Issuu on Google+

CertBus.com

500-258 Q&As Cisco ASA Express Security Pass Cisco 500-258 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: http://www.CertBus.com/500-258.html 100% Passing Guarantee 100% Money Back Assurance

Following Questions and Answers are all new published by Cisco Official Exam Center

Instant Download After Purchase 100% Money Back Guarantee 365 Days Free Update 80000+ Satisfied Customers


Vendor: Cisco

Exam Code: 500-258

Exam Name: Cisco ASA Express Security

Version: Demo


100% Real Q&As | 100 Real Pass | CertBus.com Question Set 1 QUESTION 1 On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command? A. B. C. D. E.

inspect sysopt connection tcp-options parameters set connection advanced-options

Correct Answer: E QUESTION 2 Refer to the exhibit.

Which command enables the stateful failover option? A. B. C. D. E. F.

failover link MYFAILOVER GigabitEthernet0/2 failover lan interface MYFAILOVER GigabitEthernet0/2 failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10 preempt failover group 1 primary failover lan unit primary

Correct Answer: A QUESTION 3 In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application? A. B. C. D. E. F.

TCP normalizer TCP intercept ip verify command established command tcp-map and tcp-options commands set connection advanced-options command

Correct Answer: D

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


100% Real Q&As | 100 Real Pass | CertBus.com

QUESTION 4 Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet? A. B. C. D.

http 10.1.16.0 0.0.0.0 inside http 10.1.16.0 0.0.15.255 inside http 10.1.16.0 255.255.240.0 inside http 10.1.16.0 255.255.255.255

Correct Answer: C QUESTION 5 Refer to the exhibit.

Which traffic is permitted on the inside interface without any interface ACLs configured? A. B. C. D. E. F.

any IP traffic input to the inside interface any IP traffic input to the inside interface destined to any lower security level interfaces only HTTP traffic input to the inside interface only HTTP traffic output from the inside interface No input traffic is permitted on the inside interface. No output traffic is permitted on the inside interface.

Correct Answer: C QUESTION 6 On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.) A. The NAT table has four sections. B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table. C. Auto NAT also is referred to as Object NAT. D. Auto NAT configurations are found only in the first (top) section of the NAT table. E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table. F. Twice NAT is required for hosts on the inside to be accessible from the outside. Correct Answer: BC QUESTION 7 Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


100% Real Q&As | 100 Real Pass | CertBus.com A. B. C. D.

Identical licenses are not required on the primary and secondary Cisco ASA appliance. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys. Time-based licenses are stackable in duration but not in capacity. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Correct Answer: AC QUESTION 8 Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.) A. B. C. D. E. F. G. H.

RIP (v1 and v2) OSPF ISIS BGP EIGRP Bidirectional PIM MOSPF PIM dense mode

Correct Answer: ABEF QUESTION 9 Refer to the exhibit.

Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table? A. B. C. D. E. F.

route dmz 10.2.2.0 0.0.0.255 172.16.1.10route dmz 10.3.3.0 0.0.0.255 172.16.1.11 route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1 route dmz 10.2.2.0 0.0.0.255 172.16.1.10route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2 route dmz 10.2.2.0 255.255.255.0 172.16.1.10route dmz 10.3.3.0 255.255.255.0 172.16.1.11 route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1route dmz 10.3.3.0 255.255.255.0 172.16.1.11 route dmz 10.2.2.0 255.255.255.0 172.16.1.10route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2

Correct Answer: F QUESTION 10 Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.) An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range. A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001access-group INSIDE in interface inside B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001access- list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq establishedaccess- group INSIDE in interface inside C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500access-group OUTSIDE in interface outside

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


100% Real Q&As | 100 Real Pass | CertBus.com D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq establishedaccess-group OUTSIDE in interface outside E. established tcp 2001 permit udp 5000-5500 F. established tcp 2001 permit from udp 5000-5500 G. established tcp 2001 permit to udp 5000-5500 Correct Answer: AG QUESTION 11 When the Cisco ASA appliance is processing packets, which action is performed first? A. B. C. D. E. F.

Check if the packet is permitted or denied by the inbound interface ACL. Check if the packet is permitted or denied by the outbound interface ACL. Check if the packet is permitted or denied by the global ACL. Check if the packet matches an existing connection in the connection table. Check if the packet matches an inspection policy. Check if the packet matches a NAT rule.

Correct Answer: D QUESTION 12 Select and Place:

Correct Answer:

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


100% Real Q&As | 100 Real Pass | CertBus.com

QUESTION 13 Select and Place:

Correct Answer:

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


100% Real Q&As | 100 Real Pass | CertBus.com

Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt


Why Select/Choose CertBus.com? Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material. • 7000+ Real Questions and Answers • 6000+ Free demo downloads available • 50+ Preparation Labs • 20+ Representatives Providing 24/7 Support


To Read the Whole Q&As, please purchase the Complete Version from Our website.

Trying our product ! ★ 100% Guaranteed Success ★ 100% Money Back Guarantee ★ 365 Days Free Update ★ Instant Download After Purchase ★ 24x7 Customer Support ★ Average 99.9% Success Rate ★ More than 69,000 Satisfied Customers Worldwide ★ Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle

Need Help Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket:

Guarantee & Policy | Privacy & Policy | Terms & Conditions Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners. Copyright © 2004-2015, All Rights Reserved.


Certbus cisco 500-258 study materials braindumps with real exam