Cisco 500-260 Dumps

Exam: Cisco ASA Express Security

Free 500-260 Exam Questions in VCE Format
File Votes Size Last comment
2 493.48 KB  
Play Cisco 500-260 VCE files with Avanset VCE Simulator

Cisco 500-260 Exam Tutorial

Showing 1-20 of 50 Questions   (Page 1 out of 3)

Question No : 1

Which three options are characteristics of Web Type ACLs? (Choose three.)

A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.

Question No : 2

Which statement describes what happens during a file-disposition check for malware?

A. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. If all pieces are clean, the original file is forwarded to the destination.
B. The managed device extracts all pieces of a file before calculating a hash on the complete file. Each piece is forwarded to the destination with the final piece being released if the entire file is deemed clean.
C. The managed device extracts all pieces of a file before calculating a hash on the complete file. If the entire file is deemed clean, it is forwarded to the destination.
D. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. All pieces are also forwarded to the destination with the last piece being forwarded if it is deemed clean.

Question No : 3

Which option best describes the role of an IoC?

A. tags on a host that indicate that an infection event has occurred
B. statically assigned target values on a host
C. a flag that indicates that a host operating system needs patching
D. an impact flag of an infection event

Question No : 4

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any
inside host on the subnet?

A. http inside
B. http inside
C. http inside
D. http

Question No : 5

On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI
configuration command?

A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options

Question No : 6

Files may be submitted to the cloud-based sandbox for dynamic analysis using which two
ports? (Choose two.)

A. TCP/443
B. TCP/80
C. TCP/3389
D. TCP/500
E. TCP/32137

Question No : 7

Refer to the exhibit.
Cisco 500-260 question 7
Which command enables the stateful failover option?

A. failover link MYFAILOVER GigabitEthernet0/2
B. failover lan interface MYFAILOVER GigabitEthernet0/2
C. failover interface ip MYFAILOVER standby
D. preempt
E. failover group 1
F. primary
G. failover lan unit primary

Question No : 8

Which three options are assignable file dispositions? (Choose three.)

A. malware
B. unassigned
C. custom detection
D. user-defined
E. permit
F. unknown

Question No : 9

Which two settings are configurable as part of a health policy? (Choose two.)

A. time-synchronization status
B. user access
C. intrusion policy preferences
D. database status
E. advanced malware protection

Question No : 10

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Which three are characteristics of DTLS? (Choose three.)

A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.

Question No : 11

Based on this NAT command below, drag the IP address network object on the left to the
correct NAT address type on the right.
nat (inside,outside) source dynamic destination static
Cisco 500-260 question 11

Question No : 12

Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggests running the smart tunnel application.
Which three statements concerning smart tunnel applications are true? (Choose three.)

A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.

Question No : 13

Which port should be allowed to support communications between Sourcefire User Agent
and FireSIGHT Management Center?

A. TCP/3306
B. TCP/3389
C. UDP/3389
D. TCP/443

Question No : 14

An SFR module has been installed in the adaptive security appliance. Which command
must be executed on the module to establish connectivity to FireSIGHT Management

A. system install manager
B. config manager fmc host
C. config manager add
D. system manager fmc

Question No : 15

Detection of an exploit kit that is installed on a device is an example of which IoC event

A. security intelligence
C. malware
D. firewall

Question No : 16

Which three Fire POWER services features require a subscription license? (Choose three.)

A. URL filtering
C. high availability
F. identity visibility

Question No : 17

Refer to the exhibit.
Cisco 500-260 question 17
A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From
the information shown, where should the engineer navigate to, in order to find all the
postlogin session parameters?

A. "engineering" Group Policy
B. "contractor" Connection Profile
C. DefaultWEBVPNGroup Group Policy
D. DefaultRAGroup Group Policy
E. "engineer1" AAA/Local Users

Question No : 18

Refer to the exhibit.
Cisco 500-260 question 18
Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing

A. route dmz route dmz
B. route dmz 1 route dmz 1
C. route dmz route dmz 2
D. route dmz route dmz
E. route dmz 1 route dmz 1
F. route dmz route dmz 2

Question No : 19

Which option is correct for configuring the SRF for passive, out-of-band traffic evaluation?

A. sfr fail-close oob
B. sfr monitor-only
C. sfr fail-open monitor-only
D. sfr passive-mode

Question No : 20

Which security technique should be implemented to remediate after a threat is discovered?

A. NGIPS ruleset
B. retrospection
C. web security deployment
D. application control

Showing 1-20 of 50 Questions   (Page 1 out of 3)



Exam-Labs PREMIUM Files

Get 30% Discount on all PREMIUM files!

Enter Your Email Address to Receive Your 30% Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.