CCNP Security Practice Test | Threat Control (SITCS)

Cisco Practice Tests

Exam: 300-207

Question 1 / 55

90:00

Which listener configuration deals with undelivered email messages?

A. Certificate

B. Disclaimer above

C. SMTP authentication profile

D. Bounce profile

What is a characteristic of the Company authentication key?

A. Applies separate policy on each device

B. Key can be used on multiple devices

C. Can be unique to the CWS connector

D. Can be unique on each device

Which is not an optional step when configuring the Cloud Web Security connector on Cisco ISR G2 router?

A. Configure a default user group

B. Enable content scanning on egress

C. Configure web security parameters

D. K9 feature licensing

Which method results in reduced false negatives?

A. Narrow event-counting signatures

B. Disable anti-evasion methods

C. Limit header-matching signatures

D. Create a custom signature

Which is a feature of the AnyConnect Web Security Module?

A. Cannot be configured standalone

B. Can forward FTP traffic to ScanSafe

C. Enables blocking of elements on a page

D. Only scans HTTP traffic with ScanSafe

Which feature best describes the Next Generation Firewall ADI in reference to passive authentication?

A. Contains user-to-IP address mappings

B. Connects with Context Directory Agent

C. Uses one session database per realm

D. Manages the directory servers

Which three forms of control are disabled in the default outgoing e-mail policy that checks for virus outbreaks and spam using the Cisco ESA GUI? (Choose three)

A. Anti-virus

B. Anti-spam

C. Outbreak filters

D. Content filters

E. Reputation filters

What is a feature of the Cloud Web Security Connector mode?

A. Includes the L4TM

B. Includes Access Policies

C. Sends traffic to CWS tower

D. Includes Decryption Policies

Which is not a feature of configuring identities to group client transactions?

A. Identities can only be used one time

B. Utilises Subnets and Protocols

C. Used to determine the policy group

D. Does not require user authentication

Which is not a feature of the AnyConnect Web Security Module?

A. Routes HTTP and HTTPS to ScanSafe

B. Forwards all web traffic to ScanSafe

C. Can be manually installed on client PC

D. Can be deployed standalone

Which two options allow you to view Cisco ASA CX supported applications and application types? (Choose two)

A. Cisco IME

B. CWS ScanCenter web portal

C. Cisco IDM

D. Cisco Prime Security Manager

E. Cisco ASA CX application portal

What CLI command Is used to block redirected traffic from Cisco ASA to Cisco ASA CX if the Cisco ASA CX fails and also configures the authentication proxy port?

A. cxsc fail-close auth-proxy port

B. |b cxsc fail-open auth-proxy port |p

Which Cisco ESA feature do you need to configure to list all local domains in which you plan to accept messages?

A. HAT

B. RAT

C. MTA

D. SIO

Which is a feature of the Transparent Proxy Mode?

A. Client directs traffic to target server

B. Proxy resolves target hostname

C. Client browser must be set up

D. Requires no network infrastructure

Which is a feature of the CISCO PRSM Event Viewer?

A. Can only show ASA in the Event Viewer

B. Tracks authentication proxy events

C. Supports up to 5,000 events per second

D. Does not support rea time eventing

Which is not a step in configuring the Cloud Web Security connector on Cisco ISR G2 router?

A. Configure web security parameters

B. Disable content scanning on egress

C. K9 feature license required

D. Generate company key in ScanCenter

Which best describes the configuration of Virtual Sensors?

A. Less than 5 Virtual Sensors

B. No more than 3 Anomaly Detections

C. Up to 6 Event Action Rules

D. Maximum of 4 defined signatures

Which best describes Cisco's Email Security Appliance licenses?

A. ESA applies usage-based pricing

B. One email security license is available

C. Subscriptions are permanent

D. Include Security Inbound Bundle

Which statements accurately apply to application objects? (Choose two)

A. They cannot contain other application objects

B. Or statements are used to connect objects

C. They contain applications and application types

D. They contain rows of service objects

What is a feature of configuring the Cisco ESA listener?

A. Determine if public or private

B. Only operates on incoming emails

C. Requires SMTP authentication profile

D. Requires more than one interface

Which characteristic best describes the Cisco Registered Envelope Service?

A. Locally hosted encryption service

B. Sends encryption keys to sender

C. Works independent of Cisco ESA

D. Cloud storage of encryption keys

Which two configurable actions can take place on positively identified spam? (Choose two)

A. Bounce

B. Deliver

C. Repair

D. Modification

Which tab in the Cisco IDM configures Alert and Error event details?

A. Home

B. Help

C. Configuration

D. Monitoring

Which HTTPS proxy decryption setting would be used to let the users know that web activity is being monitored and filtered?

A. Decrypt for Application Detection

B. Decrypt for End-User Acknowledgement

C. Decrypt for End-User Notification

D. Decrypt for Authentication

Which two actions would you perform to throttle the total bandwidth that can be used by streaming media for all users on the network? (Choose two)

A. Configure overall bandwidth limit

B. Enable Cisco IronPort Web Usage Controls

C. Enable Cisco AVC

D. Configure user bandwidth limit

Which statement is true about implementing Cisco CWS?

A. Cisco CWS currently only supports IPv4 addresses.

B. Cisco CWS is supported in both routed firewall mode and transparent firewall mode.

C. Cisco CWS is supported with Cisco ASA CX.

D. Cisco CWS can be integrated with Cisco ASA clustering.

Which is not a certificate type that can be uploaded?

A. Non-PEM CA certificates

B. Root CA certificates

C. Intermediate CA certificates

D. Individual server certificates

Which configuration represents the number of hours that the user-to-IP address mapping is maintained?

A. Group refresh interval

B. Failed authentication timeout

C. Maximum authentication attempts

D. Authentication session duration

Which is not a decryption policy action?

A. Decrypt everything

B. Decrypt safe traffic

C. Decrypt potentially malicious traffic

D. Do not decrypt

Which feature of Cisco ESA is used to manage secure message recipient enrollment and encryption keys?

A. Cisco Registered Envelope Service

B. Outbreak Filters

C. Reputation filters

D. Cisco IronPort SenderBase Network

What is a feature of Web filtering?

A. The rule defines "Why" of an action

B. Only a single rule can be applied

C. Performed through the Access Policy

D. Determines traffic to filter

Which statements about URL category reports are true? (Choose three)

A. They provide mini reports for the web usage control functionality

B. They can be exported as a .txt file

C. Offers two report types

D. They can be printed in PDF

Which features best describe system-predefined identity objects? (Choose two)

A. Identity objects are applied global

B. Can operate within decryption policies

C. Only block certain users from a realm

D. Used as traffic-matching criteria

You need to calculate the risk rating for an identified problem. The following information is relevant to this case.

Promiscuous Delta: 15
Sensorbase rating: 30
Attack relevancy: Unknown
Potential Damage: Low (50)
Target asset value: Low (75)
Signature accuracy: 75

What is the risk rating?

A. The risk rating is 88.

B. Undeterminable, as attack relevancy is unknown.

C. The risk rating is 28.

D. The risk rating is 73.

Which two commands are used to copy an IP log file with a "2247" ID to the logs/iplogs shared folder on FTPSRV1? (Choose two)

A. sensor# copy iplog 2247 ftp://[email protected]/FTPSRV1/logs/iplogs

B. sensor# |b copy iplog 2247 ftp://FTPSRV1/logs/iplogs//[email protected] |p

C. sensor# |b copy iplog 2247 ftp://[email protected]/logs/iplogs |p

D. sensor# |b copy ftp://[email protected]/logs/iplogs iplog 2247 |p

Which threat profile system would be suitable for utility companies?

A. Web applications threat profile

B. Edge

C. SCADA

D. Data center threat profile

Which is not a part of the SMTP conversation?

A. Body

B. Footer

C. Header

D. Envelope

Which is not a function of the WSA?

A. Connection testing

B. Web proxy

C. Malware scanning

D. Reputation filtering

Which is a signature tuning approach to reduce false positives?

A. Limit patterns matched by expressions

B. Make exceptions as general as possible

C. Increase attention span of signature

D. Expand matching of header values

Which statement best describes Cisco ASA (CX) NGFW access policies?

A. Eventing is off by default

B. Capture Packets is off by default

C. Eventing creates traffic test objects

D. Capture file uses ID tag as filename

What is an on premise Cisco product that provides data loss prevention, virus defense, and encryption?

A. SIO

B. CWS

C. IDM

D. ESA

Identify the statements that accurately apply to NGFW URL objects. (Choose two)

A. They can identify traffic based on URLs

B. They are part of the HTTP request header

C. They can use wildcard characters for matching

D. They are used to identify LDAP users

Which is not an Outbreak Intelligence Scanlet technique?

A. Virtualized Script Emulation

B. Structural Content Investigation

C. Deep Content Analysis

D. Malware Inspection Agent

What is a function of the Web AVC engine?

A. Searches for malicious code in traffic

B. It encrypts data is decrypted

C. Enables firewalls on applications

D. Controls application behavior

Which authentication type is supported by LDAP?

A. NTLM

B. Kerberos

C. Basic

D. Advanced

Which is a feature of the Explicit Proxy Mode?

A. Client directs traffic to web server

B. Does not require network infrastructure

C. Requires no client configuration

D. Client resolves web server hostname

Which two tactics does the Outbreak Filters use to protect clients? (Choose two)

A. Apply DLP at the end of the outgoing mail-processing queue.

B. Enable DLP on the Cisco ESA with HIPPA technology.

C. Apply DLP on incoming mail policies.

D. Apply DLP on outgoing mail policies.

E. Apply DLP on incoming and outgoing mail policies.

F. Enable and use DLP with a license key.

What range of web reputation scores would be associated with a site that is suspected of malicious content, but has not been confirmed?

A. -3 to 3

B. -6 to -3

C. -10 to -6

D. 0 to 5

Which range in the Cisco Web Reputation Filter does aggressive syndication and user tracking fall into?

A. -10 to -5

B. +5 to 10

C. -5 to 0

D. 0 to +5

Which distribution layer is the WSA implemented in?

A. Data Center

B. Camus Access Point

C. Branch

D. Internet Edge

Which is a feature of the Active authentication?

A. Uses Cisco ASA proxy mechanism

B. Uses Cisco Context Directory Agent

C. Requires Active Directory domain

D. Utilizes the Active Directory agent

You want to manually configured IP logging for the default virtual sensor, which has an IP address 10.16.16.0. The log file should log for 45 minutes. Which command will complete this task?

A. sensor# iplog 10.16.16.0 duration 45 vs0

B. sensor# |b iplog vs0 10.16.16.0 duration 45 |p

C. sensor# |b iplog 10.16.16.0 vs0 duration 45 |p

D. sensor# |b iplog vs0 10.16.16.0 packets 45 |p

What is the result of tuning an IDS sensor to be too sensitive?

A. There will be a decrease in true negatives.

B. There will be an increase in false negatives.

C. There will be a decrease in true positives.

D. There will be an increase in false positives.

Which feature best describes the threat rating?

A. Represents the potential severity

B. Is always equal to the risk-rating

C. Does not consider preventive actions

D. Accounts for preventative actions

Which feature allows control of additional module licenses?

A. IP Interfaces

B. Bounce Profiles

C. Feature Key

D. Certificates

While calculating your results take a moment to complete our simple survey!
How likely is it that you would recommend LearnCisco.net to a friend or colleague?
0	1	2	3	4	5	6	7	8	9	10

Not at all likely								Extremely likely
Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?