Selftestengine q

Transcription

1 Selftestengine q Number: Passing Score: 800 Time Limit: 120 min File Version: Web Security for Field Engineers Still Valid in Egypt, Passed today using this Dump only, 8xx Score on 11/01/2015,All questions were from this dump

2 Exam A QUESTION 1 Why does L4TM require T1 to be in promiscuous mode? A. To transmit TCP reset packets B. To process traffic that is not intended for its MAC address C. To receive Ethernet broadcasts D. To bind with other promiscuous mode ports /Reference: : QUESTION 2 Which action does Dynamic Content Analysis enable the Web Security Appliance to do? A. Reclassify miscategorized sites. B. Determine the most likely category of the website delivering content. C. Block web content based on the Web Reputation of the serving site. D. Choose the best AV engine to scan content. E. Redirect the user to a site that the security administrator chooses. /Reference: : appliance/datasheet_c html QUESTION 3 In the access log, what does an ACL tag beginning with BLOCK_ADMIN indicate? A. The transaction was blocked because of application or object properties. B. The malware category is set to blocking mode. C. The transaction was manually blocked by the administrative user. D. The destination was manually added to the block list. /Reference: : QUESTION 4 You are helping the customer configure authentication. A new AsyncOS upgrade becomes available; what should you do? A. Avoid mentioning the upgrade to the customer. B. Immediately show the customer how to run the CLI command upgrade. C. Contact customer support and ask them to run the upgrade for you. D. Schedule a convenient time to upgrade again, backing up the configuration before and after the

3 upgrade. /Reference: : QUESTION 5 Which of these cannot be used in defining policies? A. User agent B. Proxy port C. Usage quotas D. Time of day /Reference: : QUESTION 6 If authentication is enabled, which statement is true? A. Client reports will display both the username and IP address of the clients B. Client reports will display the IP address of the authentication server. C. Client reports are not affected by authentication. D. Client reports will display authenticated usernames. /Reference: : QUESTION 7 What is "stream scanning"? A. scanning streaming media for malware B. passing pieces of a download to the client while the download is being scanned C. scanning multiple downloads at the same time D. passing scanned pieces of the file between two different malware-scanning engines /Reference:

4 : QUESTION 8 Which of these is not used as a monitoring tool? A. CLI commands B. alerts C. SNMP traps D. policy trace /Reference: : QUESTION 9 Which option describes how a user enables licensed features on the virtual WSA? A. from the CLI using the featurekey command B. from the CLI using the loadlicense command C. from the CLI using the update command D. from the GUI using the System Administration/Feature Keys menu page E. from the GUI using the System Administration/Feature Key Settings menu page /Reference: : ontent_security_virtual_appliance_install_guide.pdf (Page no. 6) QUESTION 10 Which option describes the Cisco best practice for configuration of the Web Usage Control feature? A. To configure the Global Policy as the most restrictive B. To configure the Global Policy as the least restrictive C. To configure every access policy using the inherited attributes from the Global Policy D. To leave all actions in the Global Policy set to Monitor /Reference: : QUESTION 11 What does the appearance of the ACL tag BLOCK_WBRS in the access log mean? A. Your appliance or the WBRS key is out of support. B. The proxy blocked an outbound request because the client is infected with malware C. The proxy blocked access to a site because of a suspicious server response. D. The proxy blocked access to a site with a low reputation score.

5 /Reference: : QUESTION 12 Which option describes the Cisco best practice for using authentication-based access policies? A. It should be used as the Global Policy. B. It should be used above nonauthentieating access policies in the Web Security Manager/Access Policies menu page C. It should be used below nonauthentieating access policies in the Web Security Manager/Access Policies menu page. D. It should be used as the only policy. /Reference: : QUESTION 13 If you want to create a ScanSafe filter that will block any shopping or gambling website, what should you add to the filter? A. Specific file types B. Specific domains and URLs C. Specific keywords D. Specific URL categories /Reference: : QUESTION 14 Bandwidth limits cannot be: A. overall B. per (LDAP) group C. per user /Reference: : QUESTION 15 A single transaction can be scanned in parallel by: A. Webroot, Sophos and McAfee B. Webroot and Sophos C. Sophos and McAfee D. None of the above

6 /Reference: : QUESTION 16 Which option describes the policies that the security administrator can create using Adaptive Scanning? A. to scan all content using all malware and antivirus algorithms B. to use specifically designated antivirus scanning engines in designated access policies C. to block malware and viruses D. to use optimized antivirus weighting and scanning algorithms against content types without administrator configuration /Reference: : Adaptive Scanning is a new content scanning logic introduced on the Cisco IronPort S-Series. This new security feature greatly increases the catch rate for malware embedded in images, Javascript, text, and Flash files. Adaptive Scanning intelligently selects scanners based on numerous criteria, such as the web reputation score, content type, the scanner catch rate for a given content type, and the scanning cost of a given scanner, resulting in up to 35% higher efficacy in blocking malware. QUESTION 17 Which S-Series CLI command can help troubleshoot WCCP? A. weep debug enable B. show weep C. tail accesslogs D. tail proxylogs /Reference: : QUESTION 18 Which statement is false? A. Custom URL categories cannot contain IP addresses. B. Custom URL categories cannot override predefined URL categories C. Custom URL categories can contain domain names. D. Custom URL categories can use regular expressions. /Reference: :

7 QUESTION 19 For WSA SaaS Access Control, the Identity Provider is: A. An ICAP server that the WSA is configured to communicate with B. Integrated into the WSA. C. Deployed by the SaaS service provider. D. Integrated into the Authentication Server. /Reference: : QUESTION 20 How is PIM usually run? A. Via settings in IE or Firefox browsers B. Via a network proxy such as Connector C. Via a service that runs transparently on the user's machine and cannot be stopped D. Via a login script or GPO at the time that the user logs on /Reference: : QUESTION 21 Which statement about HTTPS decryption on the WSA is true? A. Decrypted HTTPS traffic is sent unencrypted across the enterprise intranet. B. Object size can be used to determine whether the HTTPS traffic is to be decrypted. C. If WBRS is enabled, it can be used to determine whether the HTTPS traffic is to be decrypted D. If enabled, all HTTPS traffic must be decrypted. /Reference: : QUESTION 22 Which of these is not part of the pre_installation worksheet? A. authentication infrastructure B. acceptable use policies C. S-Series interface settings

8 D. deployment options /Reference: : QUESTION 23 Which of these is not an action that is associated with HTTPS decryption policies? A. decrypt B. drop C. block D. pass-through /Reference: : QUESTION 24 Which statement about WSA user authentication is true? A. A single WSA can have up to two authentication realms: one for LDAP and one for NTLM B. WSA supports LDAP but not NTLM. C. WSA supports NTLM but not LDAP. D. A single WSA can have multiple LDAP realms. /Reference: : QUESTION 25 Which file characteristic cannot be used in the Cisco IronPort Data Security policies? A. filename B. file age C. file size D. file type /Reference: : QUESTION 26 Which of these uses ICAP? A. Decryption policies B. Anti-malware scanning

9 C. Data loss prevention policies D. Cisco IronPort Data Security policies /Reference: : QUESTION 27 Which statement about the S-Series native FTP proxy is not true? A. Access policies may apply to native FTP traffic. B. Data loss prevention policies may apply to native FTP traffic C. Authentication is supported in transparent mode. D. Both active and passive mode FTP are supported. E. By default, the FTP proxy uses port /Reference: : QUESTION 28 If you want to reset your configuration back to the factory defaults but keep your logs and reports, which CLI command should you use? A. Reload B. Restoreconfig C. Resetconfig D. Loadconfig /Reference: : QUESTION 29 What is a benefit of NTLMSSP over basic authentication? A. Basic cannot be used in transparent proxy mode. B. NTLMSSP is compatible with OpenLDAP. C. NTLMSSP is more secure than basic. D. Basic requires reauthentication with every new domain /Reference: : QUESTION 30 What is the S-Series Proxy Bypass List?

10 A. a list of clients and destinations that will bypass the proxy in explicit forward mode B. a list of clients and destinations that will bypass the proxy in transparent mode C. a list of user agents exempt from authentication D. a list of proxy servers that are to be bypassed /Reference: : QUESTION 31 Which CLI command is used to create a W3C log? A. mklogfiie B. advancedproxyconfig C. makelog D. logconfig E. w3clogconfig /Reference: : QUESTION 32 Which statement about the DVS engine is true? A. The DVS engine can use Webroot and McAfee scanning in parallel B. The DVS engine never inspects the client HTTP request. C. The DVS engine generates the WBRS. D. The DVS engine is only used for Layer 4 traffic monitoring. /Reference: : QUESTION 33 Which sites does WBRS block by default? A. those with a reputation score equal to or less than -6 B. those with a reputation score less than -6 C. those with a reputation score greater than 6 D. those with a reputation score less than -5.9

11 E. those with a reputation score equal to or less than -5.9 /Reference: : QUESTION 34 TRR and TRT are associated with which WSA component? A. L4TM B. Anti-Malware C. URL Filters D. Web Reputation /Reference: : QUESTION 35 In AsyncOS 7.0 for web the choice of Authentication Surrogate is? A. Defined separately for each Identity B. A global setting C. Defined separately for each Access Policy D. Defined separately for each malware engine /Reference: : QUESTION 36 Which of the following is NOT provided by AVC? A. Deep IM control B. Media bandwidth control C. Web usage quotas D. Safe Search /Reference: : QUESTION 37 Which option describes a reason that a security administrator would configure suspect user agent scanning? A. to block Microsoft Updates B. to identify compromised hosts that are trying "phone home"

12 C. to block corporate users from using nonsanctioned web browsers D. to protect web servers from attack /Reference: : QUESTION 38 How long is reporting data kept on record in WIRe by default? A. 45 days for both "blocked traffic", and for "allowed traffic" B. 1 year for "blocked traffic", and 45 days for "allowed traffic" C. 1 year for both "blocked traffic", and for "allowed traffic" D. 45 days for "blocked traffic", and 1 year for "allowed traffic" /Reference: : QUESTION 39 Which statement is true? A. The L4TM allow list overrides the block list. B. The overlap of the L4TM allow list and block list is the L4TM grey list C. The L4TM block lists override the allow lists. D. L4TM allow list and block list overlaps are not permitted. /Reference: : QUESTION 40 What are PAC files used for? A. user agent-based policies B. explicit forward mode proxy deployments C. transparent mode proxy deployments D. L4TM /Reference: : QUESTION 41 When do you need to configure the P1 interface? A. whenever you have an upstream proxy

13 B. whenever you want to enable the WSA proxy C. whenever you intend to deploy the L4TM in blocking mode D. whenever you have a separate management VLAN or subnetwork /Reference: : QUESTION 42 Which of these is an optional feature, requiring the purchase of a separate license after 30 days? A. L4TM B. Data Security C. HTTPS Proxy D. Web Reputation filtering /Reference: : QUESTION 43 Which authentication protocol takes precedence by default when WSA uses AD authentication? A. LDAPS B. Kerberos C. NTLMv3 D. NTLMv2 E. LDAP F. NTLMSSP Correct Answer: F /Reference: : QUESTION 44 What feature on the WSA provides Day Zero Revocation of access to third party sites such as Salesforce? A. Application Visibility and Control B. SaaS Access Control C. Dynamic Vectoring and Streaming engine D. Day Zero Revocation engine /Reference: : QUESTION 45

14 Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts to exhaust critical router resources and if preventative controls have been bypassed or are not working correctly? A. Control Plane Protection B. Management Plane Protection C. CPU and memory thresholding D. SNMPv3 /Reference: : QUESTION 46 Which of these is a suspect user agent? A. <> (the null string) B. Wget/1.8.1 C. Mozilla/5.0 D. Opera/9.0 /Reference: : QUESTION 47 Which credentials must be entered into the S-Series GUI when joining the Active Directory domain? A. the credentials of the account (created by the S-Series) on the Active Directory server when the domain is joined B. the credentials of a privileged account on the Active Directory server C. the credentials of any account on the Active Directory server D. the S-Series administrative account /Reference: : QUESTION 48 Which protocol does External Data Loss Protection integration with the Web Security Appliance use? A. SNMP B. SMTP C. HTTP D. ICAP E. ICMP F. LDAP G. IMAP

15 /Reference: : QUESTION 49 Which action can the security administrator define using Application Visibility and Controls? A. to control application actions inside Web 2.0 applications B. to define bandwidth controls for streaming media content types C. to use Web Reputation Score to block or allow URL content to be delivered from the appliance D. to block MIME content types on a per policy basis /Reference: