Cisco 500-260 Dumps
Exam: Cisco ASA Express Security
Free 500-260 Exam Questions in VCE Format
Cisco 500-260 Exam Tutorial
Question No : 1
Which three options are characteristics of Web Type ACLs? (Choose three.)
A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.
Question No : 2
Which statement describes what happens during a file-disposition check for malware?
A. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. If all pieces are clean, the original file is forwarded to the destination.
B. The managed device extracts all pieces of a file before calculating a hash on the complete file. Each piece is forwarded to the destination with the final piece being released if the entire file is deemed clean.
C. The managed device extracts all pieces of a file before calculating a hash on the complete file. If the entire file is deemed clean, it is forwarded to the destination.
D. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. All pieces are also forwarded to the destination with the last piece being forwarded if it is deemed clean.
Question No : 3
Which option best describes the role of an IoC?
A. tags on a host that indicate that an infection event has occurred
B. statically assigned target values on a host
C. a flag that indicates that a host operating system needs patching
D. an impact flag of an infection event
Question No : 4
Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any
inside host on the 10.1.16.0/20 subnet?
A. http 10.1.16.0 0.0.0.0 inside
B. http 10.1.16.0 0.0.15.255 inside
C. http 10.1.16.0 255.255.240.0 inside
D. http 10.1.16.0 255.255.255.255
Question No : 5
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI
B. sysopt connection
E. set connection advanced-options
Question No : 6
Files may be submitted to the cloud-based sandbox for dynamic analysis using which two
ports? (Choose two.)
Question No : 7
Refer to the exhibit.
Which command enables the stateful failover option?
A. failover link MYFAILOVER GigabitEthernet0/2
B. failover lan interface MYFAILOVER GigabitEthernet0/2
C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
E. failover group 1
G. failover lan unit primary
Question No : 8
Which three options are assignable file dispositions? (Choose three.)
C. custom detection
Question No : 9
Which two settings are configurable as part of a health policy? (Choose two.)
A. time-synchronization status
B. user access
C. intrusion policy preferences
D. database status
E. advanced malware protection
Question No : 10
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Which three are characteristics of DTLS? (Choose three.)
A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.
Question No : 11
Based on this NAT command below, drag the IP address network object on the left to the
correct NAT address type on the right.
nat (inside,outside) source dynamic 10.0.1.0_obj 192.168.1.7_obj destination static
Question No : 12
Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggests running the smart tunnel application.
Which three statements concerning smart tunnel applications are true? (Choose three.)
A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.
Question No : 13
Which port should be allowed to support communications between Sourcefire User Agent
and FireSIGHT Management Center?
Question No : 14
An SFR module has been installed in the adaptive security appliance. Which command
must be executed on the module to establish connectivity to FireSIGHT Management
A. system install manager
B. config manager fmc host
C. config manager add
D. system manager fmc
Question No : 15
Detection of an exploit kit that is installed on a device is an example of which IoC event
A. security intelligence
Question No : 16
Which three Fire POWER services features require a subscription license? (Choose three.)
A. URL filtering
C. high availability
F. identity visibility
Question No : 17
Refer to the exhibit.
A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From
the information shown, where should the engineer navigate to, in order to find all the
postlogin session parameters?
A. "engineering" Group Policy
B. "contractor" Connection Profile
C. DefaultWEBVPNGroup Group Policy
D. DefaultRAGroup Group Policy
E. "engineer1" AAA/Local Users
Question No : 18
Refer to the exhibit.
Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing
A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2
Question No : 19
Which option is correct for configuring the SRF for passive, out-of-band traffic evaluation?
A. sfr fail-close oob
B. sfr monitor-only
C. sfr fail-open monitor-only
D. sfr passive-mode
Question No : 20
Which security technique should be implemented to remediate after a threat is discovered?
A. NGIPS ruleset
C. web security deployment
D. application control