Share your CCNA Security Experience

@Bolo

Thanks for the feed! I thought theywere refering to local database.

Refering 2nd question, that’s is true. And that is why I don’t know what the answer should be. Cisco focus a lot on AMP abilities to monitor malware behavior. But uses different processes so how can we give an exact answer? From their docs, signature checking is just one of the processes.. right?

@securitas
The question isn’t asking about a Cisco product, at least the way we have it here. AFAIK, Cisco doesn’t sell any host-based AV (not counting free ClamAV that they develop). AMP uses agents (connectors as Cisco calls them), but those aren’t “real” AV software. The question just seems to be a general security knowledge question (like those about frequency of AV updates in the past for example). So I would bet on general knowledge answer, which should be B.

A: if the question is about Cisco, this might be an answer – have to see the question exactly as it is on the test
B: that’s what most AV software does by default
C: not sure what that means
D: there is/was software running sandbox on the host (paid Avast?), but mostly it is not endpoint functionality

QUESTIONS CORRECTED – based on @Bolo feedback and following Cisco explanation confirming everything

“Introduction to Advanced Malware Protection (AMP)” from Cisco official channel.
https :// youtu.be / ZDBMH7X4Dr4?t =88

Q1 File reputation is done in the CLOUD. Whenever a file is accessed, AMP connector sends a SHA-256 hash value+file context to the cloud (where the DB is!) so the cloud answers with a veredict/file disposition.

Q2 It only uses sandboxing after file reputation results, i.e., if the retrieved file disposition from the cloud is tagged as unknown. AMP sends the file context to the cloud to get the file reputation, so I’d go for context (as per my understanding heuristics and signature database is specific for viruses?

@Bolo
I see… would like to see original question as well. I wdn’t go for the B because they say”Block known threats automatically using machine learning, exploit prevention, file reputation, antivirus, and a wide array of other attack prevention techniques that will stop both fileless and file-based attacks in their tracks.”

So what I understand from this is that is just one of its techniques. I’d better go for A for the reasons you’ve said, or context because of them saying that for AMP to get file reputation, it has to send hash+context.

Hi guys, could anybody explain me why this? Thanks a lot.

What is the effect of the given configuration?
Device #tunnel group 192.x.x.x ipsec-attributes
Device# pre-shared-key cisco654

C. It establishes the preshared key for the firewall

@Francoise: this is a “best of” answer, other choices are router, switch and ISE.
Switch and ISE are no vpn devices. A Router can be depending of model, Firewall also.
So firewall is the best of these answers…

@Francoise, dredv
I think tunnel-group command is only available on ASAs.

dredv
ouh… you are absolutely right!
Thanks dredv… I didnt think of that (ise and switch)!

So is Antons DUMP still 100% valid or have new questions been added? Taking exam on Friday

@Sky
Anton’s dump is valid, just not for the perfect score – that’s what people here are saying. New questions weren’t added – we only know two of them, more or less.

@bolo , @anton and @yuki, thanks a million, I passed today with a 9xx points.
same simulation.

few new question:
a question about UCS (benefit of using UCS)
a question about MDM (what can do)
a question with : isakmp_qm_ready isakmp_idle isakmp_qm_idle , I don t remember exactly
a question about ise

passed my exam 978/1000.

1 SIM: Connection less VPN
D&D : Drag and drop the each port-security violation

Copy link and paste in your browser
poweredbydialup.online/WV4VYT

The question isn’t asking about a Cisco product, at least the way we have it here. AFAIK, Cisco doesn’t sell any host-based AV (not counting free ClamAV that they develop). AMP uses agents (connectors as Cisco calls them), but those aren’t “real” AV software. The question just seems to be a general security knowledge question (like those about frequency of AV updates in the past for example). So I would bet on general knowledge answer, which should be B.

A: if the question is about Cisco, this might be an answer – have to see the question exactly as it is on the test
B: that’s what most AV software does by default
C: not sure what that means
D: there is/was software running sandbox on the host (paid Avast?), but mostly it is not endpoint functionality

@Bolo @anton @yuki @othere who participated in this forum.
I have passed the exam with 938 score. as Azarki said , a few new questions were but anton file is enough to pass the exam , new questions might be testing once which wont be scored.

Hi everyone,

Firstly special thanks to Bolo, Anton, Youki, c0achGreece and Anubis for their work and others for their great contribution to community.
I passed exam today with score 9xx/1000.
~60% of questions were from Anton’s file, ~20 from Youki and rest were new questions (about 10).
SIM was clientless and DND port-security violation.
Unfortunately I can’t remember most question but I can recall:
– Question about UCS server, it characteristic
– In which solution APM is working: ESA, ASA, AnyConnect…
– Which are MDM two functions in BYOD.
– What TACACS functions are? (something like that): Decombines authorization and
authentication, combines authorization and authentication, encrypt body, encrypts password only.

@Securitas & MOHA

The answer is definitely B – Signature Checking

The first question I posted was between ESA or Cloud, and the answer is Cloud as Bolo confirmed.

I have noticed at the end of Anton’s file he has a lot of questions from Passleader(“July 2018 -Unverified”) that are not checked, I imagine these are unlikely to come up in the test? I spotted a few wrong answers in this section.
Just not sure why he would have added these to his PDF.

@Zfk

You might just have answered my question regarding old questions in Anton’s file.

Which are MDM two functions in BYOD?… Is that not the below question from Anton’s file?

Q. Which is not a function of mobile device management (MDM)?

A. Enforce Strong Passwords on BYOD Devices
B. Deploy Software Updates on BYOD Devices
C. Remotely wipe data
D. Enforce Data encryption

Answer B

What TACACS functions are?

This one has been covered.

Ignore my question regarding Anton’s file, I have noticed there is a 1.3version of the file.

@CATS
There is a 1.3 Version?!?!
Where?

Here’s the link to the lastest (1.3) version of Anton’s file – remove spaces from it:
drive . google . com / open?id = 131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58

@ZFK
do you have a corrected version of Youki’s file ?

@CATS

“The answer is definitely B – Signature Checking”, based on what?

ZFK remembered this new question:
“– In which solution AMP is working: ESA, ASA, AnyConnect…”

AMP is working on all of these, ESa, ASA andd also anyconnect
i refer to h..ps://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html

Product Name Details

Cisco AMP for Endpoints: Protect PCs running Windows, Macs, Linux systems, and Android mobile devices using AMP’s lightweight connector, with no performance impact on users. AMP for Endpoints can also be launched from AnyConnect v4.1.

Cisco AMP for Networks: Deploy AMP as a network-based solution integrated into Cisco Firepower NGIPS security appliances.

Cisco AMP on Firewalls and ASA with FirePOWER Services: Deploy AMP capabilities integrated into the Cisco NGFW or ASA Adaptive Security Appliance firewall.

Cisco AMP Private Cloud Virtual Appliance: Deploy AMP as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud.

Cisco AMP on ESA, or WSA: For Cisco Email Security Appliance (ESA) or Web Security Appliance (WSA), AMP capabilities can be turned on to provide retrospective capabilities and malware analysis.

Cisco AMP for Meraki MX: Deploy AMP as part of the Meraki MX Security Appliance for cloud-based simplified security management with advanced threat capabilities.

Cisco Threat Grid: Threat Grid is integrated with Cisco AMP for enhanced malware analysis. It can also be deployed as a standalone advanced malware analysis and threat intelligence solution, in the cloud or on an appliance.

@ZFK @dredv
wasn’t there the choice to select it all?

Hi All,

Can anyone please confirm if answer are correct in dump file named ‘C0achGreece.Yako.PassLeader&more-ByAnton_v1.3’

Thanks

Verified answers of few questions and they were correct although answers for same questions were wrong in multiple other dumps. I am assuming as ‘Anton’ dumps are compiled after verifying and discussing questions on this forums so all answers are correct. I would appreciate if someone can confirm it.

I am glad to share Prepaway Premium Dumps (Latest Paid Version) along some dumps from other vendors.

I don’t think new questions are included in these dumps. However please confirm if people who have recently passed the exam are able to see new questions in Prepaway Premium File.

mega . nz / # F!Vs Nh DYrL! 5Lb6GYM uj Gl wrj lQzSE QAA

Remove spaces

@Drevdv

Thanks.

Can anyone confirm the answer for below question

If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server

Is it A&D or A&B

@Arslan
A&D

Hello everyone,

How to download the latest dumps? I had an exam on 02/05 but did not pass. I am planning to take again next week.

just scroll up on this page and look for Anton..1.3

Anton’s file still valid. Won’t get perfect score, but you will pass and that’s all that matters right

@HM
How did you prepare?

I just passed the exam with 950/1000. Anton’s file IS NOT ENOUGH, at least in my case. There were plenty of new questions. Most of them are basic security/networking questions that I think anyone can answer. In any case, this is what I remember:
Q1. What is the effect of the given configuration?
Device #tunnel group 192.x.x.x ipsec-attributes
Device# pre-shared-key cisco654

c) It establishes the preshared key for the firewall

Thanks @Francoise!

Q2. Something like what method to use to avoid MITM attacks:

ans: authentication

Q3. UCS Advantages (2 options among 5) – https:// www. cisco. com/c/dam/en/us/products/collateral/ servers-unified-computing/ ucs-solution-overview.pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD

Q4. WHat messages represent a successfull ISAKMP SAs establishment (the idea was this, not literally like this)
a) I chose QM_IDLE, as per UDEMY videos. Not sure though, but I think I got it right.
b) IKE_IDLE
c) and d) other IKE_ messages

Q5. Something like what resources can we use in a S2S VPN (2 options):
a) TACACS….
b) RADIUS….
… can’t remember the rest

Q6. Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
a) something about using ISE that made sense for me…
b) Wipe data remotely
c, d)… can’t recall

If something else comes to my mind I’ll let you know. Cheers!

@securitas: Congratulations & THX for this feedback

Q3. UCS Advantages (2 options among 5) – https:// www. cisco. com/c/dam/en/us/products/collateral/ servers-unified-computing/ ucs-solution-overview.pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD

I have no idea what i would pick here? Does someone know better?
And are there some new news, questions which later came to your mind? Ill be glad to hear about it.

Hi everybody,

Im passed today the exam with 927 score. A new question were added but anton file is enought to pass the exams.

Thx @anton @Bolo, great contribution.

@Anonymous
Do u mby know what questions are new?

Hey All, hoping to take the test on either 21st or 23rd before it expires.

I went through about 8 pages of comments but I didn’t have any luck finding the dumps. Does anyone know what page they’re on?

Is it worth it to go through all of NetAcad thoroughly or should I pick up the basics and keep working through labs/sims/dumps?

@WannaBeASecurityGuy:
check first that the testcenter has a free timeslot

Disregard!

I completely overlooked it and found the link after going through the pages again.

Would still appreciate advice on best approach to studying. Usually I study strictly off of dumps and dive deeper into concepts I get wrong on the dumps. But would like to know if anyone used the Net Acad course and if they found it very useful

@dredv

Yeah I need to confirm a testing time is still available. I’m not toooooo worried because I’m sure at least one testing site in the city has an availability sometime the week of the 23rd but I need to finish my NetAcad course so I can get a discounted voucher

Here are the Qs that said to be new they are not complete yet,
*** if you know the exact question/ or the exact answers please share
1*ASDM Steps to configure NAT in the ASA.
I answered: Configuration > Firewall > NAT > Add Rule
—————————————————————————-
2*Benefits of using Cisco UCS.
*Question about UCS server, it characteristic
UCS Advantages (2 options among 5) – http s:// www. Cisco .com /c/dam/en/us/products/collateral/servers-unified-computing/ucs-solution-overview .pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD

what I can get from the document
Industry leading BW
Consistent and low latency
lower infrastructure cost
Rack server deployment flexibility
regarding the part with cloud don’t know exactly how Cisco Intersight work
———————————————————————
3*Isakmp SA status when VPN tunnels is formed: QM_IDLE
regarding how you would set up an ike tunnel for cisco ios
isakmp_qm_ready
isakmp_idle
isakmp_qm_idle
Ans: QM_Idle for phase 1 active on ios
AM_Active/MM_Active for ASA
—————————————————————————-
4* Features of MDM.
*which are MDM two functions in BYOD.
*Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
a) something about using ISE that made sense for me…
b) Wipe data remotely
c, d)… can’t recall

MDM features
PIN enforcement
strong password enforcement
jailbreak/root detection
data encryption
remote data wipe
DLP
secure application tunnels
———————————————————————-
5*A Question about BYOD w/ Cisco ISE
*Question about ISE
*which are MDM two functions in BYOD.
————————————————
6* in which solution APM is working:
A. ESA
B. ASA
C. AnyConect
———————————————
7* Where is file reputation in cisco amp being executed
a – perimeter
b – endpoint
C – ESA
d – cloud

Ans: cloud using thread grid for unknown files/ for known files there should be a score for file reputation.
—————————————————–
8*+ how does an Antimalware installed on an endpoint check for a malicious file
a– file reputation
b– signature checking
c-context
d– sandboxing

answer according to Bolo should be signature based as this is would be normal antimalware
————————————————————-
9* Difference bet radius and TACACS. The choices were diff from Anton I just chose the best answer for me.
—————————————————-
10* there were out of this world question regarding IPS that i can’t remember coz i got rattled
———————————————————-
11* what is the effect of the given configuration? >>> Anton’s file v1.3 Q30
Device #tunnel group 192.x.x.x ipsec-attributes
Device# pre-shared-key cisco654
c) It establishes the preshared key for the firewall
—————————————————–
12 Something like what method to use to avoid MITM attacks:
Ans: authentication
—————————————————————————–
13 Something like what resources can we use in a S2S VPN (2 options):
a) TACACS….
b) RADIUS….

Can someone please provide me Anton file/pdf

d n 7 8 2 1 3@ gmail.com

Just scroll Update THIS Site Look for User gia

@Dredv Thank You !!!!!!!!!! :)

@Moha great job!
@Sky, a) for sure. then I was unsure between b) or that option mentioning Cloud and on-premise. In the end I chose b). Can’t really recall what was the sentence

Btw, drag n’ drop and lab were the same.

Passed today.

And i would like to say Anton’s file IS STILL ENOUGH…
Will you get a perfect score, no. Will you comfortably pass, yes.

As mentioned, some of the questions are new and some are worded different. For example the question about “Identifying safe traffic as suspicious “False positive”. Was the other way around so the answer was “False Negative”. Learn the new questions on this and previous page as they do come up.

I actually had a brain fart on the last SIM question even though i had seen the answers on antons file. Went through them 1 by 1 and determined the answer as if i handnt seen the question before. So watch as your brain will sometimes remember the order of answers without you knowing, so this can throw u off when the order is different.

Thanks to Anton, Bolo, CoachGreece, Yako etc for the great help. The exam retires in 2 weeks so i can’t see any further new questions being added. Good luck

Just took and passed with 9XX today using reference of Anton’s file v1.3 and PassLeader pdf
Thanks all for the contribution.

1 SIM: Clientless VPN same as anton’s
1 D&D: Port-security violation

Adding more details into @Moha contributed new questions.

———————————————————————-
5*A Question about which device can help in compliance check for BYOD Device
A.Cisco ISE
B.X
C.X
D.X
————————————————
————————————————————-
9* Why is TACACS > RADIUS
A. TACACS combine authorization and authentication
B. TACACS decouple authorizatino and authentication
C. TACACS encrypt password only in access-request packet
D. TACACS encrypt the whole access-request packet
—————————————————-
13 Something like what resources can we use in a S2S VPN (2 options):
A. TACACS….
B. RADIUS….
C. NTP
D. Cisco AnyConnect
—————————————————-
14. A question about NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.
Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X
You need to choose which of the following is correct based on the configuration shown.
A. use MD5 hash
B. configure to trusted NTP
C.X
D.
—————————————————-

—————————————————-
15 IPS state when failed to identify an attack
A. false positive
B. false negative
C. true positive
D. true negative
—————————————————-

@Dropby

Yep..q13 was

Q13. Which of the following resources are required for IPSEC Site 2 Site VPN.

Options where

A. TACSAS+ (NOT TACACS)
B. Radius
C. NTP
D.Cisco Anyconnect

Anybody got any answers on this
13 Something like what resources can we use in a S2S VPN (2 options):
A. TACACS….
B. RADIUS….
C. NTP
D. Cisco AnyConnect

Yeah, does someone know the answers to these?

Hi all, I finished my exam today(7.2.20) with scores of 994.
1 sim Clientless ssl
1 DnD portsecurity
And nearly all other questions are from (C0achGreece.Yako.PassLeader&more-ByAnton_v1.3.pdf)
And there is like 10 or more new questions from various sections. But no worry at all Anton pdf is enoughed.
Link below and delete space to download cheer up guys and thanks anton and everybody who contribute in this site.

drive . google . com / open?id = 131HL9-QF-KyRJSTZZ-W4ufQNIvUdOx58

First, grats to all the people who passed the exam and big thanks for coming back and giving feedback – ppl like me can only help here thanks to ppl like you.
I cleaned up new questions a bit and provided some answers/explanations. It’s not much for now, but once we get more feedback, it will get better.

Q1. ASDM Steps to configure NAT in the ASA.
A. Configuration > Firewall > NAT Rules > Add
B.
C.
D.
ANSWER: A (this is how it looks in ASDM 7.5)

—–

Q2. Benefits/Advantages of using Cisco UCS (choose 2):
A. centralized monitoring and control
B. something related to lower cost
C. something about control on-premise and on the CLOUD
D.
ANSWER: ??

what I can get from the document
Industry leading BW
Consistent and low latency
lower infrastructure cost
Rack server deployment flexibility
regarding the part with cloud don’t know exactly how Cisco Intersight work

—–

Q3. ISAKMP SA status when VPN tunnels is formed: QM_IDLE
A. isakmp_qm_ready
B. isakmp_idle
C. isakmp_qm_idle
D.
ANSWER: QM_IDLE for IOS, AM_Active/MM_Active for ASA

—–

Q4. Features of MDM. Which are MDM two functions in BYOD. Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
A. something about using ISE that made sense for me…
B. Wipe data remotely
C.
D.
ANSWER: ?

PIN enforcement
strong password enforcement
jailbreak/root detection
data encryption
remote data wipe
DLP
secure application tunnels

—–

Q5. A Question about BYOD w/ Cisco ISE. A Question about which device can help in compliance check for BYOD Device. Question about ISE *which are MDM two functions in BYOD.
A.
B.
C.
D.
ANSWER: ?

—–

Q6. In which solution APM is working?
A. ESA
B. ASA
C. AnyConnect
D.
ANSWER:

—–

Q7. Where is File Reputation in Cisco AMP being executed?
A. Perimeter
B. Endpoint
C. ESA
D. Cloud
ANSWER: D

—–

Q8. How does an antimalware installed on an endpoint check for a malicious file?
A. File Reputation
B. Signature Checking
C. Context
D. Sandboxing
ANSWER: B

—–

Q9. Difference between RADIUS and TACACS (choose 2)?
A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypts password only in access-request packet
D. TACACS encrypts the whole access-request packet
ANSWER: B+D

—–

Q10. there were out of this world question regarding IPS that i can’t remember coz i got rattled
A.
B.
C.
D.
ANSWER: ?

—–

Q11. Something like what method to use to avoid MITM attacks:
A. Authentication
B.
C.
D.
ANSWER: A?

—–

Q12. Which of the following resources are required for IPSEC Site 2 Site VPN (choose 2?)
A. TACACS+
B. Radius
C. NTP
D. Cisco AnyConnect
ANSWER: C+D?

NTP is recommended (and sometimes required). If it’s 2 answers, then AnyConnect license is needed too, but since the question is incomplete (answer D doesn’t say license), it’s hard to say.

—–

Q13. A question about NTP. You need to choose which of the following is correct based on the configuration shown:

Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X

A. Use MD5 hash
B. Configure to trusted NTP
C.
D.
ANSWER: ?

Here’s what commands do:
ntp authentication-key 1 md5 sometexthere < define authentication key number 1, using MD5 hash
ntp authenticate < enable authentication
ntp trusted-key 1 < key number that NTP has to provide to be trusted
ntp source GigabitEthernet0/0 < interface that will receive NTP packets
ntp server X.X.X.X < NTP server IP from which packets will come

—–

Q14. IPS state when failed to identify an attack?
A. False positive
B. False negative
C. True positive
D. True negative

ANSWER: B

Cu in 350-701 SCOR

Can someone provide me Anton file/pdf please? Email: {email not allowed}

Can someone provide me Anton file/pdf please? anjanaranasinge @ gmail.com

@R A
Just scroll Up here in THIS Site … Look for User gia

one more new never seen question
old brain has only fragments of the question

refer exhibit
———————–
ip http server
ip http secure-port 8080
———————–
a enables secure http server on port 8080
b
c
d
one of 4 choices
indeed for a to be the right answer it should be
“ip http secure-server”

Q13. A question about NTP. You need to choose which of the following is correct based on the configuration shown:

Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X

A. Use MD5 hash
B. Configure to trusted NTP
C.
D.
ANSWER: ?,,,,

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)
A. Modifying packets
B. Requesting connection blocking
C. Denying packets
D. Resetting the TCP connection
E. Requesting host blocking F. Denying frames

Can anyone confirm if this question has been recently seen in the exam?

@Arslan
Anton’s file and new questions posted here is all you need, and all that appears on the exam.

@ Bolo

Thanks for confirming.

@Arslan
Promiscious IPS means its an IDS, so ist can only request Connection blocking and request Host blocking. Due to fact that ist is Not inline ist cannot handle Traffic by itself

@Dredv

Thanks for the explanation.

Anyone can add to these questions or complete them ?

Q1. ASDM Steps to configure NAT in the ASA.
A. Configuration > Firewall > NAT Rules > Add
B.
C.
D.
ANSWER: A (this is how it looks in ASDM 7.5)

—–

Q2. Benefits/Advantages of using Cisco UCS (choose 2):
A. centralized monitoring and control
B. something related to lower cost
C. something about control on-premise and on the CLOUD
D.
ANSWER: ??

what I can get from the document
Industry leading BW
Consistent and low latency
lower infrastructure cost
Rack server deployment flexibility
regarding the part with cloud don’t know exactly how Cisco Intersight work

—–

Q3. ISAKMP SA status when VPN tunnels is formed: QM_IDLE
A. isakmp_qm_ready
B. isakmp_idle
C. isakmp_qm_idle
D.
ANSWER: QM_IDLE for IOS, AM_Active/MM_Active for ASA

—–

Q4. Features of MDM. Which are MDM two functions in BYOD. Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
A. something about using ISE that made sense for me…
B. Wipe data remotely
C.
D.
ANSWER: ?

PIN enforcement
strong password enforcement
jailbreak/root detection
data encryption
remote data wipe
DLP
secure application tunnels

—–

Q5. A Question about BYOD w/ Cisco ISE. A Question about which device can help in compliance check for BYOD Device. Question about ISE *which are MDM two functions in BYOD.
A.
B.
C.
D.
ANSWER: ?

—–

Q6. In which solution APM is working?
A. ESA
B. ASA
C. AnyConnect
D.
ANSWER:

—–

Q7. Where is File Reputation in Cisco AMP being executed?
A. Perimeter
B. Endpoint
C. ESA
D. Cloud
ANSWER: D

—–

Q8. How does an antimalware installed on an endpoint check for a malicious file?
A. File Reputation
B. Signature Checking
C. Context
D. Sandboxing
ANSWER: B

—–

Q9. Difference between RADIUS and TACACS (choose 2)?
A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypts password only in access-request packet
D. TACACS encrypts the whole access-request packet
ANSWER: B+D

—–

Q10. there were out of this world question regarding IPS that i can’t remember coz i got rattled
A.
B.
C.
D.
ANSWER: ?

—–

Q11. Something like what method to use to avoid MITM attacks:
A. Authentication
B.
C.
D.
ANSWER: A?

—–

Q12. Which of the following resources are required for IPSEC Site 2 Site VPN (choose 2?)
A. TACACS+
B. Radius
C. NTP
D. Cisco AnyConnect
ANSWER: C+D?

NTP is recommended (and sometimes required). If it’s 2 answers, then AnyConnect license is needed too, but since the question is incomplete (answer D doesn’t say license), it’s hard to say.

—–

Q13. A question about NTP. You need to choose which of the following is correct based on the configuration shown:

Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X

A. Use MD5 hash
B. Configure to trusted NTP
C.
D.
ANSWER: ?

Here’s what commands do:
ntp authentication-key 1 md5 sometexthere < define authentication key number 1, using MD5 hash
ntp authenticate < enable authentication
ntp trusted-key 1 < key number that NTP has to provide to be trusted
ntp source GigabitEthernet0/0 < interface that will receive NTP packets
ntp server X.X.X.X < NTP server IP from which packets will come

—–

Q14. IPS state when failed to identify an attack?
A. False positive
B. False negative
C. True positive
D. True negative

ANSWER: B

@Bolo

As mentioned, i am 90% sure the question specified TACSAS+, not TACACS.

As TACSAS+ is not a real thing it cannot be the answer. I got stuck and went for NTP (correct) and Radius (unsure), it could be Anyconnect.

Q12. Which of the following resources are required for IPSEC Site 2 Site VPN (choose 2?)
A. TACSAS+
B. Radius
C. NTP
D. Cisco AnyConnect
ANSWER: C+D?

@CATS

Ok, thought it was a typo ;) Anyway, from those 4 answers only NTP makes sense, but it is too much to say it’s required. You can set up S2S tunnel without NTP. In theoretical worst case, if using certificates and dates are very wrong, it wouldn’t be possible to set up a tunnel. But usually, no problem, at least initially. SA flapping, expiry dates etc. would become a problem later on, at some stage after setting it up.

anyone took the exam today or planning to take it soon ?

@Cats
so the question mentioned exactly IPSec site to site, not point to site or IPSec VPN

Guys completed today. But completed the exam in 35 mins. Is there any issue. Got same as Anton’s file.few new questions

Congrats Krish.

How many questions were out of Anton’s file. Thanks

@Krish

can you complete/correct the questions posted by me or Bolo above and if you can remember what was your answers on them ? that would be much appreciated.

@ Krish
Sorry thought i said congrats

@CATS is not that question unfortunately
@Moha no, I just used original one
@dredv I’m working with ESA on work and from all solutions it was a best choose for me for my understanding.

@ZFK can you complete the questions posted by me or Bolo with the answers you choose in the exam if you can remember any would be great

I test on 20 Feb. Hopefully, Anton’s PDF is still enough to pass.

@Fortypopper i recommend that you keepfollowing the updates here as there are some new Qs added above posted by me and Bolo but still we don’t know there answers or the exact choices in the exam but people say that Anton’s file is enough.

download latest file here https://www.dumpssure.com/cisco/real-210-260-dumps-pdf.html

Passed today. Anton’s file is the TRUTH!

New Question

What is needed to create a site to site (S2S) VPN between two Cisco IOS devices:

A. Cisco AnyConnect
B. NTP
C. TACSAS+
D. RADIUS
E. CA

I chose B and D because they intentionally spell TACACS+ wrong.

Let me elaborate..as I see it.

A is wrong because the question about about site to site VPN’s. Cisco AnyConnect is for remote access…not site to site.

C is wrong because it’s misspelled.

E is wrong because you don’t need a CA for site to site. SSL VPN…sure, but not site to site.

That S2S VPN question really has 2 answers?
If it has two answers, the only 2 that make sense are NTP and CA. You need those two for S2S VPN using certificates.

@JNubia, did you use only Anton’s file for prepare?

@Bolo
you need CA when doing S2S using RSA not preshared key

The question doesn’t say how is S2S being set up. You need CA if you do it with certificates. Not for keys ofc.

The way this question is posted here, it doesn’t have an answer at all. Nothing from that list is required to set up S2S VPN. NTP is recommended to avoid problems, but not required. CA is only required when using certificates. Other options make no sense, unless AnyConnect refers to the license, which doesn’t seem to be the case ‘cos noone reported anything about license being mentioned in AnyConnect answer.

@JNubia if you can complete more questions please do questions posted by me or Bolo thanks in advance

@Bolo anyconnect license is only needed when using anyconnect right? as far as i know you don’t need anyconnect license for s2s right? So for me i’m with NTP and CA

Regarding

———————–
ip http server
ip http secure-port 8080
———————–

Im not sure but I think I read in any of the guides that this should activate https. With no need of “ip http secure-server”. What do you think, mates? Maybe I’m mixing with another feature, maybe the result of a show, but it was something like that. Even if it looked like only http, included https.

@Moha
They use AnyConnect as the name for different licenses (Plus, Apex, VPN-only etc.) – kinda confusing, but has (almost) nothing to do with AnyConnect client. Some features are only available with certain types of licenses, like 3rd party IKEv2 VPN clients require AnyConnectPlus license, clientless support is in AnyConnect Apex license etc.

I think S2S VPNs are covered by base license that comes with hardware.

@Paulinho
ip http server < enables HTTP server
To enable HTTPS use: ip http secure-server

ip http secure-port 8080 < changes the default port 443 to 8080 for HTTPS
To set port for HTTP use: ip http port

So, you posted a mix of configuration commands for HTTP/HTTPS

@All please update if you can
Updates on the questions

1*ASDM Steps to configure NAT in the ASA.
Answer: Configuration > Firewall > NAT > Add Rule
—————————————————————————-
2*Benefits of using Cisco UCS.
*Question about UCS server, it characteristic
*UCS Advantages (2 options among 5) – http s:// www. Cisco .com /c/dam/en/us/products/collateral/servers-unified-computing/ucs-solution-overview .pdf
a) centralized monitoring and control
b) something related to lower cost
x) something about control on-premise and on the CLOUD
What I can get from the document
Industry leading BW
Consistent and low latency
lower infrastructure cost
Rack server deployment flexibility
cloud management ready
———————————————————————
3*Isakmp SA status when VPN tunnels is formed: QM_IDLE
regarding how you would set up an ike tunnel for cisco ios
isakmp_qm_ready
isakmp_idle
isakmp_qm_idle
Ans: QM_Idle for phase 1 active on ios
AM_Active/MM_Active for ASA
—————————————————————————-
4* Features of MDM.
*which are MDM two functions in BYOD.
*Question about MDM features(read de chapter on 31 days before…. everything is there in one page)
a) something about using ISE that made sense for me…
b) Wipe data remotely
c) N/A
d) N/A
MDM features
PIN enforcement
strong password enforcement
jailbreak/root detection
data encryption
remote data wipe
DLP
secure application tunnels
———————————————————————-

5*A Question about BYOD w/ Cisco ISE
*Question about ISE
5*A Question about which device can help in compliance check for BYOD Device
A. Cisco ISE
B. N/A
C. N/A
D. N/A
ISE: While Cisco ISE provides critical policy functionality to enable the BYOD solution, it has limited awareness of device posture. For example, ISE has no awareness of whether a device has a PIN lock enforced or whether the device has been jailbroken or whether a device is encrypting data, etc. On the other hand, MDMs have such device posture awareness, but are quite limited as to network policy enforcement capacity.
Source: https:// www .cisco . com /c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_MDMs.html
————————————————
6* in which solution AMP is working:
A. ESA
B. ASA
C. AnyConect

Some say it’s implemented on ESA but for ASA you have to buy a module ?
For anyconnect it would be named AMP for endpoints I guess, so for ESA you need to turn it ON/ buy license.
Reference: https: // www. cisco. com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html
———————————————
7* Where is file reputation in cisco amp being executed
a – perimeter
b – endpoint
C – ESA
d – cloud
Ans: cloud using thread grid for unknown files/ for known files there should be a score for file reputation.
—————————————————–
8* how does an Antimalware installed on an endpoint check for a malicious file
a– file reputation
b– signature checking
c-context
d– sandboxing
Answer: B
————————————————————-
9* Difference bet radius and TACACS. The choices were diff from Anton I just chose the best answer for me.
9* Why is TACACS > RADIUS
A. TACACS combine authorization and authentication
B. TACACS decouple authorization and authentication
C. TACACS encrypt password only in access-request packet
D. TACACS encrypt the whole access-request packet
Ans: B, D

—————————————————-
10* there were out of this world question regarding IPS that i can’t remember coz i got rattled
————————————————–
11 Something like what method to use to avoid MITM attacks:
Ans: authentication
—————————————————————————–
12 Something like what resources can we use in a S2S VPN (2 options):
What is needed to create a site to site (S2S) VPN between two Cisco IOS devices:
A. Cisco AnyConnect
B. NTP
C. TACSAS+
D. RADIUS
E. CA

answer: B, E
———————————
13. A question about NTP. It shows the configuration of NTP including NTP trusted key and NTP authentication.
Device(config)#ntp authentication-key 1 md5 sometexthere
Device(config)#ntp authenticate
Device(config)#ntp trusted-key 1
Device(config)#ntp source GigabitEthernet0/0
Device(config)#ntp server X.X.X.X
You need to choose which of the following is correct based on the configuration shown.
A. use MD5 hash
B. configure to trusted NTP
C. N/A
D. N/A
answer: could be R1 is configured to a trusted NTP server, still not sure.
—————————————-

14 IPS state when failed to identify an attack
A. false positive
B. false negative
C. true positive
D. true negative

Ans: B
—————————————————
Q15 till now I’ve heard of two versions with almost the same answers
Version 1***** Refer the exhibit
# ip http server
#ip http secure-port 8080
A. enables secure http server on port 8080
B. standard https port
One of 4 choices
Indeed for a to be the right answer it should be “ip http secure-server”, if there is no command then it enables only http and set secure port for 8080

Version 2***** refer the exhibit which port the https is configured given the commands:
# ip http secure-server
# ip http secure-port 8080
these commands enables https on port 8080
A. enables secure http server on port 8080
B. standard https port

version 2 answer: A

@Bolo
Didn’t know we moved to new page sorry. so the answers that make sense somehow NTP and CA “certificate authority”

14 IPS state when failed to identify an attack
A. false positive
B. false negative
C. true positive
D. true negative

Ans: B…

@Anonymous
false negative is when the IPS fails to detect an attack
false positive detecting normal traffic as an attack
true positive detecting real attacks
true negative normal traffic is not detected as an attack
so in this case the answer is false negative

Hello,
On the exam there is really only 1 SIM with SSL VPN? No LAB to configure ACLs/NAT and MPF to allow ICMP?
Oh, and passing score is 860?
Thanks.

@Jan
the exam contains 1 sim for ASDM about asking about configuration on clientless VPN not to configure them
and one drag and drop
passing score is 860 yes

If the new CCNA is coming out in Feb and I already HAVE my CCNA and CCNP should I even bother to take this CCNA SECURITY 210-260 Test before February 24th? Is it worth taking at this point? Any options would be greatly appreciated. Thank you.

Any opinions sorry.