Cisco 300-207

Implementing Cisco Threat Control Solutions

(Page 1 out of 17)
Showing 15 of 242 Questions
Exam Version: 11.0
Question No : 1 -




What action will the sensor take regarding IP addresses listed as known bad hosts in the
Cisco SensorBase network?

  • A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.
  • B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
  • C. It will not adjust risk rating values based on the known bad hosts list.
  • D. Reputation filtering is disabled.

Answer : D

Explanation: This can be seen on the Globabl Correlation Inspection/Reputation tab show below:

Question discussion



Question No : 2 -

Who or what calculates the signature fidelity rating in a Cisco IPS?

  • A. the signature author
  • B. Cisco Professional Services
  • C. the administrator
  • D. the security policy

Answer : A

Question discussion



Question No : 3 -

What are the initial actions that can be performed on an incoming SMTP session by the
workqueue of a Cisco Email Security Appliance?

  • A. Accept, Reject, Relay, TCPRefuse
  • B. LDAP Verification, Envelope Sender Verification, Bounce Verification, Alias Table Verification
  • C. Recipient Access Table Verification, Host DNS Verification, Masquerading, Spam Payload Check
  • D. SMTP Authentication, SBRS Verification, Sendergroup matching, DNS host verification

Answer : A

Question discussion



Question No : 4 -

What is a valid search parameter for the Cisco ESA find event tool?

  • A. Envelope Origination
  • B. Envelope Type
  • C. Message ID
  • D. Download Type

Answer : C

Question discussion



Question No : 5 -

Refer to the exhibit.


The security engineer has configured cisco cloud web security redirection on a Cisco ASA
firewall. Which statement describes what can be determined from exhibit?

  • A. In case of issues, the next step should be to perform debugging on the cisco ASA.
  • B. The URL visited by the user was LAB://testgroup.
  • C. This out has been obtained by browsing to whoami.scansafe.net
  • D. The IP address of the Scansafe tower is 209.165.200.241

Answer : C

Question discussion



Question No : 6 -

A Cisco Web Security Appliance's policy can provide visibility and control of which two
elements? (Choose two.)

  • A. Voice and Video Applications
  • B. Websites with a reputation between -100 and -60
  • C. Secure websites with certificates signed under an unknown CA
  • D. High bandwidth websites during business hours

Answer : C,D

Question discussion



Question No : 7 -




What is the status of OS Identification?

  • A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
  • B. OS mapping information will not be used for Risk Rating calculations.
  • C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
  • D. It is enabled for passive OS fingerprinting for all networks.

Answer : D

Explanation: Understanding Passive OS Fingerprinting Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type. The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert. Passive OS fingerprinting consists of three components: Passive OS learning Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address. User-configurable OS identification You can configure OS host mappings, which take precedence over learned OS mappings. Computation of attack relevance rating and risk rating.

Question discussion



Question No : 8 -

Refer to the exhibit.


What CLI command generated the output?

  • A. smtproutes
  • B. tophosts
  • C. hoststatus
  • D. workqueuestatus

Answer : B

Question discussion



Question No : 9 -

When does the Cisco ASA send traffic to the Cisco ASA IPS module for analysis?

  • A. after outgoing VPN traffic is encrypted
  • B. after firewall policies are applied
  • C. before incoming VPN traffic is decrypted.

Answer : B

Question discussion



Question No : 10 -

What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)

  • A. Checking for new signatures every 4 hours
  • B. Checking for new signatures on a staggered schedule
  • C. Automatically updating signature packs
  • D. Manually updating signature packs
  • E. Group tuning of signatures
  • F. Single tuning of signatures

Answer : B,C,E

Question discussion



Question No : 11 -

Which five system management protocols are supported by the Cisco Intrusion Prevention
System? (Choose five.)

  • A. SNMPv2c
  • B. SNMPv1
  • C. SNMPv2
  • D. SNMPv3
  • E. Syslog
  • F. SDEE
  • G. SMTP

Answer : A,B,C,F,G

Question discussion



Question No : 12 -

Which two practices are recommended for implementing NIPS at enterprise Internet
edges? (Choose two.)

  • A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).
  • B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).
  • C. Implement redundant IPS and make data paths symmetrical.
  • D. Implement redundant IPS and make data paths asymmetrical.
  • E. Use NIPS only for small implementations.

Answer : A,C

Question discussion



Question No : 13 -

Which Cisco technology combats viruses and malware with virus outbreak filters that are
downloaded from Cisco SenderBase?

  • A. ASA
  • B. WSA
  • C. Secure mobile access
  • D. IronPort ESA
  • E. SBA

Answer : D

Question discussion



Question No : 14 -

Which IPS feature allows you to aggregate multiple IPS links over a single port channel?

  • A. UDLD
  • B. ECLB
  • C. LACP
  • D. PAgP

Answer : B

Question discussion



Question No : 15 -

Which action is possible when a signature is triggered on the Cisco IOS IPS?

  • A. Send an email via SMTP to the administrator
  • B. Deny all packets with the same port destination
  • C. Send an SNMP alert to a monitoring system

Answer : A

Question discussion



(Page 1 out of 17)
Showing of 242 Questions
Exam Version: 11.0