[Full Version] 2017 Updated Lead2pass Cisco 500-260 Exam Questions (61-70)

2017 January Cisco Official New Released 500-260 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

How to 100% pass 500-260 exam? Lead2pass provides the guaranteed 500-260 exam preparation material to boost up your confidence in 500-260 exam. Successful candidates have provided their reviews about our 500-260 dumps. Now Lead2pass supplying the new version of 500-260 VCE and PDF dumps. We ensure our 500-260 exam questions are the most complete and authoritative compared with others’, which will ensure your 500-260 exam pass.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/500-260.html

QUESTION 61
How is the NGFW AVC subscription licensed?

A.    term
B.    seat
C.    application
D.    session

Answer: A

QUESTION 62
Which Cisco ASA NGFW license is needed to allow a high-school security administration to implement policy to allow student access to high-reputation sites only?

A.    AVC
B.    Botnet Traffic Filtering
C.    WSE
D.    IPS for NGFW
E.    AnyConnect Premium

Answer: C

QUESTION 63
To which two policy types can an administrator apply a web reputation profile to implement reputation-based processing? (Choose two.)

A.    access policies that permit traffic
B.    access policies that deny traffic
C.    decryption policies that decrypt potentially malicious traffic
D.    universal access policies
E.    NAT policies for ASAs that operate in multiple device mode
F.    packet capture policies that perform global capture of dropped packets

Answer: AC

QUESTION 64
Which three methods are the most effective for an NGFW administrator to determine the URL category of a website? (Choose three.)

A.    Select the site from the Web Destinations dashboard.
B.    Google it.
C.    Enter the URL into the NGFW search field.
D.    Select an event with the website as the destination in the event viewer.
E.    Submit the URL to https://securityhub.cisco.com.
F.    Open a TAC case at http://cisco.com/tac.
G.    Search for the site on the components objects screen.

Answer: ADE

QUESTION 65
Which option is the typical web reputation range for sites that tend to be well managed, responsible content syndication networks, and user-generated content sites?

A.    -10 to -6
B.    -6 to -3
C.    -3 to 3
D.    0 to 5
E.    5 to 10

Answer: C

QUESTION 66
You are an NGFW administrator at a local school and want to take appropriate steps to limit exposure to explicit content for students.
Which access policy action is the most effective with the least impact?

A.    Limit bandwidth to 200 Kb/s.
B.    Filter MIME image file types.
C.    Enable IPS for NGFW.
D.    Enforce Safe Search.
E.    Block sites with poor web reputation.

Answer: D

QUESTION 67
Which three elements can an administrator use to control access to network resources through context-aware access policies? (Choose three.)

A.    5-tuple characteristics
B.    time of day
C.    certificate fields
D.    HTTP client type
E.    application
F.    geo-location data
G.    VPN client

Answer: ADE

QUESTION 68
Which NGFW component collects user details so that access policies can match traffic based on this information?

A.    directory realms
B.    identity policies
C.    authentication settings
D.    CDA or Active Directory agent

Answer: B

QUESTION 69
Which option describes what client-based access control enables?

A.    access to specific applications or general types of applications
B.    access based on the user, regardless of their device or IP address
C.    access to otherwise high-reputation web sites while preventing advertisements or other material on the site hosted from external low-reputation sites
D.    access based on the HTTP user agent being used to initiate a traffic flow

Answer: D

QUESTION 70
Which two options are identity policy types? (Choose two.)

A.    known
B.    unknown
C.    active
D.    passive
E.    white-list
F.    black-list

Answer: CD

The Cisco 500-260 exam questions from Lead2pass are the most reliable guide for Cisco exam. We offer the latest 500-260 PDF and VCE dumps with new version VCE player for free download, and the newest 500-260 dump ensures your exam 100% pass. A large number of successful candidates have shown a lot of faith in our 500-260 exam dumps. If you want pass the Cisco 500-260 exam, please choose Lead2pass.

500-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDUVRuaVllQi1YNlE

2017 Cisco 500-260 exam dumps (All 79 Q&As) from Lead2pass:

http://www.lead2pass.com/500-260.html [100% Exam Pass Guaranteed]

Comments are closed.