210-260 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam
http://www.EnsurePass.com/210-260.html

Question No.61

A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware.

A.

Enable URL filtering on the perimeterrouter and add the URLs you want to block to the router#39;s local URL list.

B.

Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router#39;s local URL list.

C.

Enable URL filtering on the perimeterrouter and add the URLs you want to allow to thefirewall#39;s local URL list.

D.

Create a blacklist that contains the URL you want toblock and activate the blacklist on theperimeter router.

E.

Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.

Correct Answer: A

Question No.62

When is the best time to perform an anti-virus signature update?

A.

Every time a new update is available.

B.

When the local scanner has detected a new virus.

C.

When a new virus is discovered in the wild.

D.

When the system detects a browser hook.

Correct Answer: A

Question No.63

Which statement about application blocking is true?

A.

It blocks access to specific programs.

B.

It blocks access to files with specific extensions.

C.

It blocks access to specific network addresses.

D.

It blocks access to specific network services.

image

Correct Answer: A

Question No.64

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.

To see all the menu options available on the left navigation pane, you may also need to un- expand the expanded menu first.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

Which four tunneling protocols are enabled in the DfltGrpPolicy group policy? (Choose four)

A.

Clientless SSL VPN

B.

SSL VPN Client

C.

PPTP

D.

L2TP/IPsec

E.

IPsec IKEv1

F.

IPsec IKEv2

Correct Answer: ADEF

Explanation:

By clicking one the Configuration-gt; Remote Access -gt; Clientless CCL VPN Access-gt; Group Policies tab you can view the DfltGrpPolicy protocols as shown below:

image

Question No.65

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.

To see all the menu options available on the left navigation pane, you may also need to un- expand the expanded menu first.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?

A.

AAA with LOCAL database

B.

AAA with RADIUS server

C.

Certificate

D.

Both Certificate and AAA with LOCAL database

E.

Both Certificate and AAA with RADIUS server

Correct Answer: A

Explanation:

This can be seen from the Connection Profiles Tab of the Remote Access VPN configuration, where the alias of test is being used.

image

Question No.66

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.

To see all the menu options available on the left navigation pane, you may also need to un- expand the expanded menu first.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

Which two statements regarding the ASA VPN configurations are correct? (Choose two)

A.

The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_TrustPoint1.

B.

The DefaultWEBVPNGroup Connection Profile is using the AAA with RADIUS server method.

C.

The Inside-SRV bookmark references the https://192.168.1.2 URL.

D.

Only Clientless SSL VPN access is allowed with the Sales group policy.

E.

AnyConnect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface.

F.

The Inside-SRV bookmark has not been applied to the Sales group policy.

Correct Answer: BC

Explanation:

For B:

image

For C, Navigate to the Bookmarks tab:

image

Then hit 鈥渆dit鈥?and you will see this:

image

Not A, as this is listed under the Identity Certificates, not the CA certificates:

image

Note E:

image

Question No.67

Scenario

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.

To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.

To see all the menu options available on the left navigation pane, you may also need to un- expand the expanded menu first.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

When users login to the Clientless SSLVPN using https://209.165.201.2/test, which group policy will be applied?

A.

test

B.

clientless

C.

Sales

D.

DfltGrpPolicy

E.

DefaultRAGroup

F.

DefaultWEBVPNGroup

Correct Answer: C

Explanation:

First navigate to the Connection Profiles tab as shown below, highlight the one with the test alias:

image

Then hit the 鈥渆dit鈥?button and you can clearly see the Sales Group Policy being applied.

image

Question No.68

Scenario

Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements.

New additional connectivity requirements:

Currently, the ASA configurations only allow on the Inside and DMZ networks to access any hosts on the Outside. Your task is to use ASDM to configure the ASA to also allow any host only on the Outside to HTTP to the DMZ server. The hosts on the Outside will need to use the 209.165.201.30 public IP address when HTTPing to the DMZ server.

Currently, hosts on the ASA higher security level interfaces are not able to ping any hosts on the lower security level interfaces. Your task in this simulation is to use ASDM to enable the ASA to dynamically allow the echo-reply responses back through the ASA.

Once the correct ASA configurations have been configured:

You can test the connectivity tohttp://209.165.201.30from the Outside PC browser.

You can test the pings to the Outside (www.cisco.com) by opening the inside PC command prompt window. In this simulation, only testing pings towww.cisco.comwill work.

To access ASDM, click the ASA icon in the topology diagram.

To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.

To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.

Note:

After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes.

Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements.

In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

Correct Answer:

Follow the explanation part to get answer on this sim question.

First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can be given any name.

image

Then, create the firewall rules to allow the HTTP access:

image

You can verify using the outside PCto HTTP into209.165.201.30.

For step two, to be able to ping hosts on the outside, we edit the last service policy shown below:

image

And then check the ICMP box only as shown below, then hit Apply.

image

After that is done, we can pingwww.cisco.comagain to verify:

image

Question No.69

Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method?

A.

aaa authentication enable console LOCAL SERVER_GROUP

B.

aaa authentication enable console SERVER_GROUP LOCAL

C.

aaa authentication enable console local

D.

aaa authentication enable console LOCAL

Correct Answer: D

Question No.70

Which of the following statements about access lists are true? (Choose three.)

A.

Extended access lists should be placed as near as possible to the destination

B.

Extended access lists should be placed as near as possible to the source

C.

Standard access lists should be placed as near as possible to the destination

D.

Standard access lists should be placed as near as possible to the source

E.

Standard access lists filter on the source address

F.

Standard access lists filter on the destination address

Correct Answer: BCE

Get Full Version of 210-260 Dumps

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com