You are configuring a group policy for Cisco AnyConnect VPN connections. You have accessed the Add
Internal Group Policy dialog box for the group policy.
On what pane will you be able to configure a VLAN restriction? (Select the best answer.)
A.
the Customization pane
B.
the Servers pane
C.
the General pane
D.
the SSL VPN Client pane
Explanation:
You can configure a virtual LAN (VLAN) restriction in a group policy for Cisco AnyConnect virtual private
network (VPN) clients on the General pane of the Add Internal Group Policy dialog box for the group policy. You
can configure a VLAN restriction so that all VPN traffic that is generated by using the associated group policy is
sent to the specified VLAN. By configuring a VLAN restriction, you can control the VPN traffic.To configure a VLAN restriction in Cisco Adaptive Security Device Manager (ASDM) for a group policy that will
be used for Cisco AnyConnect clients, you should click Configuration, click the Remote Access VPN button,
expand Network (Client) Access, click Group Policies, and click the Add button to create a new group
policy, or you should select the group policy to modify and click the Edit button to edit an existing group policy.
Depending on whether you click the Add button or the Edit button, the Add Internal Group Policy dialog box or
the Edit Internal Group Policy dialog box will open. The General pane of these dialog boxes contains a list of
general configuration options, including the banner to display to users, the IP address pool to use, the tunneling
protocols to use, and the VLAN to which VPN traffic should be restricted. The following exhibit displays an
example configuration in which VPN connections made by using the boson_grp group policy will be restricted to
VLAN 10:
You cannot configure a VLAN restriction on the Customization pane of the Add Internal Group Policy dialog box
for a group policy for Cisco AnyConnect VPN clients. On this pane, you can configure the customization object
to apply to the VPN connection, the home page Uniform Resource Locator (URL), and a custom access denied
message to display to users.
You cannot configure a VLAN restriction on the Servers pane of the Add Internal Group Policy dialog box for a
group policy for Cisco AnyConnect VPN clients. On this pane, you can configure the Domain Name System
(DNS) servers to use for the connection and the Windows Internet Name Service (WINS) servers to use for the
connection.
You cannot configure a VLAN restriction on the SSL VPN Client pane of the Add Internal Group Policy dialog
box for a group policy for Cisco AnyConnect VPN clients. On this pane, you can configure whether the Cisco
AnyConnect VPN client installer remains on client systems, whether compression should be applied to the VPN
session, the maximum transmission unit (MTU) for the connection, and the client profile to download to clients.Cisco: General VPN Setup: Adding or Editing a Remote Access Internal Group Policy, General Attributes
QUESTION
What are the three layers of a hierarchical network design? (Choose three.)
A. core
B. access
C. server
D. user
E. internet
F. distribution
Answer: ABF
QUESTION
In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?
A. gratuitous ARP
B. MAC flooding
C. MAC spoofing
D. DoS
Answer: B
Explanation:
Switch goes into fail-open mode, becomes a hub.
QUESTION
Refer to the exhibit. With which NTP server has the router synchronized?
A. 192.168.10.7
B. 108.61.73.243
C. 209.114.111.1
D. 204.2.134.164
E. 132.163.4.103
F. 241.199.164.101
Answer: A
Explanation:
Because you have to refer to our_master , which is only showing on 192.168.10.07. on the rest of them you nothing showing.
“our_master” term lists selected synchronization server at the beginning of the line.
QUESTION
What are two ways to protect eavesdropping when you perform device-management task? (Choose two)
A. use SNMPv2
B. use SSH connection
C. use SNMPv3
D. use in-band management
E. use out-band management
Answer: BC
Explanation:
These management plane protocols are encrypted.
QUESTION
Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
A. You can configure a single zone pair that allows bidirectional traffic flows from for any zone except the self-zone
B. You must configure two zone pairs, one for each direction
C. You can configure a single zone pair that allows bidirectional traffic flows for any zone
D. You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.
Answer: B
Explanation:
A single zone pair is NOT bidirectional, so you must have two pairs to cover both directions.
QUESTION
Which three ways does the RADIUS protocol differ from TACACS?? (Choose three)
A. RADIUS authenticates and authorizes simultaneously. Causing fewer packets to be transmitted
B. RADIUS encrypts only the password field in an authentication packets
C. RADIUS can encrypt the entire packet that is sent to the NAS
D. RADIUS uses UDP to communicate with the NAS
E. RADIUS uses TCP to communicate with the NAS
F. RADIUS support per-command authentication
Answer: ABD
Explanation:
TACACS+ encypts the entire body of the packet and supports per-command-authentication for greater granularity.
QUESTION
A data breach has occurred and your company database has been copied. Which security principle has been violated?
A. Confidentiality
B. Access
C. Control
D. Availability
Answer: A
QUESTION
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. BPDU guard
B. portfast
C. EherCahannel guard
D. loop guard
Answer: A
Explanation:
The key here is the word ‘switch’. The entire switch goes into a blocked state, meaning that it can’t participate in STP, it is blocked. Root guard basically puts the port in a listening state rather than forwarding, still allowing the device to participate in STP.
QUESTION
What is the primary purposed of a defined rule in an IPS?
A. to detect internal attacks
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to configure an event action that takes place when a signature is triggered.
Answer: C
Explanation:
Defined rules are defined by the sysadmin, Event Action Rules take place when an event triggers an action.
QUESTION
How does PEAP protect EAP exchange?
A. it encrypts the exchange using the client certificate.
B. it validates the server-supplied certificate and then encrypts the exchange using the client certificate
C. it encrypts the exchange using the server certificate
D. it validates the client-supplied certificate and then encrypts the exchange using the server certificate.
Answer: C
Explanation:
The client certificate is not used for encryption with PEAP.
QUESTION
How can firepower block malicious email attachments?
A. It forwards email requests to an external signature engine
B. It sends the traffic through a file policy
C. It scans inbound email messages for known bad URLs
D. It sends an alert to the administrator to verify suspicious email messages
Answer: B
QUESTION
A proxy firewall protects against which type of attacks?
A. DDoS
B. port scanning
C. worm traffic
D. cross-site scripting attacks
Answer:
0
0
New 210-260 Real Exam Questions can be checked at: https://www.braindump2go.com/210-260.html (368Q&As Version)
0
0