All About Virtual 300-207 pdf

Q1. Which Cisco ESA predefined sender group uses parameter-matching to reject senders? 

A. BLACKLIST 

B. WHITELIST 

C. SUSPECTLIST 

D. UNKNOWNLIST 

View Answer

Q2. With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic? 

A. protocol 

B. rate 

C. bandwidth 

D. limit 

View Answer

Q3. Which Cisco ESA command is used to edit the ciphers that are used for GUI access? 

A. interfaceconfig 

B. etherconfig 

C. certconfig 

D. sslconfig 

View Answer

Q4. What is a primary difference between the web security features of the Cisco WSA and the Cisco ASA NGFW? 

A. Cisco WSA provides URL filtering, while Cisco ASA NGFW does not. 

B. Cisco ASA NGFW provides caching services, while Cisco WSA does not. 

C. Cisco WSA provides web reputation filtering, while Cisco ASA NGFW does not. 

D. Cisco ASA NGFW provides application visibility and control on all ports, while Cisco WSA does not. 

View Answer

Q5. Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.) 

A. It configures system polices for NAC devices. 

B. It forwards traffic to destination devices. 

C. It provides statistics for device health. 

D. It replaces syslog, RADIUS, and TACACS+ servers. 

E. It automatically detects Cisco security appliances to configure. 

View Answer

Q6. Which two options are characteristics of router-based IPS? (Choose two.) 

A. It supports custom signatures 

B. It supports virtual sensors. 

C. It supports multiple VRFs. 

D. It uses configurable anomaly detection. 

E. Signature definition files have been deprecated. 

View Answer

Q7. Which IPS feature allows you to aggregate multiple IPS links over a single port channel? 

A. UDLD 

B. ECLB 

C. LACP 

D. PAgP 

View Answer

Q8. The Web Security Appliance has identities defined for faculty and staff, students, and default access. The faculty and staff identity identifies users based on the source network and authenticated credentials. The identity for students identifies users based on the source network along with successful authentication credentials. The global identity is for guest users not authenticated against the domain. 

Recently, a change was made to the organization's security policy to allow faculty and staff access to a social network website, and the security group changed the access policy for faculty and staff to allow the social networking category. 

Which are the two most likely reasons that the category is still being blocked for a faculty and staff user? (Choose two.) 

A. The user is being matched against the student policy because the user did not enter credentials. 

B. The user is using an unsupported browser so the credentials are not working. 

C. The social networking URL was entered into a custom URL category that is blocked in the access policy. 

D. The user is connected to the wrong network and is being blocked by the student policy. 

E. The social networking category is being allowed but the AVC policy is still blocking the website. 

View Answer

Q9. What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails? 

A. Inline; fail open 

B. Inline; fail closed 

C. Promiscuous; fail open 

D. Promiscuous; fail closed 

View Answer

Q10. Refer to the exhibit. 

The system administrator of mydomain.com was informed that one of the users in his environment received spam from an Internet sender. Message tracking shows that the emails for this user were not scanned by antispam. Why did the Cisco Email Security gateway fail to do a spam scan on emails for user@mydomain.com? 

A. The remote MTA activated the SUSPECTLIST sender group. 

B. The Cisco Email Security gateway created duplicates of the message. 

C. The user user@mydomain.com matched an inbound rule with antispam disabled. 

D. The user bob@mydomain.com matched an inbound rule with antispam disabled. 

View Answer