CCNP Security Practice Test | Threat Control (SITCS)

Refer to the exhibit. Cisco ASA CX and PRSM SIO updates are failing. What should be modified in the decryption policy to solve this issue?

A. Modify the action of the second policy to "Decrypt everything".

B. Modify the action of the first policy to "Decrypt potentially malicious traffic".

C. Move the second policy above the first policy.

D. Modify the action of the first policy to "Do not decrypt".

Which are steps in configuring the Cisco ASA using ASDM to integrate with the Cisco CWS?

A. Create a new traffic class

B. Set up to three servers

C. Set Whitelists for restrictions

D. Nest a 3-4 policy under a 5-7 policy

Identify the features of the Next-Generation Firewall that are compatible with existing Cisco ASA features. (Choose three)

A. Cisco ASA clustering

B. IPv6

C. Active standby failover

D. Transparent firewall mode

Which three statements about the Cisco AVC engine are true? (Choose three)

A. It can restrict access to adult content on some content-sharing sites.

B. Applications can be detected by signatures downloaded from Cisco Security Intelligence Operations.

C. It uses the CASE engine to detect and inspect web applications that use HTTPS.

D. A full understanding of the design of each application is required to control application activity.

E. It can limit bandwidth consumed by some application types to control congestion.

What is a feature of Web AVC?

A. Enables URL blanket filtering

B. Controls all web based applications

C. Matches traffic flow with applications

D. Inspects encrypted data flow

Which is not a feature of LDAP version 3?

A. Enable Transparent User Identification

B. Uses secure LDAP

C. Is unsecured

D. Utilises port 636

Which three forms of control are disabled in the default outgoing e-mail policy that checks for virus outbreaks and spam using the Cisco ESA GUI? (Choose three)

A. Anti-virus

B. Anti-spam

C. Outbreak filters

D. Content filters

E. Reputation filters

How many Active Directory Servers can be included in the NTLM Authentication?

A. 2

B. 3

C. 4

D. 1

Which is not a feature of the Cisco hybrid security solution?

A. Includes on-premises services

B. Control between SaaS and customer site

C. Includes cloud based services

D. Provides inbound traffic security only

Which is a step in the Cisco Registered Envelope Service process?

A. Encryption key stored locally

B. Recipient request encryption key

C. Message is decrypted by sender

D. Encryption key sent with message

Identify the statements that apply to on-box PRSM. (Choose two)

A. It is launched from a web browser

B. By default you can connect to the ASA CS application using https://192.168.0.1

C. It supports all versions of the Google Chrome browser

D. It is used to manage a single device

Which is not a benefit of the Cisco Sourcefire NGIPS?

A. Real-time application awareness

B. Has advanced malware prevention

C. Addresses one hour threats

D. Provides contextual awareness

Which Sender Group is assigned a throttled Mail Flow Policy?

A. Unknown List

B. Black List

C. Suspect List

D. White List

Which profile range within the Web reputations profile typically identifies sites sending rootkits?

A. -10 to -6

B. 0 to +5

C. -3 to +3

D. -6 to -3

Which is the first step in the interaction between the identity, decryption, and access policies?

A. Re-encrypt the traffic

B. Match an identity policy source

C. Match an access policy source

D. Poll the Active Directory

Which setting can be left Off to prevent NGIPS from filtering low risk sites?

A. Intrusion protection

B. Block blacklist traffic

C. Black listed traffic eventing

D. Scan high reputation traffic

Which is not a certificate type that can be uploaded?

A. Non-PEM CA certificates

B. Root CA certificates

C. Intermediate CA certificates

D. Individual server certificates

Which is a feature of the Explicit Proxy Mode?

A. Client directs traffic to web server

B. Does not require network infrastructure

C. Requires no client configuration

D. Client resolves web server hostname

Which step of the active authentication process involves the Active Directory?

A. Authentication result sent to NG

B. Establishing HTTP connection

C. Browser authentication request

D. Browser connection to Cisco ASA

Which scenario indicates an attack?

A. Detection Off, Learning Off

B. Detection On, Learning On

C. Detection On, Learning Off

D. Detection Off, Learning On

Which features best describe system-predefined identity objects? (Choose two)

A. Identity objects are applied global

B. Can operate within decryption policies

C. Only block certain users from a realm

D. Used as traffic-matching criteria

Which statements about web reputation filtering are true? (Choose three)

A. Filters uses statistics to score reputations

B. Filters can only be used with IronPort Data Security Policies

C. Filters are used to proactively combat malware

D. It assigns a web-based reputation score to a URL

Which MIME type would be used as a filter to prevent downloading of files like an MPEG?

A. Model*

B. Multipart*

C. */*

D. Video*

Which two tactics does the Outbreak Filters use to protect clients? (Choose two)

A. Apply DLP at the end of the outgoing mail-processing queue.

B. Enable DLP on the Cisco ESA with HIPPA technology.

C. Apply DLP on incoming mail policies.

D. Apply DLP on outgoing mail policies.

E. Apply DLP on incoming and outgoing mail policies.

F. Enable and use DLP with a license key.

You are configuring IP logging for IPS and have executed the following command:

sensor#iplog vs0 10.16.16.0 packets 5000

Which three statements about this configuration are true? (Choose three)

A. A maximum packet size of 5000 KB can be logged

B. Manual IP logging has been configured

C. The log will remain active for 10 minutes

D. The log will remain active for 30 minutes

E. The name of the configured virtual sensor is vs0

F. Automatic IP logging has been configured on the vs0 sensor

Which statements accurately apply to the Cisco PRSM licensing? (Choose three)

A. On-box Cisco PRSM does not require a license

B. The Off-box Cisco PRSM license expires annually

C. The Off-box Cisco PRSM license supports 5, 10 or 25 devices licenses

D. Off-box Cisco PRSM offers a 90 day evaluation license

Which of these is a feature of Cloud Web Security Connector mode?

A. Includes Access Policies

B. All Cisco WSA features available

C. Directs traffic to the CWS tower

D. Includes Layer 4 traffic monitor

Which three features are available with the Content Security and Control Security Services Module for Cisco ASA? (Choose three)

A. Port security

B. SPAN

C. Antivirus

D. URL filtering

E. Content filtering

Which is not an Identity assignment category?

A. Location

B. Port

C. User agent

D. Protocol

Which file type options can be managed when controlling uploaded content? (Choose three)

A. Operating system files

B. Executables

C. Installers

D. Archives

Which ESA deployment option uses a firewall DMZ for inbound traffic?

A. Virtual deployment

B. On premises as email gateway

C. On-switch deployment

D. Hybrid deployment

Which threat profile system would be suitable for utility companies?

A. Web applications threat profile

B. Edge

C. SCADA

D. Data center threat profile

Which is a characteristic of RAT?

A. Private listeners require RAT

B. List domains, which will send messages

C. Recipients defined by IP address

D. Default actions include Reject

Which setting can be set to Active Directory when configuring LDAP Query to drop e-mails to non-existing users?

A. Base DN

B. Server type

C. Connection Protocol

D. Authentication Method

Which is not a required field in creating a URL object?

A. URL

B. Ticket ID

C. Destination

D. Web Category

Which statements accurately apply to Cisco WSA data security? (Choose three)

A. It can control data leaving the network

B. It can use policy actions based on file metadata

C. It evaluates policy actions based on file metadata

D. It does not integrate with third party DLP systems

Which Cisco ESA software license provides the most cost effective way to include the Sophos Antivirus solution?

A. Cisco Email Security Inbound Bundle

B. Cisco Email Security Outbound Bundle

C. Web Security Essentials license

D. Cisco Email Security Premium Bundle

Which three Cisco Security IntelliShield Alert Manager roles may receive notifications? (Choose three)

A. IntelliShield Manager

B. IntelliShield Administrator

C. Group Manager

D. Group Administrator

E. Viewer

Which is not the right configuration for connecting WCCP to ASA?

A. Enable the WCCP service group

B. Create access-list with client servers

C. Identify the service to be redirected

D. Create traffic redirection access-list

Which feature represents the email gateway that transfers mail from one system to another?

A. DNS A record

B. Mail User Agent

C. MTA

D. SMTP Server

Which SMTP feature delivers messages on behalf of users?

A. MTA

B. DNS A record

C. Groupware Server

D. DNS Mail exchanger (MX) record

Which statements accurately apply to the Cisco Prime Security Manager? (Choose three)

A. Off-box PRSM is used for multi device mode

B. It is the main tool used to configure the NGFW

C. The GUI is based on web 1.0

D. On-box PRSM is used for single device mode

Which feature allows control of additional module licenses?

A. IP Interfaces

B. Bounce Profiles

C. Feature Key

D. Certificates

Which two options allow you to view Cisco ASA CX supported applications and application types? (Choose two)

A. Cisco IME

B. CWS ScanCenter web portal

C. Cisco IDM

D. Cisco Prime Security Manager

E. Cisco ASA CX application portal

Which Cisco IPS component provides zero-day protection?

A. Signature engine

B. Custom signature

C. Anomaly detection

D. Event action filter

What functionality does the Cisco AVC engine provide?

A. It is a VPN client used to provide users with remote access to ASA appliances

B. It is used to filter unsolicited and malicious e-mail

C. It is used to route HTTP and HTTPS traffic to ScanSafe for evaluation

D. It allows you to create policies to control application activity on the network

Which two options are components of the Cisco WSA architecture? (Choose two)

A. WBRS

B. Real-time Eventing

C. Anti-spam

D. Anti-malware

Which is an optional configuration when adding a Sender Group?

A. Choose order within list

B. Select a policy

C. Input group name

D. SBRS

Which HTTP proxy decryption setting would be used if the administrator wanted users to be notified why a URL request was blocked?

A. Decrypt for Application Detection

B. Decrypt for End-User Acknowledgement

C. Decrypt for End-User Notification

D. Decrypt for Authentication

Which field is only required for the Standard LDAP?

A. Primary domain

B. Join password

C. Name

D. Join user name

Which statements about NGFW network objects are true? (Choose three)

A. Network objects can be edited and deleted

B. Network objects are also referred to as FQDNs

C. Network objects are used to identify traffic sources

D. Network objects are not available in the off box Cisco Prime Security Manager multi device mode

Which Cisco WSA policy type is used to classify/group transactions and determine if user authentication is required?

A. Outbound Malware Scanning

B. Cisco Ironport Data security

C. SaaS

D. Identities

Which statement best describes hosting PAC files on WSA?

A. Can have only one PAC Server Port

B. PAC files downloaded as HTTP request

C. PAC file cannot be allowed to expire

D. Only a master PAC file can be hosted

Which is not a feature of the guest access?

A. Access to users who fail authentication

B. Blocks the user’s network access

C. Makes use of guest policies

D. Provides limited access to users

What is the default TVR numeric value assigned to all assets?

A. 100

B. 75

C. 150

D. 50

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?