CCNP Security Practice Test | Threat Control (SITCS)

Cisco Practice Tests

Exam: 300-207

Question 1 / 55

90:00

Which is not a feature of the Cisco ASA (CX) NGFW TLS/SSL decryption operations?

A. Decrypts TLS traffic across all ports

B. Can utilise self-signed certificates

C. Operates exclusively on port 443

D. Utilises user-uploaded certificates

Which is not a feature of LDAP version 3?

A. Enable Transparent User Identification

B. Uses secure LDAP

C. Is unsecured

D. Utilises port 636

What symbol indicates that a web page is blocked due to a web filtering policy?

A. Red circle with an "x" inside

B. Green box with a checkmark

C. "Blocked" text in a rectangle

D. Blue triangle with vertical line

What best describes the function of the trace tool?

A. Trace the configuration steps

B. Follow the user activity

C. Tests real transactions

D. Test configured policies

Which two actions would you perform to throttle the total bandwidth that can be used by streaming media for all users on the network? (Choose two)

A. Configure overall bandwidth limit

B. Enable Cisco IronPort Web Usage Controls

C. Enable Cisco AVC

D. Configure user bandwidth limit

Which is not a feature of web reputation profile?

A. Has values between 11 and -11

B. Combines variables and factors

C. Uses a statistical assessment

D. Based on historic behaviour

Which statement is true regarding Cisco ASA CX decryption policies?

A. They can only decrypt traffic over port 443

B. A self-signed or customer-uploaded certificate must be used

C. They can be used to decrypt TLS, SSL, and SSH traffic

D. A separate encryption policy must be configured to re-encrypt the traffic

Which is a feature of reputation filters?

A. Adjust event risk rating

B. Second line of defense

C. List of blocked addresses

D. Based on a reputation score

What functionality does Cisco ESA provide?

A. It is used to detect typical malicious or suspicious network activity using signatures

B. It is used to filter unsolicited and malicious e-mail

C. It is used to control user access based on the Web server category of a particular HTTP or HTTPS request

D. It is used to control the amount of bandwidth used for particular application types

Which Cisco IPS component provides zero-day protection?

A. Signature engine

B. Custom signature

C. Anomaly detection

D. Event action filter

Where is the Cisco Cloud Web Security placed in a typical modular network?

A. Campus Access

B. Branch

C. Internet Edge

D. Data Center

Which statements about Cisco ASA (CX) NGFW licensing are true? (Choose three)

A. The Web Security Essentials license enables URL filtering

B. The AVC license enables application inspections

C. One license is required for every 5 Cisco ASA (CX) NGFW device

D. Cisco ASA (CX) NGFW comes with a 60-day evaluation license

Which two tactics does the Outbreak Filters use to protect clients? (Choose two)

A. Apply DLP at the end of the outgoing mail-processing queue.

B. Enable DLP on the Cisco ESA with HIPPA technology.

C. Apply DLP on incoming mail policies.

D. Apply DLP on outgoing mail policies.

E. Apply DLP on incoming and outgoing mail policies.

F. Enable and use DLP with a license key.

Which two statements about using Cisco IME to configure shared policies are true? (Choose two)

A. Up to five shared policies can be defined at any given time

B. Policy names must be less than 32 characters long

C. Shared policies can be deployed to multiple sensors

D. Policies do not retain connections to their source

Which client side authentication scheme that authenticates client credentials using a three-way handshake?

A. Basic

B. LDAP

C. NTLMSSP

D. NTLM

What CLI command will have the Cisco IPS module inspect all traffic before being able to pass through Cisco ASA and block all traffic if the module fails?

A. ips promiscuous fail-open

B. |b ips promiscuous fail-close |p

C. |b ips inline fail-close |p

D. |b ips inline fail-open |p

Which three Cisco Security IntelliShield Alert Manager roles may receive notifications? (Choose three)

A. IntelliShield Manager

B. IntelliShield Administrator

C. Group Manager

D. Group Administrator

E. Viewer

You need to configure Cisco CWS proxy server details on the Cisco ASA using the CLI. Refer to the options below. Which set of commands will correctly redirect traffic to the primary and backup proxy servers?

A. Option D

B. Option A

C. Option C

D. Option B

Which is not a benefit of the promiscuous mode deployment?

A. It is very simple to deploy

B. Doesn't impact network performance

C. It normalizes the network traffic

D. Network remains available upon failure

What can capture traffic based on various OSI Layer 3 and Layer 4 criteria?

A. SPAN

B. VACL

C. RSPAN

D. FSPAN

Which is not a function of the deobfuscation feature?

A. Fully protects custom signatures

B. Enable conversion of HTTP data to ASCII

C. Prevents format based attacks

D. Mitigate application layer evasion

Which is a benefit of the inline VLAN group mode?

A. Few preventative actions

B. Selective in VLAN inspection

C. Does not normalizes traffic

D. Requires less configuration

Which is a feature of the Cisco ASA Cloud Web Security feature?

A. Supported in multi-context mode

B. Compatible with Cisco ASA CX

C. Supported with ASA clustering

D. It is supported in transparent mode

Which is not a step in configuring the Cloud Web Security connector on Cisco ISR G2 router?

A. Configure web security parameters

B. Disable content scanning on egress

C. K9 feature license required

D. Generate company key in ScanCenter

Which statements accurately apply to the HTTPS proxy operation? (Choose two)

A. HTTPS proxy certificates cannot be preloaded

B. HTTP Proxy is enabled by default

C. Policies can be defined to determine if HTTPS connections can proceed without examination

D. WSA can act as an SSL proxy

Which three modes can be configured when assigning event action overrides to virtual sensors? (Choose three)

A. Strict Evasion Protection mode

B. Normalizer mode

C. HTTPS Advanced Decoding mode

D. Anomaly detection operational mode

E. Inline TCP session tracking mode

Which is not a configuration option for matching decryption policies to security requirements?

A. Certificate initialization method

B. Enable activate authorization

C. Basic constraints extension to critical

D. Enable decryption policies

Which term associated with the Intrusion Prevention Systems refers to the likelihood that a threat using a specific attack will exploit a vulnerability and lead to an undesirable consequence?

A. Threat

B. Risk

C. Exploit

D. Vulnerability

Which anomaly detection zone are non-allocated addresses placed in?

A. Not allocated

B. Internal zone

C. Illegal zone

D. External zone

What needs to be enabled before user access can be controlled based on a URL category?

A. Context Adaptive Scanning Engine

B. Cisco IronPort Web Usage Controls

C. Outbound Malware Scanning

D. Web Proxy Auto-Discovery

Which is not a feature of the Cisco WSA authentication?

A. Can track employees’ internet usage

B. Track and report users by location

C. Enforces different policies for groups

D. Integrates with existing security tools

Which network intrusion prevention approach uses network behavior analysis?

A. Statistical Anomaly-Based IPS

B. Protocol Verification Anomaly-Based IPS

C. Policy-Based IPS

D. Signature-Based IPS

Which step is not shared between specifying and not specifying the signature engine in the Custom Signature Wizard?

A. Specify SFR and ASR

B. Specify specific matching criteria

C. Select layer 3 or 4 protocol

D. Specify name and description

Which two configurable actions can take place on positively identified spam? (Choose two)

A. Bounce

B. Deliver

C. Repair

D. Modification

Which two types of information would a signature-based network IPS detect? (Choose two)

A. Specially crafted URLs

B. A malformed SNMP message

C. A malformed IP packet

D. A buffer overflow in the "mail from" command of the SMTP session

Which redirection mechanism in the Transparent Proxy Mode can redirect traffic based on URL?

A. WCCP

B. Layer 7 switch

C. Layer 4 switch

D. PBR

Which represents built-in signatures that can be modified?

A. Sub signatures

B. Tuned signatures

C. Default signatures

D. Custom signatures

Which policy is used to determine how to treat HTTPS traffic?

A. Decryption

B. Identity

C. Routing access

D. Routing

Which is not a traffic matching field that is used to apply an access policy?

A. Source

B. Transactions

C. Application

D. Destination

In which GUI tab are the Proxy Settings located?

A. Network

B. Security Services

C. System Administration

D. Web Security Manager

Which is not a typical Cisco ASA problem when configuring the decryption policies?

A. Fails to establish TLS/SSL sessions

B. Too many CA trusted certificates

C. Self-signed certificate not trusted

D. Web server certificate not trusted

Which is not a step in the process of configuring the global correlation inspection?

A. Data downloaded

B. Update request initiated

C. List of remote servers

D. IPS queries DNS

In which mode is the sensor able to detect attacks, but has limited preventative options?

A. Inline VLAN pair deployment

B. Inline interface pair deployment

C. Promiscuous mode deployment

D. Inline VLAN group deployment

Which two options allow you to view Cisco ASA CX supported applications and application types? (Choose two)

A. Cisco IME

B. CWS ScanCenter web portal

C. Cisco IDM

D. Cisco Prime Security Manager

E. Cisco ASA CX application portal

Which criteria is used by service objects to identify traffic? (Choose three)

A. Port

B. ICMP

C. Mac address

D. Protocol

What does the Test domain join link verify?

A. Active Directory can join the realm

B. NG can join Active Directory domain

C. User has administrative privilege

D. Confirms the IP address to join

Which Cisco network infrastructure element would you integrate Cisco CWS with to securely connect roaming users directly to the Internet using the nearest CSWs proxy server?

A. ASA connector

B. ISR G2 connector

C. Cisco AnyConnect Secure Mobility Client with the Web Security Module

D. WSA connector

Which is not a feature of the Cisco hybrid security solution?

A. Includes on-premises services

B. Control between SaaS and customer site

C. Includes cloud based services

D. Provides inbound traffic security only

Which two MIME categories would be used to block the downloading of MP4 based files? (Choose two)

A. multipart/mp4

B. video/mp4

C. application/mp4

D. audio/mp4

Which is a feature of the transparent user identification?

A. Requires Active Directory agent device

B. Does not use Active Directory servers

C. Blocks the Cisco CDA from querying

D. Prompts end user to enter credentials

What network protocol does the IPS use for the data download?

A. SMTP

B. HTTP

C. FTP

D. SSL

What are the two types of bandwidth limits controlled by the Cisco Application and Control (AVC)? (Choose two)

A. User bandwidth limit

B. Cloud bandwidth limit

C. Application bandwidth limit

D. Overall bandwidth limit

Which is a characteristic of RAT?

A. Private listeners require RAT

B. List domains, which will send messages

C. Recipients defined by IP address

D. Default actions include Reject

Which displays real production environment screenshots?

A. Security Intelligence Operations

B. Network overview

C. Event viewer

D. Applications drill down

Which is not a Web filtering rule?

A. Why

B. What

C. When

D. Who

While calculating your results take a moment to complete our simple survey!
How likely is it that you would recommend LearnCisco.net to a friend or colleague?
0	1	2	3	4	5	6	7	8	9	10

Not at all likely								Extremely likely
Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?