Home > Share your CCNA Security Experience

Share your CCNA Security Experience

November 5th, 2015 Go to comments

Please share with us your experience after taking the CCNA Security 210-260 exam, your materials, the way you learned, your recommendations…

Comments (100) Comments
Comment pages
1 14 15 16 17 18 22 675
  1. Faber
    January 15th, 2020

    @Patel…the latest Anton file above

  2. Bolo
    January 15th, 2020

    @vengean
    IIRC I reviewed and corrected Oct/Nov 2019 PL dumps. There is no need to do more. Anton did a great job to compile few recent months of work here in one file, just use it and thank him.

    @Anton&Faber
    Behind the router/fw etc. is always inside the local network. LANs are behind stuff, not WANs. So A is the correct answer for that question, as travis said.

    @DPatel
    Not A, and not B for the same reason. Without seeing the D, C is the most correct answer. ACS used RADIUS and TACACS. And since RADIUS is for network access and TACACS for device access, C is the most correct answer among those you posted.

  3. DPatel
    January 15th, 2020

    @Faber : thanks..got it.

  4. DPatel
    January 15th, 2020

    @Bolo: Really appreciate your revert… Thanks a lot!!

    @Anton: Great compilation…Really helpful..Thanks :)

  5. DPatel
    January 15th, 2020

    Anyone appeared for 210-260 today or during past few days ?

    Please provide your inputs for the exam.

  6. Anton
    January 15th, 2020

    @Fabber – with regards to Q450 – why would the correct answer be “B” again?

  7. Anton
    January 15th, 2020

    @Bolo – thank you for clarifying – all makes sense now – with regards to the document, I just merged all you hard work so massive Thank You for all you have done to everyone here.

  8. Faber
    January 15th, 2020

    @Anton
    For me yes…B is correct when the passwords are CISCOPASS and C1SCOPASS

    If passwords are CISCOPASS on both routers config
    Then D is correct

  9. vengean
    January 15th, 2020

    @Faber

    Bolo has answered this question on page 255. If the keys are the same ‘CISCOPASS’ the correct answer is B, If not ‘C1SCOPASS and CISCOPASS’ the correct answer is C.

  10. Anton
    January 15th, 2020

    @Faber – so just for me to understand this better – are you saying the exhibit configuration is showing us that we are configuring OSPFv3 but the key-chain is actually reserved for OSPFv2 hence it can not be answer “C” but it should actually be “B”? Even tho the password does not match on both routers, the configuration will still enable the authentication?

  11. Faber
    January 15th, 2020

    Pasting here below the page 255.
    What I said to comment Anton’s dump was to state that Bolo was correct.

    Q450 Refer to the exhibit. What is the effect of the given configuration?

    Router1(config)#interface fastEthernet 0/0
    Router1(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router1(config-if)#ip ospf authentication message-digest

    Router2(config)#interface fastEthernet 0/0
    Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router2(config-if)#ip ospf authentication message-digest

    A. The two routers receive normal updates from one another.
    B. It enables authentication.
    C. It prevents keycham authentication.
    D. The two devices are able to pass the message digest to one another.
    Answer: D

    Is the answer “D” the correct one?

    Bolo

    December 29th, 2019

    @Anton

    In this case, yes – D is correct. There is another version of this question, where keys are different: C1SCOPASS and CISCOPASS. For that other version answer C is the correct one.

  12. Faber
    January 15th, 2020

    And afterwards

    Bolo

    December 29th, 2019

    @Anton

    Hmm, after a second look, maybe it should be answer B: It enables authentication.

  13. Faber
    January 15th, 2020

    C option state keycham…which is as such not correct.
    Keychain would be ok….but to have C as a valid option it should be written just “key”

  14. Faber
    January 15th, 2020

    Wording is confusing me

  15. Anton
    January 15th, 2020

    @Faber – there is only one version of this question and it is the one with 2x different passwords (CISCOPASS & C1SCOPASS) – the second version I have created by mistake when retyping the commands as I didn’t see there was “1” instead of “I”.

  16. Sam
    January 15th, 2020

    i need help for choice questions. all its corrects ?
    @bolo
    @anton

    full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible
    explanation of this situation?
    A. insufficient network resources
    B. failure of full packet capture solution
    C. misconfiguration of web filter
    D. TCP injection
    Answer: D
    Q395 What is the primary purpose of the Integrated Services Routers (ISR) in the BYOD solution?
    A. Provide connectivity in the home office environment back to the corporate campus
    B. Provide WAN and Internet access for users on the corporate campus
    C. Enforce firewall-type filtering in the data centre
    D. Provide connectivity for the mobile phone environment back to the corporate campus
    Answer: A
    Q396 Which is not a function of mobile device management (MDM)?
    A. Enforce strong passwords on BYOD devices
    B. Deploy software updates to BYOD devices
    C. Remotely wipe data from BYOD devices
    D. Enforce data encryption requirements on BYOD devices
    Answer: B
    Q397 The purpose of the certificate authority (CA) is to ensure what?
    A. BYOD endpoints are posture checked
    B. BYOD endpoints belong to the organization
    C. BYOD endpoints have no malware installed
    D. BYOD users exist in the corporate LDAP directory
    Answer: B
    Q398 The purpose of the RSA SecureID server/application is to provide what?
    A. Authentication, authorization, accounting (AAA) functions
    B. One-time password (OTP) capabilities
    C. 802.1X enforcement
    D. VPN access
    Answer: B
    Q399 What does ASA Transparent mode support?
    A. It supports OSPF.
    B. It supports the use dynamic NAT.
    C. IP for each interface.
    D. Requires a management IP address.
    Answer: B
    Q400 What will happen with traffic if zone-pair created, but policy did not applied?
    A. All traffic will be dropped.
    B. All traffic will be passed with logging.
    C. All traffic will be passed without logging.
    D. All traffic will be inspected.
    Answer: A
    Q401 Which Cisco IOS device support firewall, antispyware, anti-phishing, protection, etc.?
    A. Cisco IOS router
    B. Cisco 4100 IOS IPS appliance
    C. Cisco 5500 series ASA
    D. Cisco 5500x next generation ASA
    Answer: D
    Q402 What configurations are under crypto map? (Choose two)
    A. set peer
    B. set host
    C. set transform-set
    D. interface
    Answer: A, C
    Q403 Which two options are Private-VLAN secondary VLAN types? (Choose two)
    A. Isolated
    B. Secured
    C. Community
    D. Common
    E. Segregated
    Answer: A, C
    Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
    A. promiscuous
    B. isolated
    C. community
    D. backup
    E. secondary
    Answer: A, B
    Q405 What protocol provides CIA?
    A. HA
    B. ESP
    C. IKEV1
    D. IKEV2
    Answer: B

  17. Faber
    January 15th, 2020

    @Anton
    So to cut it short and fugue any misunderstanding…
    Being the password different (CISCOPASS AND C1SCOPASS)
    The correct answer would be ???
    C – it prevents keycham authentication
    ???

  18. Faber
    January 15th, 2020

    And what would be the meaning of the word keycham ( or keychain in other dump versions) here?
    Since it doesn’t make sense?

  19. travis
    January 15th, 2020

    @sam
    all ok but we are ignoring Q404 as it is not a valid Q but its probably B,C again

    guys – anyone taken the exam in the past few days – any new Q’s appearing?

  20. Anton
    January 15th, 2020

    @Faber – it is “keychain” not “keycham” – it is a typo, but now you made me thinking. Cisco will always try to trick you and the password typo is quite obvious (even tho I couldn’t spot it) so everyone would go for C – “prevents keychain authentication”. From the scores the other candidates were sharing on the forum I can see there is definitely at least one question with a wrong answer from “Secure Routing & Switching” section therefore it could be the one…

  21. Faber
    January 15th, 2020

    @Anton
    And that’s why my doubt :
    The keychain authentication is used only in ospf v2…but the authentication sequence differs pretty much from ospf v1…( which is the case of the question).
    So as per the exhibit, the authentication does not occur since the passwords are different.
    BUT
    The routers do send the messagedigest to each other ? In theory yes even will be different …answer D
    Does the config enable authentication ? Yes since the # ip ospf authentication message-digest cmd enables ospf auth….answer B
    What is the best choice ?

  22. Suppy
    January 15th, 2020

    @Anton is the connectionless vpn sim with 4 question the sim included on your pdf file? The one with ASDM? Thank you. KEEP UP THE GOOD WORK

  23. lclc
    January 16th, 2020

    At the end of February, Cisco exams will change, the exam difficulty will become unpredictable, and it will be difficult to obtain a stable test dump in a short period of time. The dump is stable at the moment and will ensure you pass the exam quickly. Now is the last chance to pass the exam easily.As we all know, the sooner you get certified, the more valuable
    This is a URL that can help you↓↓↓
    forums.delphiforums.com/happy2020/messages/1/1

  24. DPatel
    January 16th, 2020

    @Anton & @Faber:
    What is the final answer to below ?

    Q450 Refer to the exhibit. What is the effect of the given configuration?

    Router1(config)#interface fastEthernet 0/0
    Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
    Router1(config-if)#ip ospf authentication message-digest

    Router2(config)#interface fastEthernet 0/0
    Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router2(config-if)#ip ospf authentication message-digest

    A. The two routers receive normal updates from one another.
    B. It enables authentication.
    C. It prevents keycham authentication.
    D. The two devices are able to pass the message digest to one another.

  25. Anonymous
    January 16th, 2020

    Q404 Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two)
    A. promiscuous
    B. isolated
    C. community
    D. backup
    E. secondary
    Answer: A, B
    Q405 What prouktocol provides CIA?
    A. HA
    B. ESP
    C. IKEV1
    D. IKEV2
    Answer: B

  26. Suppy
    January 16th, 2020

    @DPatel C. It prevents keychain authentication. look at the key string, they should be the same (C1SCOPASS and CISCOPASS)

  27. Suppy
    January 16th, 2020

    @anonymous Q405 B. ESP refer to wikipedia’s definition of ESP
    Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin authenticity through source authentication , data integrity through hash functions and confidentiality through encryption protection for IP packets

  28. Anonymous
    January 16th, 2020

    @Anton @Bolo Please help me with these questions cos I’m a little bit confused

    1, Which attack can be prevented by OSPF authentication?
    A. smurf attack
    B. IP spoofing attack
    C. buffer overflow attack
    D. denial of service attack
    Answer: B or D

    2, What are two feature of transparent firewall mode
    A. Enabled by default
    B. Allow more connections than routed firewall
    C. An attacker not see this type of firewall
    D. Acts as a network hop in the network
    E. Cisco ASA with this feature can route packets
    Answer: B C

    3, Which action does standard antivirus software perform as part of the file‐analysis process?
    A. execute the file in a simulated environment to examine its behavior
    B. examine the execution instructions in the file
    C. flag the unexamined file as a potential threat
    D. create a backup copy of the file
    Answer: A or B

    4, Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?
    A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
    B. enabling BPDU guard on all access ports
    C. using switchport trunk native vlan 10 command on trunk ports
    D. using switchport nonegotiate command on dynamic desirable ports
    E. applying ACL between VLANs
    F: using switchport mode access command on all host ports
    Answer: AB or AF

    5, Which type of VLANs can communicate to PVLANs? (choose 2)
    A. promiscuous
    B. isolated
    C. community
    D. backup
    E. secondary
    Answer: AB or BC

  29. DPatel
    January 16th, 2020

    @SUPPY: thanks for the input…

    Passed 210-260 today…Secure routing & switching 92 %…rest all 100 %…

    All dumps were from Anton’s compilation file…. No new dumps…

    CAUTION : The SIM was CLIENTLESS SSL VPN (ASDM) with 4 questions…The GUI did not present Menu to verify the configuration !!…But repeated preparation saved me.

    Just want to add reg below Qustion,

    Q450 Refer to the exhibit. What is the effect of the given configuration?

    Router1(config)#interface fastEthernet 0/0
    Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
    Router1(config-if)#ip ospf authentication message-digest

    Router2(config)#interface fastEthernet 0/0
    Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router2(config-if)#ip ospf authentication message-digest

    A. The two routers receive normal updates from one another.
    B. It enables authentication.
    C. It prevents keycham authentication.
    D. The two devices are able to pass the message digest to one another.

    I selected D, but seems its not correct.

    =========================================
    Once again thanks a lot for all your contribution to this blog…@BOLO,@Anton and all other active contributor..

  30. Suppy
    January 16th, 2020

    @Dpatel congratulations. The SIM was CLIENTLESS SSL VPN (ASDM) is that the sim included in Anton’s pdf file? im having a hard time looking for sim or lab that is included in the exam, i only saw sim with 4 questions and is related to asdm

  31. Suppy
    January 16th, 2020

    @DPatel Where did you get SIM was CLIENTLESS SSL VPN (ASDM) with 4 questions?

  32. Suppy
    January 16th, 2020

    @Dpatel, Q450 showed different message digest key, indicating A and D to be incorrect, i would answer C since due to the mismatch but im thinking of B as well as both routers enable authentication through the command ip ospf authentication message-digest

  33. help
    January 16th, 2020

    dears,
    How to register for exam?

  34. Dpatel
    January 16th, 2020

    @Suppy :the SIM is in Anton’s compilation file.

  35. Anton
    January 16th, 2020

    @Faber – thanks!
    @DPatel – congrats and thanks for sharing your experience!

    Q450 Refer to the exhibit. What is the effect of the given configuration?

    Router1(config)#interface fastEthernet 0/0
    Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
    Router1(config-if)#ip ospf authentication message-digest

    Router2(config)#interface fastEthernet 0/0
    Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router2(config-if)#ip ospf authentication message-digest

    A. The two routers receive normal updates from one another.
    B. It enables authentication.
    C. It prevents keychain authentication.
    D. The two devices are able to pass the message digest to one another.
    Answer: B – I’m pretty sure now this is the correct answer

  36. Anonymous
    January 16th, 2020

    Hi all,

    Passed my exam today! Every single question was from Anton’s PDF – don’t waste your time with Youki.

    The ASA SIM does work but you need to scroll down to see all the tabs within the Configuration Menu – spent few good seconds trying to figure that out.

    Massive thanks to @Anton & @Bolo – you guys are great!!!

  37. Bolo
    January 16th, 2020

    @DPatel
    Grats. Your score is what I’d expect everyone on this forum to get ;). That secure routing&switching question is escaping me (maybe it’s the TACACS-enable question or the one below).

    For the CISCOPASS question, after a third look :P – I’d still go for B. Here’s why:
    A. No, there is nothing in the exhibit to say that routers exchange anything at all.
    B. Yes, that’s definitely what this configuration does.
    C. No, because it doesn’t prevent key-chain authentication. You can configure key-chain if you want, and actually configuring key-chain for OSPF (if software version permits) will invalidate all and any keys configured before.
    D. No, because we don’t know enough. Are they even on the same network? And different key value does not prevent exchanging digests – it only prevents authenticating them, but both ends still receive the packet.

  38. tutors
    January 16th, 2020

    You are configuring a site-to-site tunnel between two cisco routers by using IPsec. Which option
    do you set to specify the peer to which you want to connect?

    A. IP address by using a crypto map
    B. IP address of tunnel destination
    C. Tunnel group that has a peer P address
    D. IP address as part of the ISAKMP configuration

    what’s the correct answer?

  39. Anton
    January 16th, 2020

    @Anonymous – thanks for sharing!
    @Bolo – my bad – my impression was you voted for “C” – will correct this in the dump as it should be “B”
    @Tutors – A

  40. Bolo
    January 16th, 2020

    @Anton
    We talked about this question, someone even posted it on this page. Originally I thought C, but then “had a second thought” about B. And thinking about it today, B seems the be the only correct answer.
    Small detail anyway ;) – at this stage, your file is enough for 980+ scores – should be enough for anyone.

  41. Mike
    January 16th, 2020

    @bolo and @Anton can someone please share the latest dump. i am hoping to take the test before the new exams comes in place

  42. Bobby
    January 16th, 2020

    @anton @feber

    Could you please share .vce file for the dumps.

  43. Anonymous
    January 16th, 2020

    Which component of a security zone firewall policy defines how traffic is handled?
    A. ACL
    B. Service Policy
    C. Policy map
    D. Class map

    Which one is the correct answer cos I’m confused, anyone please help me.

  44. Faber
    January 16th, 2020

    Right Bolo😉
    Correct answer is B…definitely 😎

  45. tutors
    January 16th, 2020

    Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
    A. SNMPv3 is secure because you can configure authentication and privacy.
    B. SNMPv3 is a Cisco proprietary protocol.
    C. SNMPv2 is secure because you can configure authentication and privacy.
    D. SNMPv2 is insecure because it sends information in clear text.
    E. SNMPv3 is insecure because it sends information in clear text.
    Answer A,D

    Is A a correct answer ?

  46. Anton
    January 16th, 2020

    @Bolo – yes we did – will get that updated.
    @Mike – scroll up – I shared the link on this or previous page
    @Anonymous – C. Policy Map
    @tutors – yes, it is, hence v3 is secure.

  47. Sam
    January 16th, 2020

    @Travis thank you

  48. travis
    January 16th, 2020

    @dpatel – great news well done
    @anonymous – thanks for update
    @anton / @bolo – again thanks for the clarification – i suppose we cannot assume anything!
    @sam – no problems

  49. Storm
    January 16th, 2020

    Hi all,
    I failed the exam today :(
    I’m thinking of taking the exam again in a week.
    Do the exam questions change ??
    When should I take the exam again??
    What is the period of change of exams?
    And on which page are Anton’s files? I will confirm with my files.
    Thanks to everyone..

  50. Storm
    January 16th, 2020

    What is the range of privilege levels ? (I’m not sure about the full text.)
    0-15 ( I think that’s the answer. )
    1-15 ( I’ve marked it in the exam)
    0-16
    1-16
    1-14
    0-14

    I think this question does not have dumps.

  51. CJ
    January 16th, 2020

    There is another question as well. I think your answer is right the 0-15

    What are two default Cisco IOS privilege levels? (Choose two.)
    A. 0
    B. 1
    C. 5
    D. 7
    E. 10
    F. 15
    Correct Answer: BF

  52. EndUser
    January 17th, 2020

    With regards to Q450

    It is B, because “Keychain” is used for EIGRP and RIP, not OSPF.

    “Key” is used for OSPF.

    The command enables authentication, but is not successful, or allow a neighbor relationship to form due to the non-matching keys.

  53. tutors
    January 17th, 2020

    @EndUsers,

    Question 450 of which file?

  54. lili
    January 17th, 2020

    This is a website ↓↓↓
    forums.delphiforums.com/happy2020/messages/1/1

  55. sami
    January 17th, 2020

    yesterday i passed my exam.
    thanks to anton, bolo & all who helped me & others
    all 67 questions (65 question, 1 simlet & 1 drag & drop) came from anton last file.
    thank you again,

  56. Bolo
    January 17th, 2020

    @EndUser
    Cryptographic authentication for OSPFv2 (key chains) was introduced in 2013.

    @sami
    Congrats!

  57. Storm
    January 17th, 2020

    @CJ yeah I agree with u..

    I said 1-15 because of this question. It’s a confusing Q. By the way, I got 85X from yesterday’s test. I’m very upset. I’ll take the exam. I hope the questions don’t change.

    D&D Port Security, Restrict, Shutdown, shutdown vlan
    Sim same dump
    65 Q in coach yako anubis(MCQ)

    Already youki and anubis 384 the same until the question. There are some wrong questions in the Passleader. I think I already failed the test because of the passleader.

  58. sami
    January 17th, 2020

    can any one tell me, why didn’t i receive any email from cisco about passing my exam ?
    yesterday i took my exam

  59. Anonymous
    January 17th, 2020

    Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
    A. SNMPv3 is secure because you can configure authentication and privacy.
    B. SNMPv3 is a Cisco proprietary protocol.
    C. SNMPv2 is secur ;kLe because you can configure authentication and privacy.
    D. SNMPv2 is insecure because it sends information in clear text.
    E. SNMPv3 is insecure because it sends information in clear text.
    Answer A,D

    Is A a correct answer ?

  60. Bolo
    January 17th, 2020

    @sami
    Because, as it says on your score report, it can take up to 10 days for Cisco to confirm your certification. Usually it’s 2-3 days.

  61. Storm
    January 17th, 2020

    I failed as well becuase of passleader

    the drag and drop
    isnt it the answer shutdown shutdown vlan, restrict, protect?

  62. CJ
    January 17th, 2020

    yes it is storm thats what i have

  63. sami
    January 17th, 2020

    thanks @bolo

  64. Bolo
    January 17th, 2020

    @Storm
    Sorry to hear about the fail. All the material you need to pass is in Anton’s file. And I do hope that you are actually learning the definitions of restrict, protect etc. There is no guarantee about the order of answers for any question. You need to learn the actual answer, not the order/letter that appears in the dumps.

  65. CJ
    January 17th, 2020

    @Bob
    can you put the link back on here for Anton’s file please

    also what is the answer to this one
    which network topology describes multiple lans in a geographically limited area
    can
    soho
    pan
    man

    I think its can but seen some that have it down as man?

  66. Storm
    January 17th, 2020

    Thank you @Bolo and @CJ

    I hope I pass the exam a second time.

    By the way … Someone wrote a fake message here using my name. :)
    I did the Drag & Drops question right.
    Let me answer him. And get a fix.

    Yeah @2ndStorm
    The Drag & Drop question was “Protect, restrict, shutdown, shutdown vlan”. “Port security” was wrong. Actually “Protect”.

    Good work for everyone :)

  67. Anton
    January 17th, 2020

    @CJ – it is CAN – Campus Are Network

  68. Anton
    January 17th, 2020

    drive.google.com / open?id = 18rz9mqGx0r1qMRFOcnfzN54CQ3pc9OgU

    And remember to update this answer in the PDF as I didn’t have time to get it done yet

    Q450 Refer to the exhibit. What is the effect of the given configuration?
    ###########################################################
    Router1(config)#interface fastEthernet 0/0
    Router1(config-if)#ip ospf message-digest-key 1 md5 C1SCOPASS
    Router1(config-if)#ip ospf authentication message-digest

    Router2(config)#interface fastEthernet 0/0
    Router2(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Router2(config-if)#ip ospf authentication message-digest
    ###########################################################

    A. The two routers receive normal updates from one another.
    B. It enables authentication.
    C. It prevents keycham authentication.
    D. The two devices are able to pass the message digest to one another.
    Answer: B

  69. travis
    January 17th, 2020

    @storm sorry to hear that – tell me, what is the pass mark on this one?

    @CJ

    What are two default Cisco IOS privilege levels? (Choose two.)
    A. 0
    B. 1
    C. 5
    D. 7
    E. 10
    F. 15
    Correct Answer: BF

    is this a correct/full Q as there are 3 default levels 0 (zero level only 5 cmds) 1 (user level) 15 (privileged level)

  70. Bolo
    January 17th, 2020

    @travis
    You are right, the question must be wrong.

  71. tutors
    January 17th, 2020

    @Sami, what did you use to study?
    @Anton, did you take your exam?
    @Bolo thanks for your replies.
    @Storm, read Anton file .

  72. CJ
    January 17th, 2020

    I Got this question on my test today.

    from memory it didn’t say choose two. I did put B and F

  73. CJ
    January 17th, 2020

    @Storm
    @Anton

    do you have a vce for this instead of a pdf?

  74. travis
    January 17th, 2020

    @ CJ
    ok maybe we can choose any of 0, 1, or 15 then… in which case you should have been marked correct!

    if Q is ‘what are two’ and not ‘what are the two’ i suppose we can choose any 2 of the 3 then.

  75. travis
    January 17th, 2020

    @ Storm
    @ CJ
    @ Anonymous
    @ DPatel

    Do any of you remember the below Q on latest exam and what did you answer if so?

    Which two feature do CoPP and CPPr use to protect the control plane? (choose two)

    A. QoS
    B. Traffic Classification
    C. Access Lists
    D. Policy Maps
    E. Class Maps
    F. Cisco Express Forwarding (CEF)

  76. Storm
    January 17th, 2020

    @travis thank u, and I found something like this in the Cisco library.

    “ Sets the privilege level for a command.
    • For mode, enter configure for global configuration mode, exec for EXEC mode, interface for interface configuration mode, or line for line configuration mode.
    • For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges. Level 15 is the level of access permitted by the enable password.
    • For command, specify the command to which you want to restrict access.“

    I think the question in the dump may be wrong. and Cisco may have corrected the question. because my exam was asked for the “Level Range”.

    For level, the range is from 0 to 15.

  77. Wondering
    January 17th, 2020

    Is there a VCE of the Anton file?
    Asking for a friend. :-)

  78. CJ
    January 17th, 2020

    @travis

    I answered that today as A & B from memory.
    @ storm

    thanks for doing some digging into this cisco and there wording :(

  79. Anonymous
    January 17th, 2020

    @Anton many thanks.. I have read your file now. This exam is now okay …
    with respect, good work.
    @Bolo, @Anton and all friends
    thank you so much

  80. Storm
    January 17th, 2020

    Not anonymous, I’m Storm :)

  81. Albertt206
    January 17th, 2020

    Hi i passed the exam 960 score.

    I only studied the material of Anton.
    @anton Many thanks

  82. Geo
    January 17th, 2020

    HI Guys! I am new here on the forum and I have doubts regarding the following questions. could someone help me please?

    Which two statements about hardware-based encryption are true? (Choose two)

    A. It is potentially easier to compromise than software-based encryption.
    B. It can be implemented without impacting performance.
    C. It is widely accessible.
    D. It is highly cost effective.
    E. It requires minimal configuration.

    BD or DE ?

    What are two major considerations when choosing between a SPAN and a TAP when implementing IPS? (Choose two)

    A. the amount of bandwidth available
    B. the way in which dropped packets will be handled
    C. the type of analysis the IPS will perform
    D. whether RX and TX signals will use separate ports
    E. the way in which media errors will be handled

    AC or CD

    How can you prevent NAT rules from sending traffic to incorrect interfaces?

    A. Configure twice NAT instead of object NAT.
    B. Add the no-proxy-arp command to the nat line.
    C. Assign the output interface in the NAT statement.
    D. Use packet-tracer rules to reroute misrouted NAT entries

    C ?

    Thanks

  83. Sam
    January 17th, 2020

    Hi all all questions are corrects ?
    @Bolo
    @Anton

    thank you very much for help

    Q391 What are characteristics of the Radius Protocol? (Choose two.)
    A. Uses TCP port 49
    B. Uses UDP Port 49
    C. Uses TCP 1812/1813
    D. Uses UDP 1812/1813
    E. Combines authentication and authorization
    Answer: D, E
    Q392 Which command is to make sure that AAA Authentication is configured and to make sure that
    user can access the exec level to configure?
    A. AAA authentication enable default local
    B. AAA authentication enable local
    C. AAA authentication enable tacacs+ default
    Answer: A
    Q393 Which primary security attributes can be achieved by BYOD Architecture?
    A. Trusted enterprise network
    B. public wireless network
    C. checking compliance with policy
    D. pushing patches
    Answer: A, C
    Q394 A user reports difficulties accessing certain external web pages, when examining traffic to and
    from the external domain in full packet captures, you notice many SYNs that have the same sequence
    number, source, and destination IP address, but have different payloads. Which problem is a possible
    explanation of this situation?
    A. insufficient network resources
    B. failure of full packet capture solution
    C. misconfiguration of web filter
    D. TCP injection
    Answer: D

    Q440 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
    A. SNMPv3 is secure because you can configure authentication and privacy.
    B. SNMPv3 is a Cisco proprietary protocol.
    C. SNMPv2 is secure because you can configure authentication and privacy.
    D. SNMPv2 is insecure because it sends information in clear text.
    E. SNMPv3 is insecure because it sends information in clear text.
    Answer: A, D
    Q 441 Which two are valid types of VLANs using PVLANs? (Choose two)
    A. Backup VLAN
    B. Secondary VLAN
    C. Promiscuous VLAN
    D. Community VLAN
    E. Isolated VLAN
    Answer: D, E

    Q443 Which security principle has been violated if data is altered in an unauthorized manner?
    A. accountability
    B. availability
    C. confidentiality
    D. integrity
    Answer: D
    Q444 Which two actions can a zone-based firewall apply to a packet as it transits a zone pair?
    (Choose two)
    A. drop
    B. inspect
    C. queue
    D. quarantine
    E. block
    Answer: A, B
    Q445 Which information can you display by executing the show crypto ipsec sa command?
    A. proxy information for the connection between two peers
    B. IPsec SAs established between two peers
    C. recent changes to the IP address of a peer router
    D. ISAKMP SAs that are established between two peers
    Answer: B
    Q446 Which command can you enter to configure OSPF to use hashing to authenticate routing
    updates?
    A. ip ospf authentication message-digest
    B. ip ospf priority 1
    C. neighbor 192.168.0.112 cost md5
    D. ip ospf authentication-key
    Answer: A
    Q447 How is management traffic isolated on a Cisco ASR 1002?
    A. Traffic is isolated based upon how you configure routing on the device.
    B. There is no management traffic isolation on a Cisco ASR 1002.
    C. The management interface is configured in a special VRF that provides traffic isolation from the
    default routing table.
    D. Traffic isolation is done on the VLAN level.
    Answer: C
    Q448 Which statement about traffic inspection using the Cisco Modular Policy Framework on the ASA
    is true?
    A. HTTP inspection is supported with Cloud Web Security inspection.
    B. QoS policing and QoS pnonty queuing can be configured for the same traffic.
    C. ASA with FirePOWER supports HTTP inspection.
    D. Traffic can be sent to multiple modules for inspection.
    Answer: A
    Q449 Which feature can help a router or switch maintain packet forwarding and protocol states
    despite an attack or heavy traffic load on the router or switch?
    A. Control Plane Policing
    B. Policy Map
    C. Service Policy
    D. Cisco Express Forwarding
    Answer: A

  84. Geo
    January 17th, 2020

    @Anton, could you share your file please?

  85. Anonymous
    January 18th, 2020

    Q496 Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?
    (Choose two)
    A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
    B. using switchport trunk native vlan 10 command on trunk ports
    C: using switchport mcdvode access command on all host ports
    D. enabling BPDU guard on all access ports
    E. using switchport nonegotijate command on dynamic desirable ports
    F. applying ACL between VLANs
    Answer: A, C

  86. OB
    January 18th, 2020

    Guys, in Antons file, are all the answers correct? (ones marked not verified) ? And which sims/labs are coming in the exam

  87. travis
    January 18th, 2020

    @ storm – thanks

    guys all Q’s verified on antons file a few pages back for discussions and file like just search these pages

    @geo
    BE
    AC
    yes – C

    @sam I would go with all apart from
    Q446 – C

    @ob
    yes antons file is good – search back for all discussions on it

  88. annoymous
    January 18th, 2020

    Guys I can’t see discussion on this one…

    Which two attack types can be prevented with Cisco IPS solution? (choose two)

    A. DDOS
    B. Man in the Middle
    C. Worms
    D. ARP Spoofing
    E. VLAN Hopping

    To me A B C D are all attacks that an IPS can prevent.

  89. need help
    January 18th, 2020

    Hi
    can you please share dumps link please ?

  90. travis
    January 18th, 2020

    @ need help

    just go back through the forum pages for links – also very useful info on how answers are corrected last few pages

  91. longreaderhere
    January 18th, 2020

    Took the test. Failed with a 768. Same sim. 67 questions. Going back to read all drops. Maybe I didn’t read enough of youki and anubis.

  92. travis
    January 18th, 2020

    @ annoymous

    Which two attack types can be prevented with Cisco IPS solution? (choose two)

    A,C

  93. longreaderhere
    January 18th, 2020

    Where are these questions in the high 400s coming from? Highest I have is 409 youki 5/24.

  94. travis
    January 18th, 2020

    @longreaderhere
    sorry to hear you failed it – were the Q’s new or familiar ? was the sim the same.. did you pass that?

    anton posted a link to a file a page or 2 back with corrected answers from a mix of dumps. these have been thoroughly discussed on the fourm here with bolo and some others prior to posting it’s very good. check back through the last few pages of this forum

  95. Anton
    January 18th, 2020

    Hey guys,

    v1.3 in the link below (unfortunately there is no VCE version of this PDF file)

    drive . google . com / open?id = 131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58

    Past the test today and manage to answer all the questions faultlessly (1000/1000) proving the answer for Q450 is “B”.

    Massive thanks to Bolo for your patience and thanks to everyone who shared their experience.

    I can confirm all the Qs where from Anton’s file (I have marked all the Qs which appeared in my test today with a star (*) in v1.3).

    Thanks & Good luck!!!

  96. Donald
    January 18th, 2020

    Hi guys, anyone going for Palo Alto certifications?

  97. longreaderhere
    January 19th, 2020

    @travis My fault totally. I wasn’t keeping up with the posts here in the last couple of weeks. I was relying solely on Anubis and Youki. Everything that has been posted recently @Anton, @Bolo etc are spot on. Lots of IPS related from the newer material posted. The post with the combination of prior work consolidated into 1 doc (@Anton) is worth at the least a lot of thanks. My experience today was 95% from the 400s and 500s questions, maybe one or two or 3 from the earlier questions.. anubis, youki… numbers 0 thru 200… At first I thought they gave me the wrong test… but again totally my fault.. I’ll try it again next week, confident I’ll pass.

  98. DPatel
    January 19th, 2020

    @travis: Sorry mate…I did not receive below Q in my exam…

    Which two feature do CoPP and CPPr use to protect the control plane? (choose two)

    A. QoS
    B. Traffic Classification
    C. Access Lists
    D. Policy Maps
    E. Class Maps
    F. Cisco Express Forwarding (CEF)

    But answer should be AB

  99. DPatel
    January 19th, 2020

    @travis : I did not get below Q in y test…

    Which two feature do CoPP and CPPr use to protect the control plane? (choose two)

    A. QoS
    B. Traffic Classification
    C. Access Lists
    D. Policy Maps
    E. Class Maps
    F. Cisco Express Forwarding (CEF)

  100. DPatel
    January 19th, 2020

    Do we have similar kind of blog for CCNP Security also ??

    Please let me know if anyone is aware about any such platform..


  101. Note: Please do not open any suspicious links (especially short links and links that need to remove some words to open) in the comment section above as they are usually spams and may harm your computer.
Comment pages
1 14 15 16 17 18 22 675
Add a Comment