CCNP Security Practice Test | Threat Control (SITCS)

Which stage of the anomaly detection process is traffic compared to a knowledge base?

A. Knowledge Base

B. Detection

C. Learning

D. Action

What is a benefit of the Promiscuous deployment mode?

A. Provides effective preventative actions

B. Does not result many false negatives

C. Does not impact network performance

D. Normalizes traffic to improve accuracy

Which range in the Cisco Web Reputation Filter does aggressive syndication and user tracking fall into?

A. -10 to -5

B. +5 to 10

C. -5 to 0

D. 0 to +5

How many Active Directory Servers can be included in the NTLM Authentication?

A. 2

B. 3

C. 4

D. 1

Which statements about the Cisco ASA Next-Generation Firewall policy structure are true? (Choose three)

A. Multiple custom policy sets can be configured for different device groups

B. A policy set includes a set of access, identity, or decryption policies

C. Device groups are a new feature of 9.1.3 off box PRSM

D. One default policy is set for each policy type

Which three statements about the Cisco AVC engine are true? (Choose three)

A. It can restrict access to adult content on some content-sharing sites.

B. Applications can be detected by signatures downloaded from Cisco Security Intelligence Operations.

C. It uses the CASE engine to detect and inspect web applications that use HTTPS.

D. A full understanding of the design of each application is required to control application activity.

E. It can limit bandwidth consumed by some application types to control congestion.

Which policy is used to determine how to treat HTTPS traffic?

A. Decryption

B. Identity

C. Routing access

D. Routing

What functionality does the Cisco AVC engine provide?

A. It is a VPN client used to provide users with remote access to ASA appliances

B. It is used to filter unsolicited and malicious e-mail

C. It is used to route HTTP and HTTPS traffic to ScanSafe for evaluation

D. It allows you to create policies to control application activity on the network

Which of these is a feature of Cloud Web Security Connector mode?

A. Includes Access Policies

B. All Cisco WSA features available

C. Directs traffic to the CWS tower

D. Includes Layer 4 traffic monitor

Which SMTP feature delivers messages on behalf of users?

A. MTA

B. DNS A record

C. Groupware Server

D. DNS Mail exchanger (MX) record

Which Cisco IPS component provides zero-day protection?

A. Signature engine

B. Custom signature

C. Anomaly detection

D. Event action filter

Which three tactics does the Outbreak Filter use to protect clients? (Choose three)

A. Redirect

B. Deny

C. Modify

D. Disable

E. Delay

Which ESA deployment option uses a firewall DMZ for inbound traffic?

A. Virtual deployment

B. On premises as email gateway

C. On-switch deployment

D. Hybrid deployment

Which threat profile system would be suitable for utility companies?

A. Web applications threat profile

B. Edge

C. SCADA

D. Data center threat profile

Which Cisco ESA service refers to the quarantine of suspicious emails?

A. Data Loss Prevention

B. Outbreak filters

C. Content filters

D. Antispam

Which two types of information would a signature-based network IPS detect? (Choose two)

A. Specially crafted URLs

B. A malformed SNMP message

C. A malformed IP packet

D. A buffer overflow in the "mail from" command of the SMTP session

What CLI command Is used to block redirected traffic from Cisco ASA to Cisco ASA CX if the Cisco ASA CX fails and also configures the authentication proxy port?

A. cxsc fail-close auth-proxy port

B. |b cxsc fail-open auth-proxy port |p

Which network intrusion prevention approach uses network behavior analysis?

A. Statistical Anomaly-Based IPS

B. Protocol Verification Anomaly-Based IPS

C. Policy-Based IPS

D. Signature-Based IPS

Which is not an area that the Cisco IPS would typically be located within a typical modularized network?

A. Campus access

B. Internet edge

C. Data center

D. Branch offices

Which is a feature of the CISCO PRSM Event Viewer?

A. Can only show ASA in the Event Viewer

B. Tracks authentication proxy events

C. Supports up to 5,000 events per second

D. Does not support rea time eventing

Which is not a step in configuring Cisco ASA to download Cisco AnyConnect Web Security Module to the client machine?

A. Name the new policy

B. Add Web Security Module group policy

C. Determine client profiles to download

D. Configure settings in the Advanced page

Which is a feature of reputation filters?

A. Adjust event risk rating

B. Second line of defense

C. List of blocked addresses

D. Based on a reputation score

Which two alert notifications are available in Cisco Security IntelliShield Alert Manager? (Choose two)

A. Complete Alert as Text

B. Alert Summary as HTML Attachment

C. Complete Alert as XML

D. Alert Summary and Alert as HTML

E. Complete Alert as RSS feed

F. Alert Summary as HTML

Which is not a function of the deobfuscation feature?

A. Fully protects custom signatures

B. Enable conversion of HTTP data to ASCII

C. Prevents format based attacks

D. Mitigate application layer evasion

Which is a feature of the Transparent Proxy Mode?

A. Client directs traffic to target server

B. Proxy resolves target hostname

C. Client browser must be set up

D. Requires no network infrastructure

Which two statements regarding a web site with a web reputation score of minus three are true? (Choose two)

A. Responsible content

B. Verified malicious content

C. Validated by third party

D. Potential malicious content

Identify the scanning engines used by the Dynamic Vectoring and Streaming Engine (DVS). (Choose three)

A. Defender

B. McAfee

C. Webroot

D. Sophos

Which is not the right configuration for connecting WCCP to ASA?

A. Enable the WCCP service group

B. Create access-list with client servers

C. Identify the service to be redirected

D. Create traffic redirection access-list

Which is a signature tuning method that reduces false positives?

A. Selectively enable signature for ports

B. Narrow matching of payload values

C. Reduce the number of required events

D. Broaden the search context

Which statements about the Cisco Application Visibility Control are true? (Choose three)

A. It sets a maximum number of allowed applications

B. Applications can be detected by signatures

C. It can be used to control application activity on a network

D. It enables deeper controls for particular application types

Which step is not shared between specifying and not specifying the signature engine in the Custom Signature Wizard?

A. Specify SFR and ASR

B. Specify specific matching criteria

C. Select layer 3 or 4 protocol

D. Specify name and description

Which listener configuration deals with undelivered email messages?

A. Certificate

B. Disclaimer above

C. SMTP authentication profile

D. Bounce profile

What step should be performed during the first phase of URL categorizing process?

A. Lookup URLs in the WSA URL database

B. Perform Keyword Analysis

C. Perform dynamic analysis

Which is not a feature of the PAC files?

A. Enables centralized proxy configuration

B. Defines how browser fetches a URL

C. Can add, edit or delete proxy servers

D. Forces all VLANs to use same proxy

Which authentication type is supported by LDAP?

A. NTLM

B. Kerberos

C. Basic

D. Advanced

Which tab in the Cisco IDM configures Alert and Error event details?

A. Home

B. Help

C. Configuration

D. Monitoring

What can capture traffic based on various OSI Layer 3 and Layer 4 criteria?

A. SPAN

B. VACL

C. RSPAN

D. FSPAN

Identify the six primary functions of the Security Control Framework. (Choose six)

A. Correlate

B. Identity

C. Scalability

D. Enforce

E. Isolate

F. Harden

G. Monitor

Which two statements describe Cisco's Streaming Media Bandwidth Control? (Choose two)

A. You can configure bandwidth limits using two limit types.

B. Data can be blocked upon reaching a specified quota.

C. When more than one bandwidth limit type is applied, the most restrictive option applies.

D. The overall bandwidth limit can be used to limit traffic served from the web cache.

E. Any application can have bandwidth limits applied.

Which file type options can be managed when controlling uploaded content? (Choose three)

A. Operating system files

B. Executables

C. Installers

D. Archives

Which is not a step in the process of configuring the global correlation inspection?

A. Data downloaded

B. Update request initiated

C. List of remote servers

D. IPS queries DNS

Which two MIME categories would be used to block the downloading of MP4 based files? (Choose two)

A. multipart/mp4

B. video/mp4

C. application/mp4

D. audio/mp4

You need to calculate the risk rating for an identified problem. The following information is relevant to this case.

Promiscuous Delta: 15
Sensorbase rating: 30
Attack relevancy: Unknown
Potential Damage: Low (50)
Target asset value: Low (75)
Signature accuracy: 75

What is the risk rating?

A. The risk rating is 88.

B. Undeterminable, as attack relevancy is unknown.

C. The risk rating is 28.

D. The risk rating is 73.

Which two actions would you perform to throttle the total bandwidth that can be used by streaming media for all users on the network? (Choose two)

A. Configure overall bandwidth limit

B. Enable Cisco IronPort Web Usage Controls

C. Enable Cisco AVC

D. Configure user bandwidth limit

Which is the first step in the interaction between the identity, decryption, and access policies?

A. Re-encrypt the traffic

B. Match an identity policy source

C. Match an access policy source

D. Poll the Active Directory

What does the Test domain join link verify?

A. Active Directory can join the realm

B. NG can join Active Directory domain

C. User has administrative privilege

D. Confirms the IP address to join

Which Cisco ESA solution specifically incorporates a third-party scan into the process of determining if a message should be filtered as spam?

A. Cisco IronPort Intelligent Multi-Scan

B. Cisco IronPort Anti-Spam

C. Cisco IronPort AsyncOS

D. Cisco IronPort SenderBase Network

Which scenario indicates an attack?

A. Detection Off, Learning Off

B. Detection On, Learning On

C. Detection On, Learning Off

D. Detection Off, Learning On

Which two statements regarding Cisco ESA spam quarantine are true? (Choose two)

A. An external quarantine supersedes an internal.

B. Cisco ESA supports external spam quarantines.

C. A local quarantine supersedes an external.

D. Cisco ESA supports only Cisco Content Security Management appliances as external quarantines.

Which anomaly detection zone are non-allocated addresses placed in?

A. Not allocated

B. Internal zone

C. Illegal zone

D. External zone

Which two configurable actions can take place on positively identified spam? (Choose two)

A. Bounce

B. Deliver

C. Repair

D. Modification

Which statements about Cisco Adaptive Security Appliances (ASA) are true? (Choose two)

A. The 5500-X NG is supported in ASA software release 8.0 and later

B. IPS-SSP and CS-SSP can be run at the same time on the same 5585-X appliance

C. 5545-X and 5555-X support RAID 1

D. 5512, 5515, and 5525 support 120 GB SSD

What is a feature of the Cloud Web Security Connector mode?

A. Includes the L4TM

B. Includes Access Policies

C. Sends traffic to CWS tower

D. Includes Decryption Policies

Which feature best describes realm configuration?

A. Can have a set of authentication servers

B. Multiple NTLM realms can be configured

C. Realm sequences are randomly ordered

D. Only one LDAP realm can be configured

What are the two types of bandwidth limits controlled by the Cisco Application and Control (AVC)? (Choose two)

A. User bandwidth limit

B. Cloud bandwidth limit

C. Application bandwidth limit

D. Overall bandwidth limit

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?