Cisco 500-260

Cisco ASA Express Security (SAEXS)

(Page 1 out of 4)
Showing 15 of 50 Questions
Exam Version: 6.0
Question No : 1 -

Which three options are characteristics of Web Type ACLs? (Choose three.)

  • A. They are assigned per-connection profile.
  • B. They are assigned per-user or per-group policy.
  • C. They can be defined in the Cisco AnyConnect Profile Editor.
  • D. They support URL pattern matching.
  • E. They support implicit deny all at the end of the ACL.
  • F. They support standard and extended WebType ACLs.

Answer : B,D,E



Question No : 2 -

Which statement describes what happens during a file-disposition check for malware?

  • A. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. If all pieces are clean, the original file is forwarded to the destination.
  • B. The managed device extracts all pieces of a file before calculating a hash on the complete file. Each piece is forwarded to the destination with the final piece being released if the entire file is deemed clean.
  • C. The managed device extracts all pieces of a file before calculating a hash on the complete file. If the entire file is deemed clean, it is forwarded to the destination.
  • D. The managed device extracts the pieces of file from the data stream, calculates a hash on each piece, and forwards each piece to the cloud for checking. All pieces are also forwarded to the destination with the last piece being forwarded if it is deemed clean.

Answer : B



Question No : 3 -

Which option best describes the role of an IoC?

  • A. tags on a host that indicate that an infection event has occurred
  • B. statically assigned target values on a host
  • C. a flag that indicates that a host operating system needs patching
  • D. an impact flag of an infection event

Answer : A



Question No : 4 -

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any
inside host on the 10.1.16.0/20 subnet?

  • A. http 10.1.16.0 0.0.0.0 inside
  • B. http 10.1.16.0 0.0.15.255 inside
  • C. http 10.1.16.0 255.255.240.0 inside
  • D. http 10.1.16.0 255.255.255.255

Answer : C



Question No : 5 -

On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI
configuration command?

  • A. inspect
  • B. sysopt connection
  • C. tcp-options
  • D. parameters
  • E. set connection advanced-options

Answer : E



Question No : 6 -

Files may be submitted to the cloud-based sandbox for dynamic analysis using which two
ports? (Choose two.)

  • A. TCP/443
  • B. TCP/80
  • C. TCP/3389
  • D. TCP/500
  • E. TCP/32137

Answer : A,E



Question No : 7 -

Refer to the exhibit.


Which command enables the stateful failover option?

  • A. failover link MYFAILOVER GigabitEthernet0/2
  • B. failover lan interface MYFAILOVER GigabitEthernet0/2
  • C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
  • D. preempt
  • E. failover group 1
  • F. primary
  • G. failover lan unit primary

Answer : A



Question No : 8 -

Which three options are assignable file dispositions? (Choose three.)

  • A. malware
  • B. unassigned
  • C. custom detection
  • D. user-defined
  • E. permit
  • F. unknown

Answer : A,C,F



Question No : 9 -

Which two settings are configurable as part of a health policy? (Choose two.)

  • A. time-synchronization status
  • B. user access
  • C. intrusion policy preferences
  • D. database status
  • E. advanced malware protection

Answer : A,E



Question No : 10 -

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Which three are characteristics of DTLS? (Choose three.)

  • A. It uses TLS to negotiate and establish DTLS connections.
  • B. It uses DTLS to transmit datagrams.
  • C. It is disabled by default.
  • D. It uses TLS for data packet retransmission.
  • E. It replaces underlying transport layer with UDP 443.
  • F. It uses TLS to provide low-latency video application tunneling.

Answer : A,B,E



Question No : 11 -

Based on this NAT command below, drag the IP address network object on the left to the
correct NAT address type on the right.
nat (inside,outside) source dynamic 10.0.1.0_obj 192.168.1.7_obj destination static
209.165.200.226_Server 209.165.201.21_Server


Answer :



Question No : 12 -

Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggests running the smart tunnel application.
Which three statements concerning smart tunnel applications are true? (Choose three.)

  • A. They support active FTP and other RTSP-based applications.
  • B. They do not require administrator privileges on the remote system.
  • C. They require the enabling of port forwarding.
  • D. They are supported on Windows and MAC OS X platforms.
  • E. They support native client applications over SSL VPN.
  • F. They require the modification of the Host file on the end-user PC.

Answer : B,D,E



Question No : 13 -

Which port should be allowed to support communications between Sourcefire User Agent
and FireSIGHT Management Center?

  • A. TCP/3306
  • B. TCP/3389
  • C. UDP/3389
  • D. TCP/443

Answer : A



Question No : 14 -

An SFR module has been installed in the adaptive security appliance. Which command
must be executed on the module to establish connectivity to FireSIGHT Management
Center?

  • A. system install manager
  • B. config manager fmc host
  • C. config manager add
  • D. system manager fmc

Answer : B



Question No : 15 -

Detection of an exploit kit that is installed on a device is an example of which IoC event
category?

  • A. security intelligence
  • B. IPS
  • C. malware
  • D. firewall

Answer : B



(Page 1 out of 4)
Showing of 50 Questions
Exam Version: 6.0