Refer to the exhibit.
What is the effect of the given command sequence?
A.
It configures IKE Phase 1.
B.
It configures a site-to-site VPN tunnel.
C.
It configures a crypto policy with a key size of 14400.
D.
It configures IPSec Phase 2.
What is the effect of the given command sequence?
Refer to the exhibit.
What is the effect of the given command sequence?
A:
ISAKMP is the negotiation protocol that lets two hosts agree on how to build an IPsec security
association (SA). ISAKMP separates negotiation into Phase 1 and Phase 2. Phase 1 creates the first tunnel, which protects later ISAKMP negotiation messages. Phase 2 creates the tunnel that protects data.
IKE uses ISAKMP to setup the SA for IPsec to use. IKE creates the cryptographic keys used to authenticate peers. The ASA supports IKEv1 for connections from the legacy Cisco VPN client, and IKEv2 for the AnyConnect VPN client.
Ikev1 stands for IKE version 1. There are five parameters to define in each IKE policy:
encryption algorithm
hash algorithm
authentication method
Diffie-Hellman group identifier
lifetime of the security association1
I concur.
I have already passed Cisco 210-260 certification exam today! Scored 989/1000 in Australia. SO MANY new added exam questions which made me headache….. Anyway, I finally passed 210-260 exam with the help of the dump below:
QUESTION 181
A data breach has occurred and your company database has been copied. Which security principle has been violated?
A. Confidentiality
B. Access
C. Control
D. Availability
Answer: A
QUESTION 182
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. BPDU guard
B. portfast
C. EherCahannel guard
D. loop guard
Answer: A
Explanation:
The key here is the word ‘switch’. The entire switch goes into a blocked state, meaning that it can’t participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP.
QUESTION 183
What is the primary purposed of a defined rule in an IPS?
A. to detect internal attacks
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to configure an event action that takes place when a signature is triggered.
Answer: C
Explanation:
Defined rules are defined by the sysadmin, Event Action Rules take place when an event triggers an action.
QUESTION 184
How does PEAP protect EAP exchange?
A. it encrypts the exchange using the client certificate.
B. it validates the server-supplied certificate and then encrypts the exchange using the client certificate
C. it encrypts the exchange using the server certificate
D. it validates the client-supplied certificate and then encrypts the exchange using the server certificate.
Answer: C
Explanation:
The client certificate is not used for encryption with PEAP.
QUESTION 185
How can firepower block malicious email attachments?
A. It forwards email requests to an external signature engine
B. It sends the traffic through a file policy
C. It scans inbound email messages for known bad URLs
D. It sends an alert to the administrator to verify suspicious email messages
Answer: B
QUESTION 186
A proxy firewall protects against which type of attacks?
A. DDoS
B. port scanning
C. worm traffic
D. cross-site scripting attacks
Answer: D
QUESTION 187
Which three statements are characteristics of DHCP Spoofing? (Choose three.)
A. Arp Poisoning
B. Modify Traffic in transit
C. Used to perform man-in-the-middle attack
D. Physically modify the network gateway
E. Protect the identity of the attacker by masking the DHCP address
F. Can access most network devices
Answer: BCD
Explanation:
In DHCP spoofing attacks, the attacker takes over the DHCP server role and can serve IP addresses and his IP address as default gateway. By doing that he performs a man-in-the-middle attack, and because all the traffic passes through his computer he can modify traffic in transit and he physically changed the default gateway.
QUESTION 188
……
More questions are on my blog: http://www.epass4sure.com/?s=210-260
Hope it can help u a lot!