Share your CCNA Security Experience

Passed CCNA Security today with 900/1000. Anton’s file was more than enough to pass the exam. I personally only revised it for 4 days before testing today. Although there were UCS related questions as well as some S2S connection questions that weren’t on Anton’s file, still passed thanks to Bolo for all the feedbacks he provided and helping clear some confusion. Onto CCNP next….

Congratulations!

I passed my 210-260 exam with 960/1000 on 7/Feb/2020.

I study the PassLeader 210-260 questions bank, all the questions in the test is word by word as PassLeader file.

1 SIM: Connection less VPN, 4 questions as PassLeader, the same answers.
D&D : Drag and drop the each port-security violation.
1 new qustion: what is true about STP attack.

I mainly learned the PassLeader 210-260 dumps (552q NEW version), all questions are available in PassLeader.

Really helpful.

P.S.

Part of PassLeader 210-260 dumps are available here FYI:

drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg

(552q~~~NEW VERSION DUMPS Updated Recently!!!)

Good luck, all!

[copy that link and open it in your web browser]

And,

What’s more:

Part of PassLeader 210-260 IINS new questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 546
Which statement about TACACS+ is true?

A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.

Answer: C

NEW QUESTION 547
Which effect of the secure boot-image command is true?

A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.

Answer: C

NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)

A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes the actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.

Answer: BC

NEW QUESTION 549
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?

A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.

Answer: C

NEW QUESTION 550
Which 802.1x component enforces the network access policy?

A. authentication server
B. authenticator
C. RADIUS server
D. supplicant

Answer: A

NEW QUESTION 551
Drag and Drop
Drag and drop the each port-security violation mode from the left onto the corresponding action on the right.

Answer:

NEW QUESTION 552
……

Download more NEW PassLeader 210-260 dumps from Google Drive here:

drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg

(552q~~~NEW VERSION DUMPS Updated Recently!!!)

Good luck, all!

[copy that link and open it in your web browser]

Passed today 978/1000

1 SIM: Connection less VPN, 4 questions as dumps, the same answers.
D&D : Drag and drop the each port-security violation.
1 new qustion: what is true about STP attack.

Copy link and paste in your browser
zii.bz/N8ueS6

NEW QUESTION 547
Which effect of the secure boot-image command is true?

A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.

Answer: C…

Hello, all!

Passed CCNA Security 210-260 with 930 on 7/Feb/2020!

1 SIM: Clientless VPN. 1 D&D: Port-security violation.

Some of the questions are new and some are worded different.

Pay attention to UCS server related questions and S2S connection questions.

Thanks PassLeader stable 210-260 dumps, really helpful!

Good luck!

@ Bolo and team
still i didn’t receive soft copy of my certificate in mail , i passed exam on 23 Jan 2020 only i got mail from PearsonVUE Confirmation about score report available notification .
what i should do ?

@help

Go to pearson cred(cis co. pearsoncred. com) remove spaces, login your email that you used for cis co account, go to certification, you will see the Certificates you have, then click PDF Certificate. It should download your certificate.

i went as you told , i find certificate name but there is no PDF certificate

anybody can send me CCNA security latest dumps at m.jawaid at outlook.com

@all anyone planning to take the exam soon ? or took the exam today or yesterday?

@Moha I´ll take it the next week but I guess you need someone who just took it

Hi All. Can someone please clarify below question. Thanks.

Q. Drag functions on the left to the corresponding fields on the right (HIPS – Host base IPS; NIPS – Network based IPS)

(Last question in Anton’s file)

Correct answer for option “Alter an administrator” is HIPS or NIPS ?

@Arslan

Alter an Administrator is for both HIPS and NIPS (both correct answer)

@Petra
you studied passleader and they were enough ?
can you please complete the answers for the below questions, your answer may affect when i will take the exam.
1*ASDM Steps to configure NAT in the ASA.
Answer: Configuration > Firewall > NAT > Add Rule
—————————————————————————-
2*Benefits of using Cisco UCS.
*Question about UCS server, it characteristic
*UCS Advantages (2 options among 5) – http s:// www. Cisco .com /c/dam/en/us/products/collateral/servers-unified-computing/ucs-solution-overview .pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD
What I can get from the document
Industry leading BW
Consistent and low latency
lower infrastructure cost
Rack server deployment flexibility
cloud management ready
———————————————————————
3*Isakmp SA status when VPN tunnels is formed: QM_IDLE
regarding how you would set up an ike tunnel for cisco ios
isakmp_qm_ready
isakmp_idle
isakmp_qm_idle
Ans: QM_Idle for phase 1 active on ios
AM_Active/MM_Active for ASA
—————————————————————————-
4* Features of MDM.
*which are MDM two functions in BYOD.
*Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
a) something about using ISE that made sense for me…
b) Wipe data remotely
c) N/A
d) N/A
MDM features
PIN enforcement
strong password enforcement
jailbreak/root detection
data encryption
remote data wipe
DLP
secure application tunnels
———————————————————————-

5*A Question about BYOD w/ Cisco ISE
*Question about ISE
5*A Question about which device can help in compliance check for BYOD Device
A. Cisco ISE
B. N/A
C. N/A
D. N/A
ISE: While Cisco ISE provides critical policy functionality to enable the BYOD solution, it has limited awareness of device posture. For example, ISE has no awareness of whether a device has a PIN lock enforced or whether the device has been jailbroken or whether a device is encrypting data, etc. On the other hand, MDMs have such device posture awareness, but are quite limited as to network policy enforcement capacity.
Source: https:// www .cisco . com /c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_MDMs.html
————————————————
6* in which solution AMP is working:
A. ESA
B. ASA
C. AnyConect

Some say it’s implemented on ESA but for ASA you have to buy a module ?
For anyconnect it would be named AMP for endpoints I guess, so for ESA you need to turn it ON/ buy license.
Reference: https: // www. cisco. com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html
———————————————
7* Where is file reputation in cisco amp being executed
a – perimeter
b – endpoint
C – ESA
d – cloud
Ans: cloud using thread grid for unknown files/ for known files there should be a score for file reputation.
—————————————————–
8* how does an Antimalware installed on an endpoint check for a malicious file
a– file reputation
b– signature checking
c-context
d– sandboxing
Answer: B
————————————————————-
9* Difference bet radius and TACACS. The choices were diff from Anton I just chose the best answer for me.
9* Why is TACACS > RADIUS
A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypt password only in access-request packet
D. TACACS encrypt the whole access-request packet
Ans: B, D

—————————————————-
10* there were out of this world question regarding IPS that i can’t remember coz i got rattled
————————————————–
11 Something like what method to use to avoid MITM attacks:
Ans: authentication
—————————————————————————–
12 Something like what resources can we use in a S2S VPN (2 options):
What is needed to create a site to site (S2S) VPN between two Cisco IOS devices:
A. Cisco AnyConnect
B. NTP
C. TACSAS+
D. RADIUS
E. CA

answer: B, E
———————————
13. A question about NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.
Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X
You need to choose which of the following is correct based on the configuration shown.
A. use MD5 hash
B. configure to trusted NTP
C. N/A
D. N/A
answer: could be R1 is configured to a trusted NTP server, still not sure.
—————————————-

14 IPS state when failed to identify an attack
A. false positive
B. false negative
C. true positive
D. true negative

Ans: B
—————————————————
Q15 till now I’ve heard of two versions with almost the same answers
Version 1***** Refer the exhibit
# ip http server
#ip http secure-port 8080
A. enables secure http server on port 8080
B. standard https port
One of 4 choices
Indeed for a to be the right answer it should be “ip http secure-server”, if there is no command then it enables only http and set secure port for 8080

Version 2***** refer the exhibit which port the https is configured given the commands:
# ip http secure-server
# ip http secure-port 8080
these commands enables https on port 8080
A. enables secure http server on port 8080
B. standard https port

version 2 answer: A

Which command successfully creates an administrative user with a password of "cisco" on a Cisco router?
A. username Operator privilege 7 password Cisco
B. username Operator privilege 1 password Cisco
C. username Operator privilege 15 password Cisco
D. username Operator password cisco privilege 15
Answer: C

I have two questions.
– If C is correct, then Cisco (capital C) is accepted to be a typo? In fact, are typos acceptable in an exam?
– Is D possible? I was trying in simulator and I think privilege must be before password or if not, all the rest of the line will be the introduced password. Is it like that?

thanks!

@Moha
Petra etc. are just spammers. You know they didn’t pass the exam with PL dumps, ‘cos they keep spamming questions with retarded, wrong answers all the time. I corrected most recent PL questions from 2019 and they are included in Anton’s file.

@Sabonis
Typos are possible always. More likely in dumps than in exam, but who knows. Since you are reading from some dump file, maybe the typo is just limited to that file, not the exam.

password must be the last option in the command, since it allows spaces, so answer D is basically creating a user Operator with default privilege level – which is 1, and the password set to: cisco privilege 15

@Bolo
she spoke about UCS question so i thought she was someone can help
thanks for the information

Pass the exam just today.
@Bolo and @Anton, thanks for corrected questions.
And to those that help in correcting the questions.

67 questions
1 DnD on Port Security, 1 ASDM simlet
There were about 12-15 new questions. Those new above are valid but some wordings are different.
Rest of questions from Anton’s.

Hi everyone.
I need to know if there is anyone who took 300-206 exam and passed recently.

@SanQ @Bolo @Anton

Can any one please send me the valid Anton file or its link? I can’t find it. I’m planing to take the exam next week. Also need suggestion from you all to what should i study.

Thanks in advance.

@SanQ @Bolo @Anton

My email megladin @ gmail com

@SanQ: and you cannot remember anything about those new questions in the exam?

@Amin
HYG
drive.google.com/open?id=131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58

@Terry Tolan, do you have the VCE file by chance? Thanks

I’d like someone to clarify about NAT and transparent ASA mode.
It’s obvious that Pat is not an option since interfaces don’t have an ip. However, I’m lost with dynamic/static. I think both are allowed. Is there any magic in it? Or we just use one or another depending on our needs, just like we would in routed mode?

Hi all, I will take my exam soon.Who found any updates about new questions ?
@Moha. I am agree with answers.

6* in which solution AMP is working:
A. ESA
B. ASA
C. AnyConect
Answer: A (ASA is wrong answer for sure. Anyconect provide only for end points AMP. ESA must to check email for malware…)

7* Where is file reputation in cisco amp being executed
a – perimeter
b – endpoint
C – ESA
d – cloud
Ans: d (unknown file is executed in cloud)

@BTNH i think terry is a spammer for premium dumps that are not really correct
@tdn thank you for confirming, yes i guess we will stick to ESA,as ASA needs firepower and any connect have to be above version 4.1 and it’s for endpoints.

Hey guys just wanted to ask if anton’s file (specially SIM) is still valid, i will be appearing in exam on tuesday?

I passed the exam yesterday (900+).

– I studied from the v1.3 pdf file (the file link is in some comments in this space).
– ASDM VPN SIM (same questions and answers, but I could not use the interface properly on the SIM, all functions were not available so I choose directly the answer that I remembered from pdf file)
– Port Security D&D
– There are like 6-7 new questions

**I only studied from v1.3 pdf file and I passed with 900+ score

@Exam Passed
Congratulations
Can you add anything to the questions, or give us a hint on what the new questions were about ? that would be great

@Moha
I understand your nerves but you know what? Dont worry that much. If you were labbing, you read the different guides, watched the videoclasses, checked questions here… Dont worry that much and take you exam as soon as you can. I read you that “the day you would take the exam depends on these new answers”. Dont do that, lets try to do it, we will pass and end of the question. Im sure you are well prepared, we will guess correctly most of those new questions and anyway we will pass.
But of course, it would be great to be sure about those answers.

2*Benefits of using Cisco UCS.
*Question about UCS server, it characteristic
*UCS Advantages (2 options among 5) – http s:// www. Cisco .com /c/dam/en/us/products/collateral/servers-unified-computing/ucs-solution-overview .pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD
i would rather say a,b

q4 i would say ise and wipe
q13 why not A?

Hey guys, I have doubts about this question from Anton`s file I believe the answer should be ” B, D”, instead of “C, E”. Can someone confirm please? Thank you!

Which two actions can an end user take to manage a lost or stolen device in Cisco ISE?
(Choose two)
A. Activate Cisco ISE Endpoint Protection Services to quarantine the device
B. Add the MAC addresses of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device
E. Reinstate a device that the user previously marked as lost or stolen
Answer: C, E

i would still say C, E.
B,D is what “admins” can do.
question states “end user”.

Hello all

Please i am a newbie here and give me advise, whose file is enough to pass ccna security 210-260 exam? and where are the links for pdf-s?
Do i need premium account?

@Sabonis
regarding UCS question these answers are not complete, UCS offer lower cost and centeralized management also it can be managed by cloud using intersight

Q4 MDM support alot of features and in large networks the use of ISE can hel it do it’s work for scalability or capacity management

q13 for me i think the two answers available are corrct it uses MD5 and also it’s configured to trusted NTP

@tomas find anton’s file in the comments above and also look for the questions i posted

I passed score 948

you can pass confortable with file Anton.

1 SIM: Connection less VPN
D&D : Drag and drop the each port-security violation

thank you very much @Anton, @youki, @bolo, @travel and everyone.

good luck for all

follow above new questions i remember on my test

1) how does an Antimalware installed on an endpoint check for a malicious file?

A. file reputation
B. Signature checking
C. Context
D. Sandboxing

i choice B

2) Why is TACACS > RADIUS ( choice two)
A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypts password only in access-request packet
D. TACACS encrypts the whole access-request packet

i choice B and D

3) Something like what resources can we use in a S2S VPN (choice two):
A. TACACS….
B. RADIUS….
C. NTP
D. Cisco AnyConnect

i choice A and B

4) IPS state when failed to identify an attack
A. false positive
B. false negative
C. true positive
D. true negative

i choice B

4) ISAKMP SA status when VPN tunnels is formed: QM_IDLE
A. isakmp_qm_ready
B. isakmp_idle
C. isakmp_qm_idle
D.

i choice C

5) Where is File Reputation in Cisco AMP being executed?
A. Perimeter
B. Endpoint
C. ESA
D. Cloud
ANSWER: D

6 ) ASDM Steps to configure NAT in the ASA.
A. Configuration > Firewall > NAT Rules > Add
B. Configuration > Firewall > NAT Roles > Add
C.
D.

i choice A

@SAM
Congratulations, what about the UCS question and NTP ? and for the s2s VPN was there a CA option ?

Gyuz Anybody, please help with advice? is Antons 1.3 version enough to pass ? there is small amount of questions there… other pdf file?

Please answer

thank you

@tomas all i know from what people say it’s enough but i recommend that you study the questions added by me above they are not complete but they will help

can anyone send me lastest dumps i have paper beforre 23 feb ccna security 210-260
{email not allowed}
plz

@Anonymous
the link is posted in the comments above

I too the exam and passed with 966 score. If you study Anton’s file you will definitely pass the exam.

Thank you so much to Anton and to all of you beautiful people who contributed a lot in this community. I wish you all the best.

NEW QUESTIONS posted here are in the exam but I can only remember few…

1. ASDM Steps to configure NAT in the ASA.
A. Configuration > Firewall > NAT Rules > Add
B. Configuration > Firewall > NAT Roles > Add
C. Configuration > NAT Rules > Add
D. Configuration > Firewall > Add

Answer: A

2. Isakmp SA status when VPN tunnels is formed.
A. QM_IDLE
B. ISAKMP_QM_EXCH
C. ISAKMP_QM_READY
D. ISAKMP_QM_SOMETHING

Answer: A

3. Which two features of MDM in BYOD are true?
A. secure email
B. remotely wipe messages
C. remove the ability of having a SIM card on a mobile device
D. ?

I took a wild guess ;)

@fpj
Congratulation!!!!
How many new questions are coming up when you taking the exam ?

@fpj
Congratulations, good job
what was your guess ? :)

Which command is to make sure that AAA Authentication is configured and to make sure that
user can access the exec level to configure?
A. AAA authentication enable default local
B. AAA authentication enable local
C. AAA authentication enable tacacs+ default

Bolo, Can you help with this question ?
12 Something like what resources can we use in a S2S VPN (2 options):
What is needed to create a site to site (S2S) VPN between two Cisco IOS devices:
A. Cisco AnyConnect
B. NTP
C. TACSAS+
D. RADIUS
E. CA

answer: B, E

@tomasFebruary 12th, 2020
bro can you send me anton file to my id plz i have paper in few days
(network . engr03 @ gmail . com)

fpjFebruary 13th, 2020
bro can you send me anton file to my id plz i have paper in few days
(network . engr03 @ gmail . com)

@fpj
Which two features of MDM in BYOD are true?
A. secure email
B. remotely wipe messages
C. remove the ability of having a SIM card on a mobile device
D. ?

Answer: A+B
That’s without seeing more answers to pick from. Answer A depends on the MDM provider.

@asfand
A

@tdn
B+E is the answer I already discussed here.

@shady/sss
The link is on this very page, read up.

passed 960 using anton v1.3, maybe 6-7 questions not on the PDF, pretty easy to answer if you have any experience or have studied at all. this was just a renewal for me.

I passed my ccna security 960. The new questions were valid together and Anton’s file was also very relevant. These materials are more than enough to pass. Thanks all that shared experience

anyone can help me whit this question?

Which two problems can arise when a proxy firewall serves as the gateway between networks?
(Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.

En the Anton PDF the answer ist A,E, but i think that the answer is A,B, thx a lot

Passed, some of the above questions posted by Me were in
and here is the questions i remember

1. A question about NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.
Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X
You need to choose which of the following is correct based on the configuration shown.
A. use MD5 hash
B. configure R1 to trusted time source
C. configure trusted key for R1
D. configure hashing for R1
I choose configure R1 to trusted time source
2) Refer the exhibit
# ip http port 8080
#ip http secure-server
A. enables secure http server on port 8080
B. standard https port
I choose configure standard https port
3) there were out of this world question regarding IPS that i can’t remember coz i got rattled
the question asking about what IPS can do (choose two)
A) reset UDP connection
b) reset TCP connection
c) scan OS fingerprint
d) drop or block traffic inline
E) don’t remember

4)which device can do posture checking in BYOD

A) ISE
B) ASA
c) Anyconnect
d) don’t remember

5) Which two features of MDM in BYOD are true?
A. secure email
B. remotely wipe sensitive data
C. remove the ability of having a SIM card on a mobile device
d. encrypt wired connections
I went for A+B

6) benefits of using UCS (don’t remember the exact choices but I only added what I could remember)
a) Centralized monitoring and control
b) something related to lower cost
C) something about control on-premise and on the CLOUD
D) something about UCS provide unified networking, computing storage
E)something that UCS only needs storage on cloud

Anton’s file was very helpful and with the understanding of the topics of the questions you can get 950+ easy

@Moha
2) Refer the exhibit
# ip http port 8080
#ip http secure-server
A. enables secure http server on port 8080
B. standard https port

I am not sure, but A sounds better.

3) there were out of this world question regarding IPS that i can’t remember coz i got rattled
the question asking about what IPS can do (choose two)
A) reset UDP connection
b) reset TCP connection
c) scan OS fingerprint
d) drop or block traffic inline
E) don’t remember

b and d

@tdn
in order for A to be correct the command must be ip http secure-port 8080
no ip http port this is how i got the commands in my exam

@tdn
that was my answer in the exam B+D sorry i forgot to post my answers as i was very exited to help the purpose of me posting the questions is to help people study the topic so if they got a new question they should be able to answer it without a problem as the questions must cover the same topics except for the UCS question h

@Moha
Congrats!

Which two problems can arise when a proxy firewall serves as the gateway between networks?
(Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.
According to Anton’s file Answer: A, E

Which two problems can arise when a proxy firewall serves as the gateway between networks?
(Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.
According to Anton’s file Answer: A, E (But I think A&B), can someone confirm

Which two statements about an IPS in tap mode are true? (Choose two.)
A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyses the actual packets as they pass through the system.
D. It can analyse events without impacting network efficiency.
E. It is unable to drop packets in the main flow.
According to Anton’s file Answer: D, E CAN SOMEONE CONFIRM

@All,

Thank you very much for the all info.
Anton file + those 15 new questions were enough.

Passed today with 96x score.
Min. 860.

1x SIM ASDM with 4 Questions – SSL Clientless VPN.
1x DnD Port Security violation modes (PRSS).

At the beginning of the test Cisco stated, that some of the questions are not scored. (I assume those new one).
What was surprise for me, that I cannot go back to my previous questions/answers.

My new Questions:

1. Tacacs+
– encrypts body of packet
– enc. only header
– ?
– ?
Choosed 1st ans.

2. What can IPS Trigger (choose 2):
– reset UDP connection
– reset TCP connection
– scan OS fingerprint
– deny traffic inline
– ?
Choosed c,d

3. UCS Question:
– it cost less then not UCS
– Centralised, visibilty via Clound + On-Premise
– …
– …
Chosed a,b

4. Which device can do posture checking in BYOD
– ISE
– ASA
– Anyconnect
– …
Choosed ISE

5. Which two features of MDM in BYOD are true?
– secure email
– remotely wipe sensitive data
– remove the ability of having a SIM card on a mobile device
– encrypt wired connections
– Choosed a,b

6. STP Attacks:
– MiTM
– if SW receive superior BPDU – attacker wants to be RB (Route Bridge)
– disable STP
– …
Choosed a,b.

7. ZBF FW (zone based firewall) policies:
– Traffic is allowed only between selfzones by default
– max. 1 interface = 1 zone
– max. 2 interf. = 1 zone
– CBAC can by only applied if interface is in zone
– …
– …
Choosed a,d (but had no idea …)

8. NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.

Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X

– use MD5 hash
– sets trusted time source for R1
– configure trusted key for R1
– configure passwords hashing for R1
Choosed b.

Took it using Anton’s guide and some previous asdm experience, passed it by cramming for about 10 days.

4. Which device can do posture checking in BYOD
– ISE
– ASA
– Anyconnect
– …
Choosed ISE

5. Which two features of MDM in BYOD are true?
– secure email
– remotely wipe sensitive data
– remove the ability of having a SIM card on a mobile device
– encrypt wired connections
– Choosed a,b

I passed score 98x.
The Anton’s file was is still valid. It is few new(5-7) question take a look to @Moha post. The questions was discussed. I just want to for add:
Q15 Refer the exhibit
# ip http secure-server
# ip http secure-port 8080

A. enables secure tcp conection server on port 8080
B. enables secure udp conection server on port 8080
C. enables standard https port
D. enables standard http port
Answer: A (I did not rember the answers, but this was the most appropriate.)

What can IPS can do (choose 2):
a– reset UDP connection
b– reset TCP connection
c– scan OS fingerprint
d– deny traffic inline
Choosed b,d

Question about UCS server. I did not rember varinats.

Passed yesterday with a 949 not perfect but more than enough to pass. Anton file is still valid.

I organized the question that Moha and others passed the exam, if anyone can add question or correct the answer, please go
Q1 ASDM Steps to configure NAT in the ASA.
A. Configuration > Firewall > NAT Rules > Add
B. Configuration > Firewall > NAT Roles > Add
C. Configuration > NAT Rules > Add
D. Configuration > Firewall > Add

Answer: A

Q2 Benefits of using Cisco UCS.

A. centralized monitoring and control
B. something related to lower cost
C. something about control on-premise and on the CLOUD
D. DONT REMEMBER

Answer: A,B

Q3 Isakmp SA status when VPN tunnels is formed

A. QM_IDLE
B. ISAKMP_QM_EXCH
C. ISAKMP_QM_READY
D. ISAKMP_QM_SOMETHING

Answer: A

Q4 Which two features of MDM in BYOD are true?.

A. secure email
B. remotely wipe sensitive data
C. remove the ability of having a SIM card on a mobile device
D. encrypt wired connections

Answer: A,B

Q5 which device can do posture checking in BYOD

A. ISE
B. ASA
C. Anyconnect
D. don’t remember

Answer ISE

Q6 in which solution AMP is working:

A. ESA
B. ASA
C. AnyConect
D. don’t remember

Answer: A

Q7 Where is file reputation in cisco amp being executed

A. perimeter
B. endpoint
C. ESA
D. cloud

Answer: D

Q8 how does an Antimalware installed on an endpoint check for a malicious file

A. file reputation
B. signature checking
C. context
D. sandboxing

Answer: B

Q9 Difference bet radius and TACACS. The choices were diff from Anton I just chose the best answer for me.

A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypt password only in access-request packet
D. TACACS encrypt the whole access-request packet

Answer: B,D

Q10 there were out of this world question regarding IPS that i can’t remember coz i got rattled

A.
B.
C.
D.
E.

Answer:

Q11 Something like what method to use to avoid MITM attacks:

A. authentication
B.
C.
D.
E.

Answer: A

Q12 Something like what resources can we use in a S2S VPN (2 options):
What is needed to create a site to site (S2S) VPN between two Cisco IOS devices:

A. Cisco AnyConnect
B. NTP
C. TACSAS+
D. RADIUS
E. CA

Answer: B, E

Q13 A question about NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.

Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X
You need to choose which of the following is correct based on the configuration shown.

A. use MD5 hash
B. configure R1 to trusted time source
C. configure trusted key for R1
D. configure hashing for R1

Answer: B

Q14 IPS state when failed to identify an attack

A. false positive
B. false negative
C. true positive
D. true negative

Ans: B

Q15 Refer the exhibit
# ip http secure-server
# ip http secure-port 8080

A. enables secure tcp conection server on port 8080
B. enables secure udp conection server on port 8080
C. enables standard https port
D. enables standard http port

Answer: A

Q16. What can IPS can do (choose 2):

A. reset UDP connection
B. reset TCP connection
C. scan OS fingerprint
D. deny traffic inline

Answer: B, D

Q17. benefits of using UCS (don’t remember the exact choices but I only added what I could remember)

A. Centralized monitoring and control
B. something related to lower cost
C. something about control on-premise and on the CLOUD
D. something about UCS provide unified networking, computing storage
E.something that UCS only needs storage on cloud

Answer: A,B

Q18. Tacacs+ THINGS

A. encrypts body of packet
B. enc. only header
C. ?
D. ?

Answer: A,B

Q19. STP Attacks:

A. MiTM
B. if SW receive superior BPDU – attacker wants to be RB (Route Bridge)
C. disable STP
D. DONT REMEMBER

Answer: A,B

Q20. ZBF FW (zone based firewall) policies:

A. Traffic is allowed only between selfzones by default
B. max. 1 interface = 1 zone
C. max. 2 interf. = 1 zone
D. CBAC can by only applied if interface is in zone
E. …

Answer A,B

But im not sure

A zone must be configured before interfaces can be assigned to the zone.

An interface can be assigned to only one security zone.

All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.

Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone.

In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.

The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.

Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.

Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.

If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.

From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).

The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.

Thanks for being here to offer goods, Anton I need help as I am appearing on paper around 20th Feb, kindly sharing updated dumps at
irfanahmext @ gmail . com

@LegendBoy

drive.google.com/open?id=131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58

I come to know that i didn’t received my certificate because my CCNA R&S is invalid ( expired) , & i need to get first CCNA R&S before 23 Feb , then i will get my CCNA Security certificate .

if any one have CCNA R&S dump please share it ASAP

@Arekandaru

About Q18

Q18. Tacacs+ THINGS

A. encrypts body of packet
B. enc. only header
C. ?
D. ?

Answer: A,B

Hows that correct?

Info from CISCO:

Packet Encryption

TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.

Source: Cisco TACACS+ and RADIUS comparison, docID 13838

Hello, all!

Passed CCNA Security 210-260 with 930 on 13/Feb/2020!

1 SIM: Clientless VPN. 1 D&D: Port-security violation.

Some of the questions are new and some are worded different.

Pay attention to UCS server related questions and S2S connection questions.

Thanks PassLeader stable 210-260 dumps (552q NEW version), really helpful!

Good luck!

And,

What’s more:

Part of PassLeader 210-260 IINS new questions (FYI):

[Get the download link at the end of this post]

NEW QUESTION 546
Which statement about TACACS+ is true?

A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.

Answer: C

NEW QUESTION 547
Which effect of the secure boot-image command is true?

A. It configure the device to boot to the secure IOS image.
B. It archives a secure copy of the device configuration.
C. It archives a secure copy of the IOS image.
D. It displays the status of the bootset.

Answer: C

NEW QUESTION 548
Which two statements about an IPS in tap mode are true? (Choose two.)

A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyzes the actual packets as they pass through the system.
D. It can analyze events without impacting network efficiency.
E. It is unable to drop packets in the main flow.

Answer: BC

NEW QUESTION 549
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?

A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.

Answer: C

NEW QUESTION 550
Which 802.1x component enforces the network access policy?

A. authentication server
B. authenticator
C. RADIUS server
D. supplicant

Answer: A

NEW QUESTION 551
Drag and Drop
Drag and drop the each port-security violation mode from the left onto the corresponding action on the right.

Answer:

NEW QUESTION 552
……

Download more NEW PassLeader 210-260 dumps from Google Drive here:

drive.google.com/drive/folders/0B-ob6L_QjGLpM1dfWVNVZ3Z5dzg

(552q~~~NEW VERSION DUMPS Updated Recently!!!)

Good luck, all!

[copy that link and open it in your web browser]

@ Dominic Mutungwazi
The question about TACAC I think the right answer is B

@ Dominic Mutungwazi
your answers are different from Anton’s pdf file, my test on feb20 and you complicated me. please anyone to confirm these answers.

@Zein,

Dominic is an spammers, do not pay attention to this kind of advertisement. You may focus on Anton file. PassLeader answers are mostly incorrect, Bolo confirmed above.

Good luck, mine is scheduled on 21st!

Passed 972

Thank you Anton Bolo and all the people commenting here.

Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hasing.
B. TACACS_ is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS_ is used for access to network resources more than administrator access to network devices.
D. TACACS_ server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.
I have seen some guys have chosed C, but I think B seems right. Can some one please confirm

Passed. Anton dumps are still valid. Be sure to check those 15 new questions from Moha cause there were like 4 or 5 of them in the exam.

Cheers

What does ASA Transparent mode support?
A. It supports OSPF.
B. It supports the use dynamic NAT.
C. IP for each interface.
D. Requires a management IP address.
Answer: B According to Antons file, can comeone confirm

Latest dumps with some new questions.

remove the spaces from link

h t t p s : / / mega . nz / # F! BttV3L6a ! y3C W8 ija EDu JsE _ 1Js 9R gg

@AAA WTF is this ?

I made this file 2 days ago and i only shared to 29 people which are my clients from where you get this file ???

I have typed that 1st page and added new questions in the end I promise

Refer the exhibit
# ip http port 8080
#ip http secure-server
A. standard http port
B. standard https port
C. Secure connection over UDP 8080 port
D. Secure connection over TCP 8080 port

guys please can someone confirm answer for this question and above questions too.
I am appearing in exam tomorrow

Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?
(Choose two)
A. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
B. using switchport trunk native vlan 10 command on trunk ports
C: using switchport mode access command on all host ports
D. enabling BPDU guard on all access ports
E. using switchport nonegotiate command on dynamic desirable ports
guys please can someone confirm answer for this question and above questions too.
I am appearing in exam tomorrow

NEW QUESTION : Which two IPS triggers can you configure on a cisco IOS device ? (Choose two)
a. compute attack relevance
b. reset UDP connection
c. deny attacker inline
d. passive OS fingerprinting
e. reset TCP connection

Please answer guys

@abc

First. Answer A,C
Second. Answer C,E??? But im not sure

@AAA
Oh Great, Thank You Soo Much AAA, I was really in need of the dumps, Thanks you soo much, stay blessed you a hero for me…

@abc
1. Answ D. Secure connection over TCP 8080 port – >90%, I im not sure
2. Answer A, C
3. Answer C, E

What two features of MDM are true? (Choose two)
A. It can secure email
B. It can eliminate the need for a SIM card in the device
C. It can remotely wipe sensitive data
D. It can provide mobile hotspot
E. It can encrypt wired communications

Please help with answer

Does the exam comes with 1 Simlet and 4 Multiple choices or there is also another question setting up a firewall. any help is appreciated. How many Simlet or Lab. Thank you.

What are two benefits of a Cisco UCS system? (Choose two)
A. It provides a unified system for computing, networking and storage
B. It provides centralized visibility across public and private clouds
C. It offloads network storage to the public cloud
D. It can be managed through CLI, a GUI and a mobile app
E. It provides a lower cost of ownership than separate storage and computing platforms

please help

@What are two benefits of a Cisco UCS system? (Choose two)
A. It provides a unified system for computing, networking and storage
B. It provides centralized visibility across public and private clouds
C. It offloads network storage to the public cloud
D. It can be managed through CLI, a GUI and a mobile app
E. It provides a lower cost of ownership than separate storage and computing platforms

help…

USC is an integrated computing infrastructure with intent-based management to automate and accelerate deployment of all your applications, including virtualization and cloud computing.
A system for creating a more cost-effective, efficient and centrally managed data center architecture by integrating computing, networking, virtualization and data storage components and resources.

So, this A and B!

Hello guys! My exam is tomorrow, I need renew :)
I will shared my 180questions.vce + program + excel D&D with labsim questions and 552Q vce.
This questions I take here in forum discussion and others in 552Q archive.
(REMOVE ***)
drive**.**google.**com*/*open*?id*=*14XYImiKVlve4z6ZCbYOAAFNa1_oIFzje
GoodLuck guys!

@What two features of MDM are true? (Choose two)
A. It can secure email
B. It can eliminate the need for a SIM card in the device
C. It can remotely wipe sensitive data
D. It can provide mobile hotspot
E. It can encrypt wired communications

Please help with answer

help..
Cisco MDM provides over-the-air centralized management, diagnostics, and monitoring for the mobile devices managed by your organization — from iPads and Androids to Macs and PCs. Systems Manager monitors each of your organization’s devices, showing useful metrics such as client hardware/software information and recent location, and even lets administrators remotely lock and erase devices.

A. It can secure email
Not! because this solutions is BYOD management.
B. It can eliminate the need for a SIM card in the device
YES! Just connect in wifi to connect to remove server.
C. It can remotely wipe sensitive data
YES! lets administrators remotely lock and erase devices.
D. It can provide mobile hotspot
NO! Is not possible shared network because traffic is crypto.
E. It can encrypt wired communications
Yes, but not all communications.

So i think is B and C. :)

Get actual CCNA exam questions and 20% discount off here is link https://www.dumpssure.com/cisco-questions-answers.html

@Moha here is one question that may help you

Which component do you use to perform a device posture assessment in a BYOD solution?
A.Cisco Anyconnect VPN
B. Cisco ASA
C. WLAN Controller
D. Cisco ISE
Answer: D