Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Cisco Official New Released 500-258
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/500-258.html
Cisco ASA Express Security
Question No: 11
Which three statements about the FirePOWER appliance are true? (Choose three.)
-
has three platforms: 6000 Series, 7000 Series, and 8000 Series
-
supports NGIPS with contextual aware
-
scales up to 100 Gb/s IPS throughputs
-
supports advanced malware protection
-
supports application control/URL filtering
Answer: B,D,E
Question No: 12
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
-
The NAT table has four sections.
-
Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
-
Auto NAT also is referred to as Object NAT.
-
Auto NAT configurations are found only in the first (top) section of the NAT table.
-
The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
-
Twice NAT is required for hosts on the inside to be accessible from the outside.
Answer: B,C
Question No: 13
The quot;HTTPS decryptionquot; feature is enabled with the default settings and decryption and IPS policies have been applied to the traffic.
Which statement describes what happens when a client connects to a server with an untrusted certificate?
-
The HTTPS traffic is decrypted but not inspected by the IPS.
-
The HTTPS traffic is dropped and is not decrypted or inspected by the IPS.
-
The HTTPS traffic is decrypted, inspected by the IPS, and dropped if a threat is identified.
-
The HTTPS traffic is not decrypted but is inspected by the IPS and dropped if a threat is identified.
-
The HTTPS traffic is forwarded to the client but is not decrypted or inspected.
Answer: B
Question No: 14 DRAG DROP
Answer:
Question No: 15
Which three options are predefined policy objects for the Cisco ASA NGFW? (Choose three.)
-
URL
-
application
-
useragent
-
access
-
elements
-
system
Answer: A,B,C
Question No: 16
Which two options are identity policy types? (Choose two.)
-
known
-
unknown
-
active
-
passive
-
white-list
-
black-list
Answer: C,D
Question No: 17
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001
access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established
access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-
5500
access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established
access-group OUTSIDE in interface outside
-
established tcp 2001 permit udp 5000-5500
-
established tcp 2001 permit from udp 5000-5500
-
established tcp 2001 permit to udp 5000-5500
Answer: A,G
Question No: 18
Refer to the exhibit.
A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel.
From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?
-
quot;engineeringquot; Group Policy
-
quot;contractorquot; Connection Profile
-
DefaultWEBVPNGroup Group Policy
-
DefaultRAGroup Group Policy
-
quot;engineer1quot; AAA/Local Users
Answer: A
Question No: 19 DRAG DROP
Answer:
Question No: 20
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
-
TCP normalizer
-
TCP intercept
-
ip verify command
-
established command
-
tcp-map and tcp-options commands
-
set connection advanced-options command
Answer: D
100% Ensurepass Free Download!
–Download Free Demo:500-258 Demo PDF
100% Ensurepass Free Guaranteed!
–500-258 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF