500-260 Best Training Material and Practice Test Q&A from CertLibrary.com

Question 1

When deploying clientless SSL VPN advanced application access, the administrator needs to collect information about the end-user system. Which three input parameters of an end- user system are important for the administrator to identify? (Choose three.)

A. types of applications and application protocols that are supported
B. types of encryption that are supported on the end-user system
C. the local privilege level of the remote user
D. types of wireless security that are applied to the end-user tunnel interface
E. types of operating systems that are supported on the end-user system
F. type of antivirus software that is supported on the end-user system

Answer : ACE

Question 2

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Answer : AC

Question 3

Drag the correct three access list entries (from the left) and drop them (on the right) in order that is used when the interface ACL and global ACL are configured. Not all access list entries are required.

Answer :

Question 4

On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?

A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options

Answer : E

Question 5

Drag and drop each advanced application deployment option on the left to its correct definition on the right.

Answer :

Question 6

Refer to the exhibit.

When the user "contractor" Cisco AnyConnect tunnel is established, what type of Cisco
ASA user restrictions are applied to the tunnel?

A. full restrictions (no Cisco ASDM, no CLI, no console access)
B. full restrictions (no read, no write, no execute permissions)
C. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only)
D. full access with no restrictions

Answer : D

Question 7

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

A. RIP (v1 and v2)
B. OSPF
C. IS-IS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Answer : A,B,E,F

Question 8

Files may be submitted to the cloud-based sandbox for dynamic analysis using which two ports? (Choose two.)

A. TCP/443
B. TCP/80
C. TCP/3389
D. TCP/500
E. TCP/32137

Answer : AE

Question 9

Refer to the exhibit.

After a remote user established a Cisco AnyConnect session from a wireless card through the Cisco ASA appliance of a partner to a remote server, the user opened the Cisco
AnyConnect VPN Client Statistics Details screen. What are the two sources of the IP addresses that are marked A and B? (Choose two.)

A. IP address that is assigned to the wireless Ethernet adapter of the remote user
B. IP address that is assigned to the remote user from the Cisco ASA address pool
C. IP address of the Cisco ASA physical interface of the partner
D. IP address of the Cisco ASA virtual HTTP server of the partner
E. IP address of the default gateway router of the remote user
F. IP address of the default gateway router of the partner

Answer : BC

Question 10

Which three action ranges are in the NG IPS profile? (Choose three.)

A. block only
B. block and monitor
C. block and do not monitor
D. allow only
E. allow and monitor
F. allow and do not monitor

Answer : B,E,F

Question 11

An access policy that uses URL reputation values is defined. Which option best describes what happens if a reputation is not available for a URL?

A. The URL check is not triggered, and the default policy action is applied.
B. The URL check fails, and the traffic is dropped.
C. The URL check is unknown, and the traffic is quarantined.
D. The URL check is not triggered and, by default, the user is prompted to take an action to permit or deny.

Answer : A

Question 12

Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggests running the smart tunnel application.
Which three statements concerning smart tunnel applications are true? (Choose three.)

A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.

Answer : BDE

Question 13

In which two ways is the Cisco ASA CWS subscription licensed? (Choose two.)

A. term only
B. term and seat
C. term and application
D. term and session
E. free with purchase of WSE 5-year term subscription license

Answer : AB

Question 14

Which license is required on the Cisco ASA NGFW for an administrator to manage it securely from a remote laptop?

A. AnyConnect Endpoint Assessment
B. AnyConnect Premium
C. AnyConnect for Mobile
D. AnyConnect for Cisco VPN phone
E. Cisco Secure Desktop

Answer : B

Question 15

Which security technique should be implemented to remediate after a threat is discovered?

A. NGIPS ruleset
B. retrospection
C. web security deployment
D. application control