should I take the exam again??
What is the period of change of exams?
And on which page are Anton’s files? I will confirm with my files.
Thanks to everyone..
What is the range of privilege levels ? (I’m not sure about the full text.)
0-15 ( I think that’s the answer. )
1-15 ( I’ve marked it in the exam)
0-16
1-16
1-14
0-14
I think this question does not have dumps.
There is another question as well. I think your answer is right the 0-15
What are two default Cisco IOS privilege levels? (Choose two.)
A. 0
B. 1
C. 5
D. 7
E. 10
F. 15
Correct Answer: BF
With regards to Q450
It is B, because “Keychain” is used for EIGRP and RIP, not OSPF.
“Key” is used for OSPF.
The command enables authentication, but is not successful, or allow a neighbor relationship to form due to the non-matching keys.
@EndUsers,
Question 450 of which file?
This is a website ↓↓↓
forums.delphiforums.com/happy2020/messages/1/1
yesterday i passed my exam.
thanks to anton, bolo & all who helped me & others
all 67 questions (65 question, 1 simlet & 1 drag & drop) came from anton last file.
thank you again,
@EndUser
Cryptographic authentication for OSPFv2 (key chains) was introduced in 2013.
@sami
Congrats!
@CJ yeah I agree with u..
I said 1-15 because of this question. It’s a confusing Q. By the way, I got 85X from yesterday’s test. I’m very upset. I’ll take the exam. I hope the questions don’t change.
D&D Port Security, Restrict, Shutdown, shutdown vlan
Sim same dump
65 Q in coach yako anubis(MCQ)
Already youki and anubis 384 the same until the question. There are some wrong questions in the Passleader. I think I already failed the test because of the passleader.
can any one tell me, why didn’t i receive any email from cisco about passing my exam ?
yesterday i took my exam
Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
A. SNMPv3 is secure because you can configure authentication and privacy.
B. SNMPv3 is a Cisco proprietary protocol.
C. SNMPv2 is secur ;kLe because you can configure authentication and privacy.
D. SNMPv2 is insecure because it sends information in clear text.
E. SNMPv3 is insecure because it sends information in clear text.
Answer A,D
Is A a correct answer ?
@sami
Because, as it says on your score report, it can take up to 10 days for Cisco to confirm your certification. Usually it’s 2-3 days.
I failed as well becuase of passleader
the drag and drop
isnt it the answer shutdown shutdown vlan, restrict, protect?
yes it is storm thats what i have
thanks @bolo
@Storm
Sorry to hear about the fail. All the material you need to pass is in Anton’s file. And I do hope that you are actually learning the definitions of restrict, protect etc. There is no guarantee about the order of answers for any question. You need to learn the actual answer, not the order/letter that appears in the dumps.
@Bob
can you put the link back on here for Anton’s file please
also what is the answer to this one
which network topology describes multiple lans in a geographically limited area
can
soho
pan
man
I think its can but seen some that have it down as man?
Thank you @Bolo and @CJ
I hope I pass the exam a second time.
By the way … Someone wrote a fake message here using my name. :)
I did the Drag & Drops question right.
Let me answer him. And get a fix.
Yeah @2ndStorm
The Drag & Drop question was “Protect, restrict, shutdown, shutdown vlan”. “Port security” was wrong. Actually “Protect”.
Good work for everyone :)
@CJ – it is CAN – Campus Are Network
drive.google.com / open?id = 18rz9mqGx0r1qMRFOcnfzN54CQ3pc9OgU
And remember to update this answer in the PDF as I didn’t have time to get it done yet
Q450 Refer to the exhibit. What is the effect of the given configuration?
###########################################################
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
Router1(config-if)#ip ospf authentication message-digest
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
Router2(config-if)#ip ospf authentication message-digest
###########################################################
A. The two routers receive normal updates from one another.
B. It enables authentication.
C. It prevents keycham authentication.
D. The two devices are able to pass the message digest to one another.
Answer: B
@storm sorry to hear that – tell me, what is the pass mark on this one?
@CJ
What are two default Cisco IOS privilege levels? (Choose two.)
A. 0
B. 1
C. 5
D. 7
E. 10
F. 15
Correct Answer: BF
is this a correct/full Q as there are 3 default levels 0 (zero level only 5 cmds) 1 (user level) 15 (privileged level)
@travis
You are right, the question must be wrong.
@Sami, what did you use to study?
@Anton, did you take your exam?
@Bolo thanks for your replies.
@Storm, read Anton file .
I Got this question on my test today.
from memory it didn’t say choose two. I did put B and F
@Storm
@Anton
do you have a vce for this instead of a pdf?
@ CJ
ok maybe we can choose any of 0, 1, or 15 then… in which case you should have been marked correct!
if Q is ‘what are two’ and not ‘what are the two’ i suppose we can choose any 2 of the 3 then.
@ Storm
@ CJ
@ Anonymous
@ DPatel
Do any of you remember the below Q on latest exam and what did you answer if so?
Which two feature do CoPP and CPPr use to protect the control plane? (choose two)
A. QoS
B. Traffic Classification
C. Access Lists
D. Policy Maps
E. Class Maps
F. Cisco Express Forwarding (CEF)
@travis thank u, and I found something like this in the Cisco library.
“ Sets the privilege level for a command.
• For mode, enter configure for global configuration mode, exec for EXEC mode, interface for interface configuration mode, or line for line configuration mode.
• For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges. Level 15 is the level of access permitted by the enable password.
• For command, specify the command to which you want to restrict access.“
I think the question in the dump may be wrong. and Cisco may have corrected the question. because my exam was asked for the “Level Range”.
For level, the range is from 0 to 15.
Is there a VCE of the Anton file?
Asking for a friend. :-)
@travis
I answered that today as A & B from memory.
@ storm
thanks for doing some digging into this cisco and there wording :(
@Anton many thanks.. I have read your file now. This exam is now okay …
with respect, good work.
@Bolo, @Anton and all friends
thank you so much
Not anonymous, I’m Storm :)
Hi i passed the exam 960 score.
I only studied the material of Anton.
@anton Many thanks
HI Guys! I am new here on the forum and I have doubts regarding the following questions. could someone help me please?
Which two statements about hardware-based encryption are true? (Choose two)
A. It is potentially easier to compromise than software-based encryption.
B. It can be implemented without impacting performance.
C. It is widely accessible.
D. It is highly cost effective.
E. It requires minimal configuration.
BD or DE ?
What are two major considerations when choosing between a SPAN and a TAP when implementing IPS? (Choose two)
A. the amount of bandwidth available
B. the way in which dropped packets will be handled
C. the type of analysis the IPS will perform
D. whether RX and TX signals will use separate ports
E. the way in which media errors will be handled
AC or CD
How can you prevent NAT rules from sending traffic to incorrect interfaces?
A. Configure twice NAT instead of object NAT.
B. Add the no-proxy-arp command to the nat line.
C. Assign the output interface in the NAT statement.
D. Use packet-tracer rules to reroute misrouted NAT entries
C ?
Thanks
Hi all all questions are corrects ?
@Bolo
@Anton
thank you very much for help
Q391 What are characteristics of the Radius Protocol? (Choose two.)
A. Uses TCP port 49
B. Uses UDP Port 49
C. Uses TCP 1812/1813
D. Uses UDP 1812/1813
E. Combines authentication and authorization
Answer: D, E
Q392 Which command is to make sure that AAA Authentication is configured and to make sure that
user can access the exec level to configure?
A. AAA authentication enable default local
B. AAA authentication enable local
C. AAA authentication enable tacacs+ default
Answer: A
Q393 Which primary security attributes can be achieved by BYOD Architecture?
A. Trusted enterprise network
B. public wireless network
C. checking compliance with policy
D. pushing patches
Answer: A, C
Q394 A user reports difficulties accessing certain external web pages, when examining traffic to and
from the external domain in full packet captures, you notice many SYNs that have the same sequence
number, source, and destination IP address, but have different payloads. Which problem is a possible
explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection
Answer: D
Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
A. SNMPv3 is secure because you can configure authentication and privacy.
B. SNMPv3 is a Cisco proprietary protocol.
C. SNMPv2 is secure because you can configure authentication and privacy.
D. SNMPv2 is insecure because it sends information in clear text.
E. SNMPv3 is insecure because it sends information in clear text.
Answer: A, D
Q 441 Which two are valid types of VLANs using PVLANs? (Choose two)
A. Backup VLAN
B. Secondary VLAN
C. Promiscuous VLAN
D. Community VLAN
E. Isolated VLAN
Answer: D, E
Q443 Which security principle has been violated if data is altered in an unauthorized manner?
A. accountability
B. availability
C. confidentiality
D. integrity
Answer: D
Q444 Which two actions can a zone-based firewall apply to a packet as it transits a zone pair?
(Choose two)
A. drop
B. inspect
C. queue
D. quarantine
E. block
Answer: A, B
Q445 Which information can you display by executing the show crypto ipsec sa command?
A. proxy information for the connection between two peers
B. IPsec SAs established between two peers
C. recent changes to the IP address of a peer router
D. ISAKMP SAs that are established between two peers
Answer: B
Q446 Which command can you enter to configure OSPF to use hashing to authenticate routing
updates?
A. ip ospf authentication message-digest
B. ip ospf priority 1
C. neighbor 192.168.0.112 cost md5
D. ip ospf authentication-key
Answer: A
Q447 How is management traffic isolated on a Cisco ASR 1002?
A. Traffic is isolated based upon how you configure routing on the device.
B. There is no management traffic isolation on a Cisco ASR 1002.
C. The management interface is configured in a special VRF that provides traffic isolation from the
default routing table.
D. Traffic isolation is done on the VLAN level.
Answer: C
Q448 Which statement about traffic inspection using the Cisco Modular Policy Framework on the ASA
is true?
A. HTTP inspection is supported with Cloud Web Security inspection.
B. QoS policing and QoS pnonty queuing can be configured for the same traffic.
C. ASA with FirePOWER supports HTTP inspection.
D. Traffic can be sent to multiple modules for inspection.
Answer: A
Q449 Which feature can help a router or switch maintain packet forwarding and protocol states
despite an attack or heavy traffic load on the router or switch?
A. Control Plane Policing
B. Policy Map
C. Service Policy
D. Cisco Express Forwarding
Answer: A
@Anton, could you share your file please?
Q496 Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?
(Choose two)
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. using switchport trunk native vlan 10 command on trunk ports
C: using switchport mcdvode access command on all host ports
D. enabling BPDU guard on all access ports
E. using switchport nonegotijate command on dynamic desirable ports
F. applying ACL between VLANs
Answer: A, C
Guys, in Antons file, are all the answers correct? (ones marked not verified) ? And which sims/labs are coming in the exam
@ storm – thanks
guys all Q’s verified on antons file a few pages back for discussions and file like just search these pages
@geo
BE
AC
yes – C
@sam I would go with all apart from
Q446 – C
@ob
yes antons file is good – search back for all discussions on it
Guys I can’t see discussion on this one…
Which two attack types can be prevented with Cisco IPS solution? (choose two)
A. DDOS
B. Man in the Middle
C. Worms
D. ARP Spoofing
E. VLAN Hopping
To me A B C D are all attacks that an IPS can prevent.
Hi
can you please share dumps link please ?
@ need help
just go back through the forum pages for links – also very useful info on how answers are corrected last few pages
Took the test. Failed with a 768. Same sim. 67 questions. Going back to read all drops. Maybe I didn’t read enough of youki and anubis.
@ annoymous
Which two attack types can be prevented with Cisco IPS solution? (choose two)
A,C
Where are these questions in the high 400s coming from? Highest I have is 409 youki 5/24.
@longreaderhere
sorry to hear you failed it – were the Q’s new or familiar ? was the sim the same.. did you pass that?
anton posted a link to a file a page or 2 back with corrected answers from a mix of dumps. these have been thoroughly discussed on the fourm here with bolo and some others prior to posting it’s very good. check back through the last few pages of this forum
Hey guys,
v1.3 in the link below (unfortunately there is no VCE version of this PDF file)
drive . google . com / open?id = 131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58
Past the test today and manage to answer all the questions faultlessly (1000/1000) proving the answer for Q450 is “B”.
Massive thanks to Bolo for your patience and thanks to everyone who shared their experience.
I can confirm all the Qs where from Anton’s file (I have marked all the Qs which appeared in my test today with a star (*) in v1.3).
Thanks & Good luck!!!
Hi guys, anyone going for Palo Alto certifications?
@travis My fault totally. I wasn’t keeping up with the posts here in the last couple of weeks. I was relying solely on Anubis and Youki. Everything that has been posted recently @Anton, @Bolo etc are spot on. Lots of IPS related from the newer material posted. The post with the combination of prior work consolidated into 1 doc (@Anton) is worth at the least a lot of thanks. My experience today was 95% from the 400s and 500s questions, maybe one or two or 3 from the earlier questions.. anubis, youki… numbers 0 thru 200… At first I thought they gave me the wrong test… but again totally my fault.. I’ll try it again next week, confident I’ll pass.
@travis: Sorry mate…I did not receive below Q in my exam…
Which two feature do CoPP and CPPr use to protect the control plane? (choose two)
A. QoS
B. Traffic Classification
C. Access Lists
D. Policy Maps
E. Class Maps
F. Cisco Express Forwarding (CEF)
But answer should be AB
@travis : I did not get below Q in y test…
Which two feature do CoPP and CPPr use to protect the control plane? (choose two)
A. QoS
B. Traffic Classification
C. Access Lists
D. Policy Maps
E. Class Maps
F. Cisco Express Forwarding (CEF)
Do we have similar kind of blog for CCNP Security also ??
Please let me know if anyone is aware about any such platform..