500-258|To maintain employee productivity, employee access is restricted

Question: 15

To maintain employee productivity, employee access is restricted based on application, user, device, and location. Which two licenses are needed to allow administrators to enforce company policy? (Choose two.)

A. AVC
B. Botnet Filtering
C. IPS for NGFW
D. WSE
E. AnyConnect Premium

Answer: A,D

500-258 Sample Question : 14

Question: 14

Which three statements about the FirePOWER appliance are true? (Choose three.)

A. has three platforms: 6000 Series, 7000 Series, and 8000 Series
B. supports NGIPS with contextual aware
C. scales up to 100 Gb/s IPS throughputs
D. supports advanced malware protection
E. supports application control/URL filtering

Answer: BDE

500-258 Sample Question : 13

Question : 13

Which three options are characteristics of WebType ACLs? (Choose three.)

A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.

Answer : BDE

500-258 Sample Question : 12

Question : 12

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues. Choose three characteristics of DTLS.(Choose three.)

A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.

Answer : ABE

500-258 Sample Question : 11

Question : 11

When preconfiguring a Cisco AnyConnect profile for the user group, which file is output by the Cisco AnyConnect profile editor?

A. user.ini
B. user.html
C. user.pcf
D. user.xml

Answer : D

500-258 Sample Question : 9

Question : 9

Refer to the exhibit.

Untitled

Which traffic is permitted on the inside interface without any interface ACLs configured?

A. any IP traffic input to the inside interface
B. any IP traffic input to the inside interface destined to any lower security level interfaces
C. only HTTP traffic input to the inside interface
D. only HTTP traffic output from the inside interface
E. No input traffic is permitted on the inside interface.
F. No output traffic is permitted on the inside interface.

Answer : C

500-258 Sample Question : 8

Question : 8

When the Cisco ASA appliance is processing packets, which action is performed first?

A. Check if the packet is permitted or denied by the inbound interface ACL.
B. Check if the packet is permitted or denied by the outbound interface ACL.
C. Check if the packet is permitted or denied by the global ACL.
D. Check if the packet matches an existing connection in the connection table.
E. Check if the packet matches an inspection policy.
F. Check if the packet matches a NAT rule.

Answer : D

500-258 Sample Question : 7

Question : 7

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001.The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.

A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001
access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001
access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established
access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500
access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0
access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established
access-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500

Answer : A,G

500-258 Sample Question : 6

Question : 6

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Answer : A,B,E,F

500-258 Sample Question : 5

Question : 5

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Answer : A,C

Free 500-258 Test Free exam questions answers. These Q&A online braindumps are free to use for your 500-258 Test Free practice test. We keep adding more questions so keep coming to get dumps.

Leave a Comment.