Flydumps Cisco 500-258 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco https://www.pass4itsure.com/500-258.html exam objectives.You will find them to be very helpful and precise in the subject matter since all the Cisco 500-258 exam content is regularly updated and has been checked for accuracy by our team of SAP expert professionals.
Question Set 1 QUESTION 1
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options
Correct Answer: E QUESTION 2
Refer to the exhibit.
Which command enables the stateful failover option?
A. failover link MYFAILOVER GigabitEthernet0/2
B. failover lan interface MYFAILOVER GigabitEthernet0/2
C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
D. preempt
E. failover group 1 primary
F. failover lan unit primary
Correct Answer: A
QUESTION 3
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
A. TCP normalizer
B. TCP intercept
C. ip verify command
D. established command
E. tcp-map and tcp-options commands
F. set connection advanced-options command
Correct Answer: D QUESTION 4
Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?
A. http 10.1.16.0 0.0.0.0 inside
B. http 10.1.16.0 0.0.15.255 inside
C. http 10.1.16.0 255.255.240.0 inside
D. http 10.1.16.0 255.255.255.255
Correct Answer: C QUESTION 5
Refer to the exhibit.
Which traffic is permitted on the inside interface without any interface ACLs configured?
A. any IP traffic input to the inside interface
B. any IP traffic input to the inside interface destined to any lower security level interfaces
C. only HTTP traffic input to the inside interface
D. only HTTP traffic output from the inside interface
E. No input traffic is permitted on the inside interface.
F. No output traffic is permitted on the inside interface.
Correct Answer: C
QUESTION 6
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.
Correct Answer: BC
QUESTION 7
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.
Correct Answer: AC
QUESTION 8
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode
Correct Answer: ABEF
QUESTION 9
Refer to the exhibit.
Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?
A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10route dmz 10.3.3.0 0.0.0.255 172.16.1.11
B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10route dmz 10.3.3.0 255.255.255.0 172.16.1.11
E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1route dmz 10.3.3.0 255.255.255.0 172.16.1.11
F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2
Correct Answer: F
QUESTION 10
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001access- list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq establishedaccess- group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq establishedaccess-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500
Correct Answer: AG
QUESTION 11
When the Cisco ASA appliance is processing packets, which action is performed first?
A. Check if the packet is permitted or denied by the inbound interface ACL.
B. Check if the packet is permitted or denied by the outbound interface ACL.
C. Check if the packet is permitted or denied by the global ACL.
D. Check if the packet matches an existing connection in the connection table.
E. Check if the packet matches an inspection policy.
F. Check if the packet matches a NAT rule.
Correct Answer: D
QUESTION 12
Select and Place:
Correct Answer:
Correct Answer:
Worried about Cisco https://www.pass4itsure.com/500-258.html exam pass results? Adopt most reliable way of exam preparation that is Cisco 500-258 exam Questions & Answers with explanations to get reliable Cisco 500-258 exam pass result.Flydumps definitely guarantees it!