300-207 Implementing Cisco Threat Control Solutions

Page 1   
Question 1

Which Cisco technology secures the network through malware filtering, category-based
control, and reputation-based control?

  • A. Cisco ASA 5500 Series appliances
  • B. Cisco remote-access VPNs
  • C. Cisco IronPort WSA
  • D. Cisco IPS

Answer : C

Question 2

Drag and drop the terms on the left onto the correct definition for the promiscuous IPS risk
rating calculation on the right.

Answer :

Explanation: C:\Users\Kamran\Desktop\1.jpg

Question 3

What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?

  • A. Web Security Manager HTTPS Proxy click Enable
  • B. Security Services HTTPS Proxy click Enable
  • C. HTTPS Proxy is enabled by default
  • D. System Administration HTTPS Proxy click Enable

Answer : B

Question 4

Which feature does Acceptable Use Controls use to implement Cisco AVC?

  • A. ISA
  • B. Cisco Web Usage Controls
  • C. Cisco WSA
  • D. Cisco ESA

Answer : B

Question 5

Which Cisco IOS command uses the default class map to limit SNMP inspection to traffic
from to

  • A. hostname(config)# access-list inspect extended permit ip hostname(config)# class-map inspection_default hostname(config-cmap)# match access-list inspect
  • B. hostname(config)# access-list inspect extended permit ip hostname(config-cmap)# match access-list inspect
  • C. hostname(config)# access-list inspect extended permit ip hostname(config)# class-map inspection_default hostname(config-cmap)# match access-list inspect
  • D. hostname(config)# access-list inspect extended permit ip hostname(config)# class-map inspection_default

Answer : C

Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect _overvi ew.html

Question 6

Refer to the exhibit.

The system administrator of mydomain.com received complaints that some messages that
were sent from sender user@somedomain.com were delayed. Message tracking data on
the sender shows that an email sample that was received was clean and properly
delivered. What is the likely cause of the intermittent delays?

  • A. The remote MTA has a SenderBase Reputation Score of -1.0.
  • B. The remote MTA is sending emails from RFC 1918 IP addresses.
  • C. The remote MTA has activated the SUSPECTLIST sender group.
  • D. The remote MTA has activated the default inbound mail policy.

Answer : C

Question 7

Which Cisco ESA component receives connections from external mail servers?

  • A. MTA
  • B. public listener
  • C. private listener
  • D. recipient access table
  • E. SMTP incoming relay agent

Answer : B

Question 8

The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can
facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP
to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to
their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and
one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and
select the best answer.

What traffic is not redirected by WCCP?

  • A. Traffic destined to public address space
  • B. Traffic sent from public address space
  • C. Traffic destined to private address space
  • D. Traffic sent from private address space

Answer : B

Explanation: From the screen shot below we see the WCCP-Redirection ACL is applied, so all traffic from the Private IP space to any destination will be redirected.

Question 9

When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result
in traffic being dropped? (Choose two.)

  • A. The signature engine is undergoing the build process.
  • B. The SDF failed to load.
  • C. The built-in signatures are unavailable.
  • D. An ACL is configured.

Answer : A,B

Question 10

What is the maximum number of recipients per hour that the Cisco Email Security
Appliance will accept from the green. public domain?

  • A. 0
  • B. 1
  • C. 20
  • D. 25
  • E. 50
  • F. 5000
  • G. Unlimited

Answer : C

Question 11

For which domains will the Cisco Email Security Appliance allow up to 5000 recipients per

  • A. violet. public
  • B. violet. public and blue. public
  • C. violet. Public, blue. Public and green.public
  • D. red. public orange. public red. public and orange. public

Answer : B

Question 12

What are two features of the Cisco ASA NGFW? (Choose two.)

  • A. It can restrict access based on qualitative analysis.
  • B. It can restrict access based on reputation.
  • C. It can reactively protect against Internet threats.
  • D. It can proactively protect against Internet threats.

Answer : B,D

Question 13

When centralized message tracking is enabled on the Cisco ESA, over which port does the
communication to the SMA occur by default?

  • A. port 2222/TCP
  • B. port 443/TCP
  • C. port 25/TCP
  • D. port 22/TCP

Answer : D

Question 14

r01(config)#ip wccp web-cache redirect-list 80 password local
Refer to the above. What can be determined from this router configuration command for

  • A. Traffic using TCP port 80 is redirected to the Cisco WSA.
  • B. The default “cisco” password is configured on the Cisco WSA.
  • C. Traffic denied in prefix-list 80 is redirected to the Cisco WSA.
  • D. Traffic permitted in access-list 80 is redirected to the Cisco WSA.

Answer : D

Question 15

Which three zones are used for anomaly detection in a Cisco IPS? (Choose three.)

  • A. internal zone
  • B. external zone
  • C. illegal zone
  • D. inside zone
  • E. outside zone
  • F. DMZ zone

Answer : A,B,C

Page 1