Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

210-260 by Cisco - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

What is the Cisco preferred countermeasure to mitigate CAM overflows?

A Port security
B Dynamic port security
C IP source guard
D Root guard

Question 4

Which three statements about host-based IPS are true? (Choose three.)

A It can view encrypted files.
B It can have more restrictive policies than network-based IPS.
C It can generate alerts based on behavior at the desktop level.
D It can be deployed at the perimeter.
E It uses signature-based policies.
F It works with deployed firewalls.

Question 5

What three actions are limitations when running IPS in promiscuous mode? (Choose three.)

A deny attacker
B deny packet
C modify packet
D request block connection
E request block host
F reset TCP connection

Question 6

Refer to the exhibit.

Question 7

How can FirePOWER block malicious email attachments?

A It forwards email requests to an external signature engine.
B It scans inbound email messages for known bad URLs.
C It sends the traffic through a file policy.
D It sends an alert to the administrator to verify suspicious email messages.

Question 8

Which type of secure connectivity does an extranet provide?

A other company networks to your company network
B remote branch offices to your company network
C your company network to the Internet
D new networks to your company network

Question 9

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

A when a matching TCP connection is found
B when the firewall requires strict HTTP inspection
C when the firewall receives a FIN packet
D when matching ACL entries are configured
E when the firewall requires HTTP inspection
F when matching NAT entries are configured

Question 10

If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?

A STP BPDU guard
B loop guard
C STP Root guard
D EtherChannel guard

Question 11

Which two characteristics apply to an Intrusion Prevention System (IPS)? (Choose two.)

A Does not add delay to the original traffic
B Cabled directly inline with the flow of the network traffic
C Can drop traffic based on a set of rules
D Cannot drop the packet on its own
E Runs in promiscuous mode

Question 12

Which quantifiable item should you consider when your organization adopts new technologies?

A exploits
B risk
C threats
D vulnerability

Question 13

Refer to the exhibit.

Question 14

In which two situations should you use out-of-band management? (Choose two.)

A when a network device fails to forward packets
B when you require ROMMON access
C when management applications need concurrent access to the device
D when you require administrator access from multiple locations
E when the control plane fails to respond

Question 15

Referencing the CIA model, in which scenario is a hash-only function most appropriate?

A securing data at rest
B securing wireless transmissions
C securing data in files
D securing real-time traffic

Question 16

Which command do you enter to enable authentication for OSPF on an interface?

A router(config-router)#area 0 authentication message-digest
B router(config-router)#ip ospf authentication-key CISCOPASS
C router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
D router(config-if)#ip ospf authentication message-digest

Question 17

Which two functions can SIEM provide? (Choose two.)

A dual-factor authentication
B proactive malware analysis to block malicious traffic
C centralized firewall management
D correlation between logs and events from multiple systems
E event aggregation that allows for reduced log storage requirements

Question 18

Refer to the exhibit.

Question 19

Refer to the exhibit.

Question 20

In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)

A TACACS uses TCP to communicate with the NAS.
B TACACS can encrypt the entire packet that is sent to the NAS.
C TACACS supports per-command authorization.
D TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
E TACACS uses UDP to communicate with the NAS.
F TACACS encrypts only the password field in an authentication packet.

Question 21

According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)

A BOOTP
B TFTP
C DNS
D MAB
E HTTP
F 802.1x

Question 22

What command can you use to verify the binding table status?

A show ip dhcp snooping database
B show ip dhcp snooping binding
C show ip dhcp snooping statistics
D show ip dhcp pool
E show ip dhcp source binding
F show ip dhcp snooping

Question 23

If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?

A root guard
B EtherChannel guard
C loop guard
D BPDU guard

Question 24

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)

A AES
B 3DES
C DES
D MD5
E DH-1024
F SHA-384

Question 25

Which three ESP fields can be encrypted during transmission? (Choose three.)

A Security Parameter Index
B Sequence Number
C MAC Address
D Padding
E Pad Length
F Next Header

Page 1 of 6 • Questions 1-25 of 134

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which two services define cloud networks? (Choose two.)

A Infrastructure as a Service
B Platform as a Service
C Security as a Service
D Compute as a Service
E Tenancy as a Service

Which two statements about stateless firewalls are true? (Choose two.)

A They compare the 5-tuple of each incoming packet against configurable rules.
B They cannot track connections.
C They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
D Cisco IOS cannot implement them because the platform is stateful by nature.
E The Cisco ASA is implicitly stateless because it blocks all traffic by default.

What is the effect of the given command?

A It merges authentication and encryption methods to protect traffic that matches an ACL.
B It configures the network to use a different transform set between peers.
C It configures encryption for MD5 HMAC.
D It configures authentication as AES 256.

A network security administrator checks the ASA firewall NAT policy table with the show nat command. Which statement is false?

A First policy in the Section 1 is dynamic nat entry defined in the object configuration.
B There are only reverse translation matches for the REAL_SERVER object.
C NAT policy in Section 2 is a static entry defined in the object configuration.
D Translation in Section 3 is used when a connection does not match any entries in first two sections.

Which statement about the device time is true?

A The time is authoritative, but the NTP process has lost contact with its servers.
B The time is authoritative because the clock is in sync.
C The clock is out of sync.
D NTP is configured incorrectly.
E The time is not authoritative.

If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?

A The supplicant will fail to advance beyond the webauth method.
B The switch will cycle through the configured authentication methods indefinitely.
C The authentication attempt will time out and the switch will place the port into the unauthorized state.
D The authentication attempt will time out and the switch will place the port into VLAN 101.

210-260Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25