CCNP Security Practice Test | Threat Control (SITCS)

Which two statements describe Cisco's Streaming Media Bandwidth Control? (Choose two)

A. You can configure bandwidth limits using two limit types.

B. Data can be blocked upon reaching a specified quota.

C. When more than one bandwidth limit type is applied, the most restrictive option applies.

D. The overall bandwidth limit can be used to limit traffic served from the web cache.

E. Any application can have bandwidth limits applied.

Which policy is used to determine how to treat HTTPS traffic?

A. Decryption

B. Identity

C. Routing access

D. Routing

Which Cisco ESA software license provides the most cost effective way to include the Sophos Antivirus solution?

A. Cisco Email Security Inbound Bundle

B. Cisco Email Security Outbound Bundle

C. Web Security Essentials license

D. Cisco Email Security Premium Bundle

Which is not a feature of the Cisco WSA authentication?

A. Can track employees’ internet usage

B. Track and report users by location

C. Enforces different policies for groups

D. Integrates with existing security tools

Which term associated with the Intrusion Prevention Systems refers to the likelihood that a threat using a specific attack will exploit a vulnerability and lead to an undesirable consequence?

A. Threat

B. Risk

C. Exploit

D. Vulnerability

Which step of the active authentication process involves the Active Directory?

A. Authentication result sent to NG

B. Establishing HTTP connection

C. Browser authentication request

D. Browser connection to Cisco ASA

Which best describes the Cisco ASA NGFW Services NGIPS Threat Profiles?

A. Threats based on behavior analysis

B. Shared IPS profiles for access policy

C. Signatures used to prevent threats

D. Threats assigned score of 1 to 10

Which statements about URL category reports are true? (Choose three)

A. They provide mini reports for the web usage control functionality

B. They can be exported as a .txt file

C. Offers two report types

D. They can be printed in PDF

Which HTTPS proxy decryption setting would be used to let the users know that web activity is being monitored and filtered?

A. Decrypt for Application Detection

B. Decrypt for End-User Acknowledgement

C. Decrypt for End-User Notification

D. Decrypt for Authentication

Which two statements regarding a web site with a web reputation score of minus three are true? (Choose two)

A. Responsible content

B. Verified malicious content

C. Validated by third party

D. Potential malicious content

What is the first step in configuring the Cisco Application Visibility and Control? (Choose two)

A. Enable the AVC engine

B. Define application control settings

C. Lookup URLs in the WSA URL database

D. Perform dynamic analysis

Which is not an area that the Cisco IPS would typically be located within a typical modularized network?

A. Campus access

B. Internet edge

C. Data center

D. Branch offices

Which is not a feature of the PAC files?

A. Enables centralized proxy configuration

B. Defines how browser fetches a URL

C. Can add, edit or delete proxy servers

D. Forces all VLANs to use same proxy

Which is a signature tuning method that reduces false positives?

A. Selectively enable signature for ports

B. Narrow matching of payload values

C. Reduce the number of required events

D. Broaden the search context

Which setting is used to define the amount of time that credentials are stored in the cache before revalidating them?

A. Redirect Hostname

B. Credential Encryption

C. Basic Authentication Token TTL

D. Surrogate Timeout

What is the default anti-malware scanning action in WSA?

A. Monitor

B. Block

C. Decrypt

D. Drop

What column is used to create a new custom URL policy in the WSA?

A. Group

B. Objects

C. URL Filtering

D. Applications

Which statements about Cisco ASA (CX) NGFW licensing are true? (Choose three)

A. The Web Security Essentials license enables URL filtering

B. The AVC license enables application inspections

C. One license is required for every 5 Cisco ASA (CX) NGFW device

D. Cisco ASA (CX) NGFW comes with a 60-day evaluation license

Which displays real production environment screenshots?

A. Security Intelligence Operations

B. Network overview

C. Event viewer

D. Applications drill down

Which statement describes the configured Anti-Virus settings for the incoming and outgoing mail policies on your Cisco ESA?

A. The message attachment was only scanned.

B. The message bounced.

C. The message attachment was repaired.

D. The message attachment was infected and replaced.

Which statement is true regarding Cisco ASA CX decryption policies?

A. They can only decrypt traffic over port 443

B. A self-signed or customer-uploaded certificate must be used

C. They can be used to decrypt TLS, SSL, and SSH traffic

D. A separate encryption policy must be configured to re-encrypt the traffic

What is a feature of configuring the Cisco ESA listener?

A. Determine if public or private

B. Only operates on incoming emails

C. Requires SMTP authentication profile

D. Requires more than one interface

Which is not an Identity assignment category?

A. Location

B. Port

C. User agent

D. Protocol

Which HTTP proxy decryption setting would be used if the administrator wanted users to be notified why a URL request was blocked?

A. Decrypt for Application Detection

B. Decrypt for End-User Acknowledgement

C. Decrypt for End-User Notification

D. Decrypt for Authentication

Which statements about NGFW network objects are true? (Choose three)

A. Network objects can be edited and deleted

B. Network objects are also referred to as FQDNs

C. Network objects are used to identify traffic sources

D. Network objects are not available in the off box Cisco Prime Security Manager multi device mode

Which item within Cisco Security IntelliShield Alert Manager must be selected when including and excluding products in a product set?

A. Vendor

B. Version

C. Service Pack/Platform

D. Product

Which tuning method results in lowering the time interval in which the setup events must be correlated?

A. Lower the attention span of signature

B. Narrow search context and header values

C. Limit the number of matched patterns

D. Increase the number of events

Which is not a features of the WSA architecture?

A. Contains management and reporting tools

B. Has Cisco Anti-Malware built in

C. Includes term-based licenses

D. Components are activated by licenses

What is a benefit of the Promiscuous deployment mode?

A. Provides effective preventative actions

B. Does not result many false negatives

C. Does not impact network performance

D. Normalizes traffic to improve accuracy

Which component of the risk rating formula represents the potential damage?

A. TVR

B. ASR

C. SFR

D. ARR

You need to calculate the risk rating for an identified problem. The following information is relevant to this case.

Promiscuous Delta: 15
Sensorbase rating: 30
Attack relevancy: Unknown
Potential Damage: Low (50)
Target asset value: Low (75)
Signature accuracy: 75

What is the risk rating?

A. The risk rating is 88.

B. Undeterminable, as attack relevancy is unknown.

C. The risk rating is 28.

D. The risk rating is 73.

Identify the scanning engines used by the Dynamic Vectoring and Streaming Engine (DVS). (Choose three)

A. Defender

B. McAfee

C. Webroot

D. Sophos

Which feature allows control of additional module licenses?

A. IP Interfaces

B. Bounce Profiles

C. Feature Key

D. Certificates

Which three statements about the Cisco AVC engine are true? (Choose three)

A. It can restrict access to adult content on some content-sharing sites.

B. Applications can be detected by signatures downloaded from Cisco Security Intelligence Operations.

C. It uses the CASE engine to detect and inspect web applications that use HTTPS.

D. A full understanding of the design of each application is required to control application activity.

E. It can limit bandwidth consumed by some application types to control congestion.

Which is a feature of the CISCO PRSM Event Viewer?

A. Can only show ASA in the Event Viewer

B. Tracks authentication proxy events

C. Supports up to 5,000 events per second

D. Does not support rea time eventing

Which class map keyword will cause a problem if the match criteria are not mutually exclusive?

A. Fail-open

B. Match-any

C. Fail-close

D. Match-all

What CLI command will have the Cisco IPS module inspect all traffic before being able to pass through Cisco ASA and block all traffic if the module fails?

A. ips promiscuous fail-open

B. |b ips promiscuous fail-close |p

C. |b ips inline fail-close |p

D. |b ips inline fail-open |p

Which information is not included in the Event Views?

A. Actions taken

B. Attacker IP

C. Masked networks

D. Severity

Which two sets of mail policies does Cisco ESA use for message content security? (Choose two)

A. Outgoing mail policies for connections that match a HAT policy with the Accept connection behavior in any listener.

B. Incoming mail policies for connections that match a HAT policy with the Relay connection behavior in any listener.

C. Outgoing mail policies for connections that match a HAT policy with the Relay connection behavior in any listener.

D. Incoming mail policies for connections that match a HAT policy with the Accept connection behavior in any listener.

Which command will report the server connection statistics?

A. show scansafe server

B. show CWS activity statistics

C. show service-policy inspect scansafe

D. show scansafe statistics

What are two types of SIO updates? (Choose two)

A. Application signatures

B. Security application scanner

C. Component versions

D. Firewall scanner updates

Which is a feature of the transparent user identification?

A. Requires Active Directory agent device

B. Does not use Active Directory servers

C. Blocks the Cisco CDA from querying

D. Prompts end user to enter credentials

Which is not a deployment option for the ESA?

A. Virtual deployment

B. Hybrid option

C. Switch application

D. E-mail gateway

Identify the statements that accurately apply to NGFW URL objects. (Choose two)

A. They can identify traffic based on URLs

B. They are part of the HTTP request header

C. They can use wildcard characters for matching

D. They are used to identify LDAP users

Which configurations are required when designing a web security solution to use Cisco ISR G2 cloud web security? (Choose two)

A. Default user group must be configured

B. User authentication must be configured on the ISR G2

C. Content scanning must be enabled on the router's egress interface

D. Company key must be generated in the Cisco ScanCenter

Which feature can be used to block social media applications, such as Facebook?

A. AVC engine

B. Netflow

C. IntelliShield Alert Service

D. CASE engine

Which feature best describes the threat rating?

A. Represents the potential severity

B. Is always equal to the risk-rating

C. Does not consider preventive actions

D. Accounts for preventative actions

Which Cisco WSA policy type is used to classify/group transactions and determine if user authentication is required?

A. Outbound Malware Scanning

B. Cisco Ironport Data security

C. SaaS

D. Identities

Which two statements are true regarding the default configuration of the WSA management interface connection? (Choose two)

A. It can be accessed using https://192.168.42.42:8443

B. It can be accessed using http://192.168.42.42:80

C. It can be accessed using https://hostname:8443

D. It can be accessed using https://hostname:8080

E. It can be accessed using https://hostname:443

Which configuration action is accurate?

A. Scanning proxies cannot be added

B. Scanning proxies can be removed

C. Scanning Proxy list can be edited

D. Only one listening port can be used

Which scan event indicates a worm attack due to a non-matching SYN-ACK for 15 seconds?

A. DNS

B. UDP

C. TCP

D. ICMP

Which email relaying configuration options redirect all emails sent from internal mail server to the Cisco ESA? (Choose two)

A. Use SSL

B. Remote TCP/IP port

C. Remote host name

D. Local host name

Which is not a Cisco ESA interface label?

A. Data 1

B. Data 2

C. Management

D. Administrator

Which is not a part of the SMTP conversation?

A. Body

B. Footer

C. Header

D. Envelope

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?