Examcollection offers free demo for 300-207 exam. "Implementing Cisco Threat Control Solutions (SITCS)", also known as 300-207 exam, is a Cisco Certification. This set of posts, Passing the Cisco 300-207 exam, will help you answer those questions. The 300-207 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 300-207 exams and revised by experts!
2026 New 300-207 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/300-207/
Q1. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS
sessions and HTTPS access?
A. sslconfig
B. sslciphers
C. tlsconifg
D. certconfig
Answer: A
Q2. When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?
A. It is created every 24 hours and used for 24 hours.
B. It is created every 24 hours, but the current KB is used.
C. It is created every 1 hour and used for 24 hours.
D. A KB is created only in manual mode.
Answer: A
Q3. Which five system management protocols are supported by the Cisco Intrusion Prevention System? (Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv2
D. SNMPv3
E. Syslog
F. SDEE
G. SMTP
Answer: A,B,C,F,G
Q4. What is the status of OS Identification?
A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Answer: D
Explanation:
Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating
Q5. Which two conditions must you configure in an event action override to implement a risk rating of 70 or higher and terminate the connection on the IPS? (Choose two.)
A. Configure the event action override to send a TCP reset.
B. Set the risk rating range to 70 to 100.
C. Configure the event action override to send a block-connection request.
D. Set the risk rating range to 0 to 100.
E. Configure the event action override to send a block-host request.
Answer: A,B
Q6. The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.
What traffic is not redirected by WCCP?
A. Traffic destined to public address space
B. Traffic sent from public address space
C. Traffic destined to private address space
D. Traffic sent from private address space
Answer: B
Explanation: From the screen shot below we see the WCCP-Redirection ACL is applied, so all traffic from the Private IP space to any destination will be redirected.
\psfHomeDesktopScreen Shot 2015-01-27 at 9.38.36 AM.png
Q7. A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?
A. Show statistics virtual-sensor
B. Show event alert
C. Show alert
D. Show version
Answer: A
Q8. Which three statements about threat ratings are true? (Choose three.)
A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating.
B. The largest threat rating from all actioned events is added to the risk rating.
C. The smallest threat rating from all actioned events is subtracted from the risk rating.
D. The alert rating for deny-attacker-inline is 45.
E. Unmitigated events do not cause a threat rating modification.
F. The threat rating for deny-attacker-inline is 50.
Answer: A,D,E
Q9. Which Cisco IPS deployment mode is best suited for bridged interfaces?
A. inline interface pair mode
B. inline VLAN pair mode
C. inline VLAN group mode
D. inline pair mode
Answer: B
Q10. Which configuration mode enables a virtual sensor to monitor the session state for unidirectional traffic?
A. asymmetric mode
B. symmetric mode
C. loose mode
D. strict mode
Answer: A