CCNP Security Practice Test | Threat Control (SITCS)

Cisco Practice Tests

Exam: 300-207

Question 1 / 55

90:00

Which is a feature of the Transparent Proxy Mode?

A. Client directs traffic to target server

B. Proxy resolves target hostname

C. Client browser must be set up

D. Requires no network infrastructure

Which statements about NGFW network objects are true? (Choose three)

A. Network objects can be edited and deleted

B. Network objects are also referred to as FQDNs

C. Network objects are used to identify traffic sources

D. Network objects are not available in the off box Cisco Prime Security Manager multi device mode

What CLI command will have the Cisco IPS module inspect all traffic before being able to pass through Cisco ASA and block all traffic if the module fails?

A. ips promiscuous fail-open

B. |b ips promiscuous fail-close |p

C. |b ips inline fail-close |p

D. |b ips inline fail-open |p

Which feature represents the email gateway that transfers mail from one system to another?

A. DNS A record

B. Mail User Agent

C. MTA

D. SMTP Server

What kind of worms does the anomaly detection search for?

A. Active scanning worms

B. Email worms

C. Instant messaging worms

D. File-sharing worms

Which field is only required for the Standard LDAP?

A. Primary domain

B. Join password

C. Name

D. Join user name

Which three forms of control are disabled in the default outgoing e-mail policy that checks for virus outbreaks and spam using the Cisco ESA GUI? (Choose three)

A. Anti-virus

B. Anti-spam

C. Outbreak filters

D. Content filters

E. Reputation filters

What is a feature of the Cloud Web Security Connector mode?

A. Includes the L4TM

B. Includes Access Policies

C. Sends traffic to CWS tower

D. Includes Decryption Policies

What is a feature of Web filtering?

A. The rule defines "Why" of an action

B. Only a single rule can be applied

C. Performed through the Access Policy

D. Determines traffic to filter

Which is not a decryption policy action?

A. Decrypt everything

B. Decrypt safe traffic

C. Decrypt potentially malicious traffic

D. Do not decrypt

Which setting can be set to Active Directory when configuring LDAP Query to drop e-mails to non-existing users?

A. Base DN

B. Server type

C. Connection Protocol

D. Authentication Method

Which category contains policies used to control access to third party software providers?

A. Web policies

B. Authentication policies

C. Data Transfer policies

D. Custom Policy Elements

Which Cisco ESA feature do you need to configure to list all local domains in which you plan to accept messages?

A. HAT

B. RAT

C. MTA

D. SIO

Which threat profile could a network administrator deploy to minimize time with securing web technologies?

A. Edge

B. Web Applications

C. Data Center

D. SCADA

When implementing Cisco IPS sensors, what would you do when managing false positive events?

A. Tune your Cisco IPS sensor by creating event action overrides.

B. Change the triggering conditions of problematic signatures to make them more generic.

C. Create a custom signature that will address an attack that was previously undetected.

D. Tune your Cisco IPS sensor by creating event action filters.

Which is a function of the RAT?

A. Specifies list of local domains

B. Defines control rules

C. Defines remote hosts

D. Determine sender's reputation

What is a function of the Web AVC engine?

A. Searches for malicious code in traffic

B. It encrypts data is decrypted

C. Enables firewalls on applications

D. Controls application behavior

Which is not a step in configuring Cisco ASA to download Cisco AnyConnect Web Security Module to the client machine?

A. Name the new policy

B. Add Web Security Module group policy

C. Determine client profiles to download

D. Configure settings in the Advanced page

Which is a feature of the ScanCenter web filtering policies?

A. Can be based on web categories

B. Filters only set for outbound traffic

C. Default filter can be removed

D. Filter selection is fixed

Which statement best describes a feature of forwarding traffic to the IPS module based on an ACL specification?

A. IPS modules support only inline modes

B. Access Control Lists are stateful

C. Specify both directions of traffic

D. IPS modules do not support fail-open

What are the two types of bandwidth limits controlled by the Cisco Application and Control (AVC)? (Choose two)

A. User bandwidth limit

B. Cloud bandwidth limit

C. Application bandwidth limit

D. Overall bandwidth limit

Which is not a feature of the global correlation operations?

A. Focuses on good reputation devices

B. Enables blocking high-risk traffic

C. Can influence the risk rating

D. Data received by Cisco IPS sensors

What is the first step in configuring the Cisco Application Visibility and Control? (Choose two)

A. Enable the AVC engine

B. Define application control settings

C. Lookup URLs in the WSA URL database

D. Perform dynamic analysis

Which IPS threat profile would you use if the Cisco IPS is primarily used for protecting ICS?

A. SCADA

B. Edge

C. Data Center

D. Web Applications

Which is not a deployment option for the ESA?

A. Virtual deployment

B. Hybrid option

C. Switch application

D. E-mail gateway

Which distribution layer is the WSA implemented in?

A. Data Center

B. Camus Access Point

C. Branch

D. Internet Edge

Which criteria is used by service objects to identify traffic? (Choose three)

A. Port

B. ICMP

C. Mac address

D. Protocol

Which is not the right configuration for connecting WCCP to ASA?

A. Enable the WCCP service group

B. Create access-list with client servers

C. Identify the service to be redirected

D. Create traffic redirection access-list

Which statements about Cisco Adaptive Security Appliances (ASA) are true? (Choose two)

A. The 5500-X NG is supported in ASA software release 8.0 and later

B. IPS-SSP and CS-SSP can be run at the same time on the same 5585-X appliance

C. 5545-X and 5555-X support RAID 1

D. 5512, 5515, and 5525 support 120 GB SSD

Which class map keyword will cause a problem if the match criteria are not mutually exclusive?

A. Fail-open

B. Match-any

C. Fail-close

D. Match-all

What CLI command in event configuration mode for a rule configures an event that terminates the connection with RST packets?

A. overrides deny-connection-inline

B. |b overrides reset-tcp-connection |p

C. |b overrides request-block-connection |p

D. |b overrides deny-packet-inline |p

Which two commands are used to copy an IP log file with a "2247" ID to the logs/iplogs shared folder on FTPSRV1? (Choose two)

A. sensor# copy iplog 2247 ftp://administrator@10.32.0.0/FTPSRV1/logs/iplogs

B. sensor# |b copy iplog 2247 ftp://FTPSRV1/logs/iplogs//administrator@10.32.0.0 |p

C. sensor# |b copy iplog 2247 ftp://administrator@10.32.0.0/logs/iplogs |p

D. sensor# |b copy ftp://administrator@10.32.0.0/logs/iplogs iplog 2247 |p

Which Cisco WSA policy type is used to classify/group transactions and determine if user authentication is required?

A. Outbound Malware Scanning

B. Cisco Ironport Data security

C. SaaS

D. Identities

Which statements accurately apply to the Cisco Prime Security Manager? (Choose three)

A. Off-box PRSM is used for multi device mode

B. It is the main tool used to configure the NGFW

C. The GUI is based on web 1.0

D. On-box PRSM is used for single device mode

What is the default TVR numeric value assigned to all assets?

A. 100

B. 75

C. 150

D. 50

What is a characteristic of the Cisco WSA explicit proxy mode?

A. Network infrastructure redirects client requests to proxy server

B. Client resolves hostname of target web server

C. Client directs traffic to proxy server

D. No client configuration is required

What is an on premise Cisco product that provides data loss prevention, virus defense, and encryption?

A. SIO

B. CWS

C. IDM

D. ESA

Which statements about the Cisco ASA CX-SSP module are true? (Choose three)

A. It includes a dedicated management interface

B. It uses a default gateway address of 192.168.8.1

C. It uses the default management ip address of 192.168.1.1 for interface 0/0

D. It uses the default management ip address of 192.168.1.0 for interface 0/1

Which is a feature of the transparent user identification?

A. Requires Active Directory agent device

B. Does not use Active Directory servers

C. Blocks the Cisco CDA from querying

D. Prompts end user to enter credentials

What is a feature of the risk rating?

A. It is part of the event alert

B. It is equal to the threat rating

C. Assigned between 1 and 10

D. Created when threshold is met

Which statements about web reputation filtering are true? (Choose three)

A. Filters uses statistics to score reputations

B. Filters can only be used with IronPort Data Security Policies

C. Filters are used to proactively combat malware

D. It assigns a web-based reputation score to a URL

Which statement is true regarding Cisco ASA CX decryption policies?

A. They can only decrypt traffic over port 443

B. A self-signed or customer-uploaded certificate must be used

C. They can be used to decrypt TLS, SSL, and SSH traffic

D. A separate encryption policy must be configured to re-encrypt the traffic

Which is not a part of the SMTP conversation?

A. Body

B. Footer

C. Header

D. Envelope

Identify the criteria used by data security policies to evaluate upload requests. (Choose three)

A. Web Reputation

B. Third party DLP systems

C. Content blocking configuration

D. URL Filtering

When configuring the NTLMSSP identification and authentication how many scheme options can be chosen from?

A. 4

B. 1

C. 3

D. 2

Which Cisco ESA software license provides the most cost effective way to include the Sophos Antivirus solution?

A. Cisco Email Security Inbound Bundle

B. Cisco Email Security Outbound Bundle

C. Web Security Essentials license

D. Cisco Email Security Premium Bundle

Which SMTP feature delivers messages on behalf of users?

A. MTA

B. DNS A record

C. Groupware Server

D. DNS Mail exchanger (MX) record

What technology is Cisco ASA (CX) NGFW Broad and Web AVC based on?

A. QoS

B. CBQoS

C. NBAR

D. DCAR

Which two statements regarding a web site with a web reputation score of minus three are true? (Choose two)

A. Responsible content

B. Verified malicious content

C. Validated by third party

D. Potential malicious content

Which is a signature tuning method that reduces false positives?

A. Selectively enable signature for ports

B. Narrow matching of payload values

C. Reduce the number of required events

D. Broaden the search context

Which is not a configuration option for matching decryption policies to security requirements?

A. Certificate initialization method

B. Enable activate authorization

C. Basic constraints extension to critical

D. Enable decryption policies

Which threat profile system would be suitable for utility companies?

A. Web applications threat profile

B. Edge

C. SCADA

D. Data center threat profile

In an attempt to reduce false negatives, you need to tune Cisco IPS to ensure only one direction of a TCP session is analyzed by the sensor. After accessing the available TCP reassembly modes, what should be selected?

A. Loose

B. Asymmetric

C. Strict

D. Symmetric

Which is not a feature of LDAP version 3?

A. Enable Transparent User Identification

B. Uses secure LDAP

C. Is unsecured

D. Utilises port 636

Which is not a feature of the Cisco WSA authentication?

A. Can track employees’ internet usage

B. Track and report users by location

C. Enforces different policies for groups

D. Integrates with existing security tools

While calculating your results take a moment to complete our simple survey!
How likely is it that you would recommend LearnCisco.net to a friend or colleague?
0	1	2	3	4	5	6	7	8	9	10

Not at all likely								Extremely likely
Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?