CCNP Security Practice Test | Threat Control (SITCS)

Which is not a requirement when connecting the Cisco WSA to the Active Directory?

A. Must set up account in domain

B. May need domain admin credentials

C. Define organizational directory

D. Register identity group in domain

Which statement best describes Cisco ASA (CX) NGFW access policies?

A. Eventing is off by default

B. Capture Packets is off by default

C. Eventing creates traffic test objects

D. Capture file uses ID tag as filename

Which authentication type is supported by LDAP?

A. NTLM

B. Kerberos

C. Basic

D. Advanced

Which statements about the PRSM GUI are true? (Choose three)

A. The PRSM GUI is used to configure policies

B. The PRSM GUI does not require configuration changes to be committed

C. The off-box PRSM GUI allows you to manage multiple device

D. The off-box PRSM GUI is used to manage traffic redirection

When configuring the NTLMSSP identification and authentication how many scheme options can be chosen from?

A. 4

B. 1

C. 3

D. 2

Which statements accurately apply to application objects? (Choose two)

A. They cannot contain other application objects

B. Or statements are used to connect objects

C. They contain applications and application types

D. They contain rows of service objects

Which Sender Group is assigned a throttled Mail Flow Policy?

A. Unknown List

B. Black List

C. Suspect List

D. White List

In which mode is the sensor able to detect attacks, but has limited preventative options?

A. Inline VLAN pair deployment

B. Inline interface pair deployment

C. Promiscuous mode deployment

D. Inline VLAN group deployment

Which two statements about Cisco Security IntelliShield Alert Manager are true? (Choose two)

A. It provides timely, accurate, and credible information.

B. Alert analysis is vendor-specific.

C. It includes historical coverage of more than 150,000 alerts.

D. It is customizable to deliver tailored information relevant to an organization.

E. Alert information is analyzed and validated through multi-vendor collaboration.

Which SMTP feature delivers messages on behalf of users?

A. MTA

B. DNS A record

C. Groupware Server

D. DNS Mail exchanger (MX) record

Which is not a signature feature required for Cisco IPS tuning?

A. Based on Attack Severity Rating

B. Relationship to important processes

C. Based on relevance to environment

D. The correlation between signatures

Which is a step in the Cisco Registered Envelope Service process?

A. Encryption key stored locally

B. Recipient request encryption key

C. Message is decrypted by sender

D. Encryption key sent with message

What is a feature of configuring the Cisco ESA listener?

A. Determine if public or private

B. Only operates on incoming emails

C. Requires SMTP authentication profile

D. Requires more than one interface

Which feature best describes the threat rating?

A. Represents the potential severity

B. Is always equal to the risk-rating

C. Does not consider preventive actions

D. Accounts for preventative actions

What range of web reputation scores would be associated with a site that is suspected of malicious content, but has not been confirmed?

A. -3 to 3

B. -6 to -3

C. -10 to -6

D. 0 to 5

Which best describes the Cisco ASA NGFW Services NGIPS Threat Profiles?

A. Threats based on behavior analysis

B. Shared IPS profiles for access policy

C. Signatures used to prevent threats

D. Threats assigned score of 1 to 10

What is the first step in configuring the Cisco Application Visibility and Control? (Choose two)

A. Enable the AVC engine

B. Define application control settings

C. Lookup URLs in the WSA URL database

D. Perform dynamic analysis

Which is not an Outbreak Intelligence Scanlet technique?

A. Virtualized Script Emulation

B. Structural Content Investigation

C. Deep Content Analysis

D. Malware Inspection Agent

Which Cisco ESA feature do you need to configure to list all local domains in which you plan to accept messages?

A. HAT

B. RAT

C. MTA

D. SIO

Which is not a required field in creating a URL object?

A. URL

B. Ticket ID

C. Destination

D. Web Category

Which method results in reduced false negatives?

A. Narrow event-counting signatures

B. Disable anti-evasion methods

C. Limit header-matching signatures

D. Create a custom signature

Which best describes the function of the event action filters?

A. Fine tuning to remove true positives

B. Remove actions for certain scenarios

C. Apply actions to the filtered results

D. Used to search for specific events

Which three Cisco Security IntelliShield Alert Manager roles may receive notifications? (Choose three)

A. IntelliShield Manager

B. IntelliShield Administrator

C. Group Manager

D. Group Administrator

E. Viewer

Which step of the active authentication process involves the Active Directory?

A. Authentication result sent to NG

B. Establishing HTTP connection

C. Browser authentication request

D. Browser connection to Cisco ASA

Which statements accurately describe the Cisco WSA adaptive scanning feature? (Choose three)

A. It automatically determines which scanning engine will be used

B. It allows Web Reputation scores to be edited

C. It is enabled in the Security Services area

D. It requires Web Reputation Filters be enabled

Which two statements regarding Cisco ESA spam quarantine are true? (Choose two)

A. An external quarantine supersedes an internal.

B. Cisco ESA supports external spam quarantines.

C. A local quarantine supersedes an external.

D. Cisco ESA supports only Cisco Content Security Management appliances as external quarantines.

What is a function of the IDS?

A. Prevents unauthorized access

B. Generates an alert

C. Takes actions to stop misuse

D. Stops network abuse

Which is not a configuration option for matching decryption policies to security requirements?

A. Certificate initialization method

B. Enable activate authorization

C. Basic constraints extension to critical

D. Enable decryption policies

What is a characteristic of the Cisco WSA explicit proxy mode?

A. Network infrastructure redirects client requests to proxy server

B. Client resolves hostname of target web server

C. Client directs traffic to proxy server

D. No client configuration is required

Which HTTP proxy decryption setting would be used if the administrator wanted users to be notified why a URL request was blocked?

A. Decrypt for Application Detection

B. Decrypt for End-User Acknowledgement

C. Decrypt for End-User Notification

D. Decrypt for Authentication

Identify the statements that accurately apply to NGFW URL objects. (Choose two)

A. They can identify traffic based on URLs

B. They are part of the HTTP request header

C. They can use wildcard characters for matching

D. They are used to identify LDAP users

What needs to be enabled before user access can be controlled based on a URL category?

A. Context Adaptive Scanning Engine

B. Cisco IronPort Web Usage Controls

C. Outbound Malware Scanning

D. Web Proxy Auto-Discovery

Which configuration represents the number of hours that the user-to-IP address mapping is maintained?

A. Group refresh interval

B. Failed authentication timeout

C. Maximum authentication attempts

D. Authentication session duration

Which statements accurately apply to the Cisco PRSM licensing? (Choose three)

A. On-box Cisco PRSM does not require a license

B. The Off-box Cisco PRSM license expires annually

C. The Off-box Cisco PRSM license supports 5, 10 or 25 devices licenses

D. Off-box Cisco PRSM offers a 90 day evaluation license

Which are steps in configuring the Cisco ASA using ASDM to integrate with the Cisco CWS?

A. Create a new traffic class

B. Set up to three servers

C. Set Whitelists for restrictions

D. Nest a 3-4 policy under a 5-7 policy

Which two options are components of the Cisco WSA architecture? (Choose two)

A. WBRS

B. Real-time Eventing

C. Anti-spam

D. Anti-malware

Which is a function of the RAT?

A. Specifies list of local domains

B. Defines control rules

C. Defines remote hosts

D. Determine sender's reputation

Which technology can be implemented to monitor abnormal web activity to aid in protecting network content?

A. WCCP

B. ESA

C. PAC

D. WSA

Which is not a step in configuring Cisco ASA to download Cisco AnyConnect Web Security Module to the client machine?

A. Name the new policy

B. Add Web Security Module group policy

C. Determine client profiles to download

D. Configure settings in the Advanced page

Which IPS threat profile would you use if the Cisco IPS is primarily used for protecting ICS?

A. SCADA

B. Edge

C. Data Center

D. Web Applications

Which is not a required field in the Create File filtering profile screen?

A. Tag

B. Object type

C. Allow file uploads

D. Ticket ID

Which is the most aggressive Inline action?

A. Deny Connection Inline

B. Deny Attacker-Service Pair

C. Deny Attacker-Victim Pair

D. Deny Attacker Inline

Which is not a step taken to configure anomaly detection on an IPS sensor?

A. Define ignored IP addresses

B. Configure anomaly detection zones

C. Place sensor in learning mode for 6 hours

D. Configure anomaly detection actions

How many anomaly detection signatures does the Traffic Anomaly signature engine contain?

A. 9

B. 13000

C. 13008

D. 18

Which is a feature of HATs?

A. HATs read from bottom to top

B. Utilizes mail flow policies

C. Not all listeners require a HAT

D. Only configurable for Public listeners

Which two commands are used to copy an IP log file with a "2247" ID to the logs/iplogs shared folder on FTPSRV1? (Choose two)

A. sensor# copy iplog 2247 ftp://[email protected]/FTPSRV1/logs/iplogs

B. sensor# |b copy iplog 2247 ftp://FTPSRV1/logs/iplogs//[email protected] |p

C. sensor# |b copy iplog 2247 ftp://[email protected]/logs/iplogs |p

D. sensor# |b copy ftp://[email protected]/logs/iplogs iplog 2247 |p

Which represents built-in signatures that can be modified?

A. Sub signatures

B. Tuned signatures

C. Default signatures

D. Custom signatures

Which is not the right configuration for connecting WCCP to ASA?

A. Enable the WCCP service group

B. Create access-list with client servers

C. Identify the service to be redirected

D. Create traffic redirection access-list

Which is not a benefit of the inline interface pair mode deployment?

A. Effective preventative actions

B. Normalizes traffic

C. No false negatives

D. Never impacts the network

Which three statements about the Cisco AVC engine are true? (Choose three)

A. It can restrict access to adult content on some content-sharing sites.

B. Applications can be detected by signatures downloaded from Cisco Security Intelligence Operations.

C. It uses the CASE engine to detect and inspect web applications that use HTTPS.

D. A full understanding of the design of each application is required to control application activity.

E. It can limit bandwidth consumed by some application types to control congestion.

Which is not a required configuration task when setting event action overrides?

A. Globally enable event action overrides

B. Tune the risk category actions

C. Set the event action identifications

D. Specify actions to add in risk category

What is a feature of a policy group?

A. Apply use policies to user categories

B. Applies restrictions to a single user

C. Can be based on group usage and cost

D. They are user define configurations

Which password would meet the Cisco IME secure password requirements?

A. s7$$0Ev

B. Lmp!78!$$

C. ww0472ty

D. 4580SgTTT#$r

Which component of the risk rating formula represents the potential damage?

A. TVR

B. ASR

C. SFR

D. ARR

Which is not a tool used for troubleshooting identity policies?

A. Event viewer

B. Dashboard users screen

C. Test connections

D. Devices tab

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?