Cisco >
CCNA Security > ExSim-Max for Cisco 210-260 IINS
ExSim-Max for Cisco 210-260 IINS

(
5 customer reviews)
About This Practice Exam:
|
Exam Number: |
210-260 |
Exam Name: |
IINS (Implementing Cisco IOS Network Security) |
Certifications: |
CCNA Security |
Author: |
Boson |
Question Count: |
276 |
Single-User License |
|
210-260 IINS Practice Exam

ExSim-Max for Cisco 210-260 IINS is Boson's
practice exam for
the Cisco CCNA® Security certification exam. This exam
simulation, also known as practice exam, software covers the concepts
you need to know to pass the 210-260 IINS exam. ExSim-Max for Cisco
210-260 IINS includes well-written, technically accurate questions and
answers, which compose three unique, full-length practice
exams. This product is written and edited entirely by Boson's
subject matter experts, and delivered by our exam delivery system, the
Boson Exam
Environment
(BEE). The ExSim-Max for Cisco 210-260 IINS exams simulate the
difficulty
and variety of question types on the real exam so closely that, if you
can pass our CCNA practice exams, you will know that you are ready for
the real exam.
This CCNA Security practice exam, like
all
ExSim-Max
practice exams, comes with our
No Pass, No
Pay Guarantee, and is only available here at Boson.com.
Pass the 210-260 IINS Exam with
ExSim-Max
- Simulates the level of
difficulty, question types and item
distribution
- Contains well-written questions by
subject matter experts
- Includes comprehensive
explanations with detailed references
- Provides score
reports to focus your study time
- Gives you the
tools you need to pass the exam—guaranteed!
Download
the BEE and try the
practice exam
demo to see how ExSim-Max can help you pass the 210-260
exam.
210-260 CCNA Security Exam
Info
The 210-260 IINS is the required exams
associated with the Cisco
CCNA
Security certification. This exam tests the candidate's
knowledge of secure network infrastructure, understanding core security
concepts, managing secure access, VPN encryption, firewalls, intrusion
prevention, web and email content security, and endpoint security. This
exam validates skills for installation, troubleshooting, and monitoring
of a secure network to maintain integrity, confidentiality, and
availability of data and devices, according to the Cisco
website.
210-260 IINS Exam
Topics
1.0 Security
Concepts
1.1 Common security
principles
1.1.a Describe confidentiality,
integrity, availability (CIA)
1.1.b Describe SIEM
technology
1.1.c Identify common security terms
1.1.d
Identify common network security zones
1.2
Common security threats
1.2.a Identify common
network attacks
1.2.b Describe social
engineering
1.2.c Identify malware
1.2.d Classify the
vectors of data loss/exfiltration
1.3
Cryptography concepts
1.3.a Describe key
exchange
1.3.b Describe hash algorithm
1.3.c Compare
and contrast symmetric and asymmetric encryption
1.3.d Describe
digital signatures, certificates, and
PKI
1.4 Describe network
topologies
1.4.a Campus area network
(CAN)
1.4.b Cloud, wide area network (WAN)
1.4.c Data
center
1.4.d Small office/home office (SOHO)
1.4.e
Network security for a virtual
environment
2.0
Secure Access
2.1
Secure management
2.1.a Compare in-band and
out-of band
2.1.b Configure secure network
management
2.1.c Configure and verify secure access through
SNMP v3 using an ACL
2.1.d Configure and verify security for
NTP
2.1.e Use SCP for file
transfer
2.2 AAA
concepts
2.2.a Describe RADIUS and TACACS+
technologies
2.2.b Configure administrative access on a Cisco
router using TACACS+
2.2.c Verify connectivity on a Cisco
router to a TACACS+ server
2.2.d Explain the integration of
Active Directory with AAA
2.2.e Describe authentication and
authorization using ACS and ISE
2.3 802.1X
authentication
2.3.a
Identify the functions 802.1X components
2.4
BYOD
2.4.a Describe the BYOD architecture
framework
2.4.b Describe the function of mobile device
management
(MDM)
3.0
VPN
3.1 VPN concepts
3.1.a Describe IPsec
protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport
mode)
3.1.b Describe hairpinning, split tunneling, always-on,
NAT traversal
3.2 Remote access VPN
3.2.a Implement
basic clientless SSL VPN using ASDM
3.2.b Verify clientless
connection
3.2.c Implement basic AnyConnect SSL VPN using
ASDM
3.2.d Verify AnyConnect connection
3.2.e Identify
endpoint posture assessment
3.3 Site-to-site
VPN
3.3.a Implement an IPsec site-to-site VPN with pre-shared
key authentication on Cisco routers and ASA firewalls
3.3.b
Verify an IPsec site-to-site VPN
4.0 Secure Routing
and Switching
4.1 Security on Cisco
routers
4.1.a Configure multiple privilege
levels
4.1.b Configure Cisco IOS role-based CLI
access
4.1.c Implement Cisco IOS resilient
configuration
4.2 Securing routing
protocols
4.2.a Implement routing update
authentication on OSPF
4.3 Securing the
control plane
4.3.a Explain the function of
control plane policing
4.4 Common Layer 2
attacks
4.4.a Describe STP
attacks
4.4.b Describe ARP spoofing
4.4.c Describe MAC
spoofing
4.4.d Describe CAM table (MAC address table)
overflows
4.4.e Describe CDP/LLDP reconnaissance
4.4.f
Describe VLAN hopping
4.4.g Describe DHCP
spoofing
4.5 Mitigation
procedures
4.5.a Implement DHCP
snooping
4.5.b Implement Dynamic ARP Inspection
4.5.c
Implement port security
4.5.d Describe BPDU guard, root guard,
loop guard
4.5.e Verify mitigation
procedures
4.6 VLAN
security
4.6.a Describe the security
implications of a PVLAN
4.6.b Describe the security
implications of a native
VLAN
5.0 Cisco
Firewall Technologies
5.1 Describe
operational strengths and weaknesses of the different firewall
technologies
5.1.a Proxy
firewalls
5.1.b Application firewall
5.1.c Personal
firewall
5.2 Compare stateful vs. stateless
firewalls
5.2.a Operations
5.2.b
Function of the state table
5.3 Implement
NAT on Cisco ASA 9.x
5.3.a
Static
5.3.b Dynamic
5.3.c PAT
5.3.d Policy
NAT
5.3 e Verify NAT operations
5.4
Implement zone-based firewall
5.4.a Zone to
zone
5.4.b Self zone
5.5 Firewall
features on the Cisco Adaptive Security Appliance (ASA)
9.x
5.5.a Configure ASA access
management
5.5.b Configure security access
policies
5.5.c Configure Cisco ASA interface security
levels
5.5.d Configure default Cisco Modular Policy Framework
(MPF)
5.5.e Describe modes of deployment (routed firewall,
transparent firewall)
5.5.f Describe methods of implementing
high availability
5.5.g Describe security
contexts
5.5.h Describe firewall
services
6.0
IPS
6.1 Describe IPS deployment
considerations
6.1.a Network-based IPS vs.
host-based IPS
6.1.b Modes of deployment (inline, promiscuous -
SPAN, tap)
6.1.c Placement (positioning of the IPS within the
network)
6.1.d False positives, false negatives, true
positives, true negatives
6.2 Describe IPS
technologies
6.2.a
Rules/signatures
6.2.b Detection/signature
engines
6.2.c Trigger actions/responses (drop, reset, block,
alert, monitor/log, shun)
6.2.d Blacklist (static and
dynamic)
7.0
Content and Endpoint Security
7.1
Describe mitigation technology for email-based
threats
7.1.a SPAM filtering, anti-malware
filtering, DLP, blacklisting, email
encryption
7.2 Describe mitigation
technology for web-based threats
7.2.a Local
and cloud-based web proxies
7.2.b Blacklisting, URL filtering,
malware scanning, URL categorization, web application filtering, TLS/SSL
decryption
7.3 Describe
mitigation technology for endpoint
threats
7.3.a
Anti-virus/anti-malware
7.3.b Personal
firewall/HIPS
7.3.c Hardware/software encryption of local
data
See
all
Cisco practice exams
|
CCNA Security practice
exams
CIS-ES-MAX-210260-01