SIEM Functions (Choose two)
A.
correlation between logs and events from multiple sys
B.
event aggregation that allows reduced logs stogarge
C.
comined managemant access to firewalls
D.
…
Explanation:
BD
Security Information Event Management SIEM
+ Log collection of event records from sources throughout the organization provides important forensic tools
and helps to address compliance reporting requirements.
+ Normalization maps log messages from different systems into a common data model, enabling the
organization to connect and analyze related events, even if they are initially logged in different source formats.
+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction
to security threats.
+ Aggregation reduces the volume of event data by consolidating duplicate event records.
+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term
summaries.
Source: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smartbusinessarchitecture/
sbaSIEM_deployG.pdf
2017/Aug New Updated 210-260 exam questions:
QUESTION 91
Which type of address translation should be used when a Cisco ASA is in transparent mode?
A. Static NAT
B. Dynamic NAT
C. Overload
D. Dynamic PAT
Answer: A
QUESTION 92
Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)
A. The password
B. The hash
C. The key
D. The transform set
Answer: BC
QUESTION 93
What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?
A. 5 seconds
B. 10 seconds
C. 15 seconds
D. 20 seconds
Answer: A
QUESTION 94
Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.)
A. EAP
B. ASCII
C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2
Answer: CEF
QUESTION 95
Which command initializes a lawful intercept view?
A. username cisco1 view lawful-intercept password cisco
B. parser view cisco li-view
C. li-view cisco user cisco1 password cisco
D. parser view li-view inclusive
Answer: C
QUESTION 96
Which security measures can protect the control plane of a Cisco router? (Choose two.)
A. CCPr
B. Parser views
C. Access control lists
D. Port security
E. CoPP
Answer: AE
QUESTION 97
Which statement about extended access lists is true?
A. Extended access lists perform filtering that is based on source and destination and are most effective when applied to the destination
B. Extended access lists perform filtering that is based on source and destination and are most effective when applied to the source
C. Extended access lists perform filtering that is based on destination and are most effective when applied to the source
D. Extended access lists perform filtering that is based on source and are most effective when applied to the destination
Answer: B
QUESTION 98
Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.)
A. FTP
B. SSH
C. Telnet
D. AAA
E. HTTPS
F. HTTP
Answer: BE
QUESTION 99
What are the primary attack methods of VLAN hopping? (Choose two.)
A. VoIP hopping
B. Switch spoofing
C. CAM-table overflow
D. Double tagging
Answer: BD
QUESTION 100
How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration?
A. Issue the command anyconnect keep-installer under the group policy or username webvpn mode
B. Issue the command anyconnect keep-installer installed in the global configuration
C. Issue the command anyconnect keep-installer installed under the group policy or username webvpn mode
D. Issue the command anyconnect keep-installer installer under the group policy or username webvpn mode
Answer: C
More new 210-260 exam questions from:
https://drive.google.com/drive/folders/0B75b5xYLjSSNV1RGaFJYZkxGWFk?usp=sharing
0
0
Hi Alexander
could you please sent the latest dumps to tonsebastia@gmail.com
0
0
and if you want to pass the exam in a short time, you also can try the braindump2go 210-260 pdf and vce:https://www.braindump2go.com/210-260.html (2017 310Q&As Version)
All new questions can be found there.
0
0