Get Full Version of the Exam
http://www.EnsurePass.com/210-260.html
Question No.51
Which statement about communication over failover interfaces is true?
A. |
All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. |
B. |
All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. |
C. |
All information that is sent over the failover and stateful failover interfaces is encrypted by default. |
D. |
User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text. |
Correct Answer: A
Question No.52
If a packet matches more than one class map in an individual feature type#39;s policy map, how does the ASA handle the packet?
A. |
The ASA will apply the actions from only the first matching class map it finds for the feature type. |
B. |
The ASA will apply the actions from only the most specific matching class map it finds for the feature type. |
C. |
The ASA will apply the actions from all matching class maps it finds for the feature type. |
D. |
The ASA will apply the actions from only the last matching class map it finds for the feature type. |
Correct Answer: A
Question No.53
For what reason would you configure multiple security contexts on the ASA firewall?
A. |
To separate different departments and business units. |
B. |
To enable the use of VRFs on routers that are adjacently connected. |
C. |
To provide redundancy and high availability within the organization. |
D. |
To enable the use of multicast routing and QoS through the firewall. |
Correct Answer: A
Question No.54
What is an advantage of placing an IPS on the inside of a network?
A. |
It can provide higher throughput. |
B. |
It receives traffic that has already been filtered. |
C. |
It receives every inbound packet. |
D. |
It can provide greater security. |
Correct Answer: B
Question No.55
What is the FirePOWER impact flag used for?
A. |
A value that indicates the potential severity of an attack. |
B. |
A value that the administrator assigns to each signature. |
C. |
A value that sets the priority of a signature. |
D. |
A value that measures the application awareness. |
Correct Answer: A
Question No.56
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A. |
Rate-Based Prevention |
B. |
Portscan Detection |
C. |
IP Defragmentation |
D. |
Inline Normalization |
Correct Answer: A
Question No.57
Which Sourcefire logging action should you choose to record the most detail about a connection?
A. |
Enable logging at theend of the session. |
B. |
Enable logging at thebeginning of the session. |
C. |
Enable alerts via SNMP to log events off-box. |
D. |
Enable eStreamer to log events off-box. |
Correct Answer: A
Question No.58
What can the SMTP preprocessor in FirePOWER normalize?
A. |
It can extract and decode email attachments in client to server traffic. |
B. |
It can look up the email sender. |
C. |
It compares known threats to the email sender. |
D. |
It can forward the SMTP traffic to anemail filter server. |
E. |
It uses the Traffic Anomaly Detector. |
Correct Answer: A
Question No.59
You want to allow all of your company#39;s users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two).
A. |
Configure a proxy server to hide users#39; local IP addresses. |
B. |
Assign unique IP addresses to all users. |
C. |
Assign the same IP address to all users. |
D. |
Install a Web content filter to hide users#39; local IP addresses. |
E. |
Configure a firewall to use Port Address Translation. |
Correct Answer: AE
Question No.60
You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address?
A. |
Create a whitelist and add the appropriate IP address to allow the traffic. |
B. |
Create a custom blacklist to allow the traffic. |
C. |
Create a user based access control rule to allow the traffic. |
D. |
Create a network based access control rule to allow the traffic. |
E. |
Create a rule to bypass inspection to allow the traffic. |
Correct Answer: A
Get Full Version of 210-260 Dumps