300-210 Implementing Cisco Threat Control Solutions

Page 1   
Question 1

Which policy must you edit to make changes to the Snort preprocessors?

  • A. access control policy
  • B. network discovery policy
  • C. intrusion policy
  • D. file policy
  • E. network analysis policy


Answer : A

Question 2

Access the configuration of the Cisco Email Security Appliance using the MailFlowPolicies
tab. Within the GUI, you can navigate between the Host Access Table Overview and Mail
Flow Policies tables. You can also navigate to the individual Mail Flow Policies and Sender
Groups that are configured on the appliance.
Consider the configuration and the SenderBase Reputation Scores of the following fictitious
domains when answering the four multiple choice questions.

  • A. red.public, -6
  • B. orange.public, -4
  • C. yellow.public, -2
  • D. green. .public, 2
  • E. blue.public, 6
  • F. violet.public, 8


Answer : D

Question 3

Which Cisco FirePOWER setting is used to reduce the number of events received in a
period of time and avoid being overwhelmed?

  • A. thresholding
  • B. rate-limiting
  • C. limiting
  • D. correlation


Answer : D

Question 4

Which policy is used to capture host information on the Cisco Next Generation Intrusion
Prevention System?

  • A. network discovery
  • B. correlation
  • C. intrusion
  • D. access control


Answer : C

Question 5

The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can
facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP
to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to
their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and
one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and
select the best answer.





Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with
respect to redirected ports?

  • A. Both are configured for port 80 only.
  • B. Both are configured for port 443 only.
  • C. Both are configured for both port 80 and 443.
  • D. Both are configured for ports 80, 443 and 3128.
  • E. There is a configuration mismatch on redirected ports.


Answer : C

Explanation: This can be seen from the WSA Network tab shown below:

Question 6

Which two TCP ports can allow the Cisco Firepower Management Center to
communication with FireAMP cloud for file disposition information? (Choose two.)

  • A. 8080
  • B. 22
  • C. 8305
  • D. 32137
  • E. 443


Answer : D,E

Explanation: http://www.cisco.com/c/en/us/support/docs/security/sourcefire-fireamp- private-cloud-virtual-appliance/118336-configure-fireampprivatecloud- 00.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/support/docs/securi ty/sourcefire-amp-appliances/118121-technote-sourcefire-00.html

Question 7

Which type of policy is used to define the scope for applications that are running on hosts?

  • A. access control policy.
  • B. application awareness policy.
  • C. application detector policy.
  • D. network discovery policy.


Answer : C

Question 8

Which option lists the minimum requirements to deploy a managed device inline?

  • A. passive interface, security zone, MTU, and link mode.
  • B. passive interface, MTU, MDI/MDIX, and link mode.
  • C. inline interfaces, MTU, MDI/MDIX, and link mode.
  • D. inline interfaces, security zones, MTU, and link mode.


Answer : A

Question 9

A customer is concerned with their employees internet usage and has asked for more web
traffic control. Which two features of the cisco web security appliance help with issue?
(choose two)

  • A. Advanced Malware Protection
  • B. Dynamic ARP Inspection
  • C. DHCP spoofing Protection
  • D. Network Address Translation
  • E. Application Visibility and Control


Answer : A,E

Question 10

The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can
facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP
to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to
their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and
one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and
select the best answer.





Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with
respect to redirected ports?

  • A. Both are configured for port 80 only.
  • B. Both are configured for port 443 only.
  • C. Both are configured for both port 80 and 443.
  • D. Both are configured for ports 80, 443 and 3128.
  • E. There is a configuration mismatch on redirected ports.


Answer : C

Explanation: This can be seen from the WSA Network tab shown below:

Question 11

An engineer must architect an AMP private cloud deployment. What is the benefit of
running in air-gaped mode?

  • A. Internet connection is not required for disposition.
  • B. Database sync time is reduced.
  • C. Disposition queries are done on AMP appliances.
  • D. A dedicated server is needed to run amp-sync. Answer D


Answer : C

Question 12

When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud
for analysis?

  • A. Spero analysis
  • B. dynamic analysis
  • C. sandbox analysis
  • D. malware analysis


Answer : B

Question 13

With Cisco FirePOWER Threat Defense software, which interface mode do you configure
to passively receive traffic that passes the appliance?

  • A. transparent
  • B. routed
  • C. passive
  • D. inline set
  • E. inline tap


Answer : C

Question 14

On Cisco Firepower Management Center, which policy is used to collect health modules
alerts from managed devices?

  • A. health policy
  • B. system policy
  • C. correlation policy
  • D. access control policy
  • E. health awareness policy


Answer : A

Question 15

When the WSA policy trace tool is used to make a request to the proxy, where is the
request logged?

  • A. proxy logs
  • B. access logs
  • C. authentication logs
  • D. The request is not logged


Answer : B

Page 1