Cisco ASA Express Security v6.0 (500-258)

Page:    1 / 4   
Total 55 questions

Which statement describes how users create their own (custom) application signatures with the Cisco ASA NGFW?

  • A. Wait for the Cisco application signatures update.
  • B. Add multiple applications into a new object, which can be used in policies.
  • C. Create rules for interesting applications that they care about, and assign an action for that rule.
  • D. Define applications based on URL, FQDN, user agents, IP addresses, or ports.


Answer : D

To maintain employee productivity, employee access is restricted based on application, user, device, and location.
Which two licenses are needed to allow administrators to enforce company policy?
(Choose two.)

  • A. AVC
  • B. Botnet Filtering
  • C. IPS for NGFW
  • D. WSE
  • E. AnyConnect Premium


Answer : A,D

Refer to the exhibit.


Which statement describes the effect of the access policy?

  • A. SSH traffic is blocked only on TCP port 22.
  • B. SSH traffic is blocked on any port.
  • C. Traffic that matches the access policy is logged in the PRMS event viewer.
  • D. SSH traffic is captured automatically.


Answer : B

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Choose three characteristics of DTLS. (Choose three.)

  • A. It uses TLS to negotiate and establish DTLS connections.
  • B. It uses DTLS to transmit datagrams.
  • C. It is disabled by default.
  • D. It uses TLS for data packet retransmission.
  • E. It replaces underlying transport layer with UDP 443.
  • F. It uses TLS to provide low-latency video application tunneling.


Answer : A,B,E

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?

  • A. http 10.1.16.0 0.0.0.0 inside
  • B. http 10.1.16.0 0.0.15.255 inside
  • C. http 10.1.16.0 255.255.240.0 inside
  • D. http 10.1.16.0 255.255.255.255


Answer : C

Which NGFW component collects user details so that access policies can match traffic based on this information?

  • A. directory realms
  • B. identity policies
  • C. authentication settings
  • D. CDA or Active Directory agent


Answer : B

You are configuring bookmarks for the clientless SSL VPN portal without the use of plug- ins. Which three bookmark types are supported? (Choose three.)

  • A. RDP
  • B. HTTP
  • C. FTP
  • D. CIFS
  • E. SSH
  • F. Telnet


Answer : B,C,D

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

  • A. RIP (v1 and v2)
  • B. OSPF
  • C. ISIS
  • D. BGP
  • E. EIGRP
  • F. Bidirectional PIM
  • G. MOSPF
  • H. PIM dense mode


Answer : A,B,E,F

Refer to the exhibit.


Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?

  • A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
  • B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
  • C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
  • D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
  • E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
  • F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2


Answer : F

To which two policy types can an administrator apply a web reputation profile to implement reputation-based processing? (Choose two.)

  • A. access policies that permit traffic
  • B. access policies that deny traffic
  • C. decryption policies that decrypt potentially malicious traffic
  • D. universal access policies
  • E. NAT policies for ASAs that operate in multiple device mode
  • F. packet capture policies that perform global capture of dropped packets


Answer : A,C

Which statement about the on-box version of PRSM is true?

  • A. Cisco ASA NGFW comes preinstalled with a version of PRSM.
  • B. The on-box PRSM can support up to five NGFW modules.
  • C. The on-box PRSM license can be applied to the off-box version of PRSM.
  • D. Cisco ASA NGFW requires an ESXi license to run on-box PRSM.


Answer : A

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

  • A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
  • B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
  • C. Time-based licenses are stackable in duration but not in capacity.
  • D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.


Answer : A,C

In which two ways is the Cisco ASA CWS subscription licensed? (Choose two.)

  • A. term only
  • B. term and seat
  • C. term and application
  • D. term and session
  • E. free with purchase of WSE 5-year term subscription license


Answer : A,B

Which license is required on the Cisco ASA NGFW for an administrator to manage it securely from a remote laptop?

  • A. AnyConnect Endpoint Assessment
  • B. AnyConnect Premium
  • C. AnyConnect for Mobile
  • D. AnyConnect for Cisco VPN phone
  • E. Cisco Secure Desktop


Answer : B

You are an NGFW administrator at a local school and want to take appropriate steps to limit exposure to explicit content for students.
Which access policy action is the most effective with the least impact?

  • A. Limit bandwidth to 200 Kb/s.
  • B. Filter MIME image file types.
  • C. Enable IPS for NGFW.
  • D. Enforce Safe Search.
  • E. Block sites with poor web reputation.


Answer : D

Page:    1 / 4   
Total 55 questions