700-281 Web Security for Field Engineers

Page 1   
Question 1

A single transaction can be scanned in parallel by:

  • A. Webroot, Sophos and McAfee
  • B. Webroot and Sophos
  • C. Sophos and McAfee
  • D. None of the above

Answer : B

Question 2

Which option describes the policies that the security administrator can create using
Adaptive Scanning?

  • A. to scan all content using all malware and antivirus algorithms
  • B. to use specifically designated antivirus scanning engines in designated access policies
  • C. to block malware and viruses
  • D. to use optimized antivirus weighting and scanning algorithms against content types without administrator configuration

Answer : D

Explanation: Adaptive Scanning is a new content scanning logic introduced on the Cisco IronPort S- Series. This new security feature greatly increases the catch rate for malware embedded in images, Javascript, text, and Flash files. Adaptive Scanning intelligently selects scanners based on numerous criteria, such as the web reputation score, content type, the scanner catch rate for a given content type, and the scanning cost of a given scanner, resulting in up to 35% higher efficacy in blocking malware.

Question 3

Which S-Series CLI command can help troubleshoot WCCP?

  • A. weep debug enable
  • B. show weep
  • C. tail accesslogs
  • D. tail proxylogs

Answer : D

Question 4

Which statement is false?

  • A. Custom URL categories cannot contain IP addresses.
  • B. Custom URL categories cannot override predefined URL categories
  • C. Custom URL categories can contain domain names.
  • D. Custom URL categories can use regular expressions.

Answer : A

Question 5

For WSA SaaS Access Control, the Identity Provider is:

  • A. An ICAP server that the WSA is configured to communicate with
  • B. Integrated into the WSA.
  • C. Deployed by the SaaS service provider.
  • D. Integrated into the Authentication Server.

Answer : B

Question 6

How is PIM usually run?

  • A. Via settings in IE or Firefox browsers
  • B. Via a network proxy such as Connector
  • C. Via a service that runs transparently on the user's machine and cannot be stopped
  • D. Via a login script or GPO at the time that the user logs on

Answer : D

Question 7

Which statement about HTTPS decryption on the WSA is true?

  • A. Decrypted HTTPS traffic is sent unencrypted across the enterprise intranet.
  • B. Object size can be used to determine whether the HTTPS traffic is to be decrypted.
  • C. If WBRS is enabled, it can be used to determine whether the HTTPS traffic is to be decrypted
  • D. If enabled, all HTTPS traffic must be decrypted.

Answer : C

Question 8

Which of these is not part of the pre_installation worksheet?

  • A. authentication infrastructure
  • B. acceptable use policies
  • C. S-Series interface settings
  • D. deployment options

Answer : A

Question 9

Which of these is not an action that is associated with HTTPS decryption policies?

  • A. decrypt
  • B. drop
  • C. block
  • D. pass-through

Answer : C

Question 10

Which statement about WSA user authentication is true?

  • A. A single WSA can have up to two authentication realms: one for LDAP and one for NTLM
  • B. WSA supports LDAP but not NTLM.
  • C. WSA supports NTLM but not LDAP.
  • D. A single WSA can have multiple LDAP realms.

Answer : D

Question 11

Which file characteristic cannot be used in the Cisco IronPort Data Security policies?

  • A. filename
  • B. file age
  • C. file size
  • D. file type

Answer : B

Question 12

Which of these uses ICAP?

  • A. Decryption policies
  • B. Anti-malware scanning
  • C. Data loss prevention policies
  • D. Cisco IronPort Data Security policies

Answer : C

Question 13

Which statement about the S-Series native FTP proxy is not true?

  • A. Access policies may apply to native FTP traffic.
  • B. Data loss prevention policies may apply to native FTP traffic
  • C. Authentication is supported in transparent mode.
  • D. Both active and passive mode FTP are supported.
  • E. By default, the FTP proxy uses port 8021.

Answer : C

Question 14

If you want to reset your configuration back to the factory defaults but keep your logs and
reports, which CLI command should you use?

  • A. Reload
  • B. Restoreconfig
  • C. Resetconfig
  • D. Loadconfig

Answer : C

Question 15

What is a benefit of NTLMSSP over basic authentication?

  • A. Basic cannot be used in transparent proxy mode.
  • B. NTLMSSP is compatible with OpenLDAP.
  • C. NTLMSSP is more secure than basic.
  • D. Basic requires reauthentication with every new domain

Answer : C

Page 1