Cisco 500-260 Dumps

Exam: Cisco ASA Express Security

Play Cisco 500-260 VCE files with Avanset VCE Simulator
 

Cisco 500-260 Exam Tutorial

Showing 1-20 of 50 Questions   (Page 1 out of 3)


Question No : 1

Which three options are characteristics of Web Type ACLs? (Choose three.)

A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.


Question No : 2

Which statement describes what happens during a file-disposition check for malware?

A. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. If all pieces are clean, the original file is forwarded to the destination.
B. The managed device extracts all pieces of a file before calculating a hash on the complete file. Each piece is forwarded to the destination with the final piece being released if the entire file is deemed clean.
C. The managed device extracts all pieces of a file before calculating a hash on the complete file. If the entire file is deemed clean, it is forwarded to the destination.
D. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. All pieces are also forwarded to the destination with the last piece being forwarded if it is deemed clean.


Question No : 3

Which option best describes the role of an IoC?

A. tags on a host that indicate that an infection event has occurred
B. statically assigned target values on a host
C. a flag that indicates that a host operating system needs patching
D. an impact flag of an infection event


Question No : 4

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any
inside host on the 10.1.16.0/20 subnet?

A. http 10.1.16.0 0.0.0.0 inside
B. http 10.1.16.0 0.0.15.255 inside
C. http 10.1.16.0 255.255.240.0 inside
D. http 10.1.16.0 255.255.255.255


Question No : 5

On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI
configuration command?

A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options


Question No : 6

Files may be submitted to the cloud-based sandbox for dynamic analysis using which two
ports? (Choose two.)

A. TCP/443
B. TCP/80
C. TCP/3389
D. TCP/500
E. TCP/32137


Question No : 7

Refer to the exhibit.
Cisco 500-260 question 7
Which command enables the stateful failover option?

A. failover link MYFAILOVER GigabitEthernet0/2
B. failover lan interface MYFAILOVER GigabitEthernet0/2
C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
D. preempt
E. failover group 1
F. primary
G. failover lan unit primary


Question No : 8

Which three options are assignable file dispositions? (Choose three.)

A. malware
B. unassigned
C. custom detection
D. user-defined
E. permit
F. unknown


Question No : 9

Which two settings are configurable as part of a health policy? (Choose two.)

A. time-synchronization status
B. user access
C. intrusion policy preferences
D. database status
E. advanced malware protection


Question No : 10

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Which three are characteristics of DTLS? (Choose three.)

A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.


Question No : 11

Based on this NAT command below, drag the IP address network object on the left to the
correct NAT address type on the right.
nat (inside,outside) source dynamic 10.0.1.0_obj 192.168.1.7_obj destination static
209.165.200.226_Server 209.165.201.21_Server
Cisco 500-260 question 11


Question No : 12

Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggests running the smart tunnel application.
Which three statements concerning smart tunnel applications are true? (Choose three.)

A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.


Question No : 13

Which port should be allowed to support communications between Sourcefire User Agent
and FireSIGHT Management Center?

A. TCP/3306
B. TCP/3389
C. UDP/3389
D. TCP/443


Question No : 14

An SFR module has been installed in the adaptive security appliance. Which command
must be executed on the module to establish connectivity to FireSIGHT Management
Center?

A. system install manager
B. config manager fmc host
C. config manager add
D. system manager fmc


Question No : 15

Detection of an exploit kit that is installed on a device is an example of which IoC event
category?

A. security intelligence
B. IPS
C. malware
D. firewall


Question No : 16

Which three Fire POWER services features require a subscription license? (Choose three.)

A. URL filtering
B. AVC
C. high availability
D. AMP
E. IPS
F. identity visibility


Question No : 17

Refer to the exhibit.
Cisco 500-260 question 17
A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From
the information shown, where should the engineer navigate to, in order to find all the
postlogin session parameters?

A. "engineering" Group Policy
B. "contractor" Connection Profile
C. DefaultWEBVPNGroup Group Policy
D. DefaultRAGroup Group Policy
E. "engineer1" AAA/Local Users


Question No : 18

Refer to the exhibit.
Cisco 500-260 question 18
Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing
table?

A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2


Question No : 19

Which option is correct for configuring the SRF for passive, out-of-band traffic evaluation?

A. sfr fail-close oob
B. sfr monitor-only
C. sfr fail-open monitor-only
D. sfr passive-mode


Question No : 20

Which security technique should be implemented to remediate after a threat is discovered?

A. NGIPS ruleset
B. retrospection
C. web security deployment
D. application control


Showing 1-20 of 50 Questions   (Page 1 out of 3)

Close

Close
SPECIAL OFFER: GET 30% OFF

Exam-Labs PREMIUM Files

Get 30% Discount on all Exam-Labs.com PREMIUM files!



Enter Your Email Address to Receive Your 30% Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.