650-568 Cisco Web Security Field Engineer Specialist

Page 1   
Question 1

How is PIM usually run?

  • A. via a login script or GPO at the time that the user log on.(My Answer)
  • B. Via a service that runs transparently, on the user's machine and cannot be stopped.
  • C. Via a network proxy such as a connector
  • D. via setting on IE or Firefox Browser.


Answer : A

Question 2

Which of these is the best way to convince a prospect of the benefits of the S-Series?

  • A. show them independent tests and reviews
  • B. describe the theory of operation and system internals
  • C. give a Microsoft PowerPoint presentation
  • D. give a demonstration that could lead to an evaluation


Answer : D

Question 3

Which of these provide centralized reporting for the S-Series?

  • A. M-Series appliance
  • B. sawmill for Cisco IronPort
  • C. the built-in WSA reporting infrastructure
  • D. Cisco application control engine


Answer : B

Question 4

Which statement about the S-Series native FTP proxy is not true?

  • A. both active and passive modes FTP are supported
  • B. by default the FTP proxy uses port 8021
  • C. access polices may apply to native FTP traffic
  • D. data loss prevention policies may apply to native FTP traffic
  • E. authentication is supported in transparent mode


Answer : E

Question 5

When do you need to configure the P1 interface?

  • A. whenever you have an upstream proxy
  • B. whenever you intend to deploy the L4TM in blocking mode
  • C. whenever you want to enable the WSA proxy
  • D. whenever you have a separate management VLAN or subnetwork


Answer : D

Question 6

For WSA SaaS Access Control, the Identity Provider is:

  • A. Integrated into the Authentication Server.
  • B. Deployed by the SaaS service provider.
  • C. Integrated into the WSA.
  • D. An ICAP server that the WSA is configured to communicate with.


Answer : C

Question 7

Which of these is a drawback in using McAfee heuristic scanning?

  • A. heuristic scanning cannot detect new malware with an unknown signature
  • B. heuristic scanning requires a separate license key
  • C. heuristic scanning increases the probability of false positives
  • D. heuristic scanning increases the probability of false negatives


Answer : C

Question 8

Match the interface with the use on the WSA.




Answer :

Question 9

Which of these is not an action that is associated with HTTPS decryption policies?

  • A. drop
  • B. pass-through
  • C. decrypt
  • D. block


Answer : D

Question 10

Which statement about using McAfee and Webroot together is true?

  • A. it is not recommended: the system will not detect more malware
  • B. it is not possible : the WSA will accept only one anti-malware license
  • C. the system will stop all web-based threats
  • D. it is recommended: the system will detect more malware


Answer : D

Question 11

Which statement about HTTPS decryption on the WSA is true?

  • A. if enabled, all HTTPS traffic must be decrypted
  • B. if WBRS is enabled, it can be used to determine whether the HTTPS traffic is to be decrypted
  • C. decrypted HTTPS traffic is sent unencrypted across the enterprise intranet
  • D. object size can be used to determine whether the HTTPS traffic is to be decrypted


Answer : B

Question 12

Which statement is true?

  • A. the L4TM allow list overrides the block list
  • B. the overlap of the L4TM allow list and block list is the L4TM grey list
  • C. the L4TM block lists override the allow lists
  • D. L4TM allow list and block list overlaps are not permitted


Answer : A

Question 13

Which of the following is true about Outbound Malware Scanning?

  • A. It has its own policy table.
  • B. It is configured as part of Access Policies.
  • C. It is configured as part of IronPort data Security.
  • D. It only has global configuration.


Answer : B

Question 14

If you want to reset your configuration back to the factory defaults but keep your logs and
reports, Which CLI command should you use>

  • A. resetconfig
  • B. restoreconfig
  • C. loadconfig
  • D. reload


Answer : A

Question 15

How Long is reporting data kept on record in WIRe by default?

  • A. 1 year for blocked traffic, 45 days for allowed traffic.
  • B. 1 year for both allowed and blocked
  • C. 45 days for both (My answer)
  • D. 45 days for blocked, 1 year for allowed


Answer : C

Page 1