Cisco ASA Express Security v6.0 (500-258)

Page:    1 / 4   
Total 55 questions

When preconfiguring a Cisco AnyConnect profile for the user group, which file is output by the Cisco AnyConnect profile editor?

  • A. user.ini
  • B. user.html
  • C. user.pcf
  • D. user.xml


Answer : D

Which three methods are the most effective for an NGFW administrator to determine the
URL category of a website? (Choose three.)

  • A. Select the site from the Web Destinations dashboard.
  • B. Google it.
  • C. Enter the URL into the NGFW search field.
  • D. Select an event with the website as the destination in the event viewer.
  • E. Submit the URL to https://securityhub.cisco.com.
  • F. Open a TAC case at http://cisco.com/tac.
  • G. Search for the site on the components objects screen.


Answer : A,D,E

Which Cisco ASA NGFW license is needed to allow a high-school security administration to implement policy to allow student access to high-reputation sites only?

  • A. AVC
  • B. Botnet Traffic Filtering
  • C. WSE
  • D. IPS for NGFW
  • E. AnyConnect Premium


Answer : C

Refer to the exhibit.


Which command enables the stateful failover option?

  • A. failover link MYFAILOVER GigabitEthernet0/2
  • B. failover lan interface MYFAILOVER GigabitEthernet0/2
  • C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
  • D. preempt
  • E. failover group 1
  • F. primary
  • G. failover lan unit primary


Answer : A




Answer :

When deploying clientless SSL VPN advanced application access, the administrator needs to collect information about the end-user system. Which three input parameters of an end- user system are important for the administrator to identify? (Choose three.)

  • A. types of applications and application protocols that are supported
  • B. types of encryption that are supported on the end-user system
  • C. the local privilege level of the remote user
  • D. types of wireless security that are applied to the end-user tunnel interface
  • E. types of operating systems that are supported on the end-user system
  • F. type of antivirus software that is supported on the end-user system


Answer : A,C,E

Which option describes what client-based access control enables?

  • A. access to specific applications or general types of applications
  • B. access based on the user, regardless of their device or IP address
  • C. access to otherwise high-reputation web sites while preventing advertisements or other material on the site hosted from external low-reputation sites
  • D. access based on the HTTP user agent being used to initiate a traffic flow


Answer : D

When establishing a Cisco AnyConnect SSL VPN tunnel, a system administrator wants to restrict remote home office users to either print to their local printer or send the remaining traffic down the Cisco AnyConnect SSL VPN tunnel (with restricted Internet access).
Choose both a tunnel policy option and an ACL type to accomplish this design goal.
(Choose two.)

  • A. tunnel all networks
  • B. tunnel network list below
  • C. exclude network list from the tunnel
  • D. standard ACL
  • E. web ACL
  • F. extended ACL


Answer : C,D




Answer :




Answer :

Which three statements about the FirePOWER appliance are true? (Choose three.)

  • A. has three platforms: 6000 Series, 7000 Series, and 8000 Series
  • B. supports NGIPS with contextual aware
  • C. scales up to 100 Gb/s IPS throughputs
  • D. supports advanced malware protection
  • E. supports application control/URL filtering


Answer : B,D,E

On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the
NAT table or NAT operations? (Choose two.)

  • A. The NAT table has four sections.
  • B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
  • C. Auto NAT also is referred to as Object NAT.
  • D. Auto NAT configurations are found only in the first (top) section of the NAT table.
  • E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
  • F. Twice NAT is required for hosts on the inside to be accessible from the outside.


Answer : B,C

The "HTTPS decryption" feature is enabled with the default settings and decryption and
IPS policies have been applied to the traffic.
Which statement describes what happens when a client connects to a server with an untrusted certificate?

  • A. The HTTPS traffic is decrypted but not inspected by the IPS.
  • B. The HTTPS traffic is dropped and is not decrypted or inspected by the IPS.
  • C. The HTTPS traffic is decrypted, inspected by the IPS, and dropped if a threat is identified.
  • D. The HTTPS traffic is not decrypted but is inspected by the IPS and dropped if a threat is identified.
  • E. The HTTPS traffic is forwarded to the client but is not decrypted or inspected.


Answer : B




Answer :

Which three options are predefined policy objects for the Cisco ASA NGFW? (Choose three.)

  • A. URL
  • B. application
  • C. useragent
  • D. access
  • E. elements
  • F. system


Answer : A,B,C

Page:    1 / 4   
Total 55 questions