testexam23 Flydumps Cisco 300-207 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco https://www.leads4pass.com/300-207.html exam objectives. You will find them to be very helpful and precise in the subject matter since all the Cisco 642-357 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.
QUESTION 1
During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?
A. cxsc fail
B. cxsc fail-close
C. cxsc fail-open
D. cxssp fail-close
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 2
A network engineer may use which three types of certificates when implementing HTTPS decryption services on the ASA CX? (Choose three.)
A. Self Signed Server Certificate
B. Self Signed Root Certificate
C. Microsoft CA Server Certificate
D. Microsoft CA Subordinate Root Certificate
E. LDAP CA Server Certificate
F. LDAP CA Root Certificate
G. Public Certificate Authority Server Certificate
H. Public Certificate Authority Root Certificate
Correct Answer: BDF Explanation
Explanation/Reference:
QUESTION 3
Cisco’s ASA CX includes which two URL categories? (Choose two.)
A. Proxy Avoidance
B. Dropbox
C. Hate Speech
D. Facebook
E. Social Networking
F. Instant Messaging and Video Messaging
Correct Answer: CE Explanation
Explanation/Reference:
QUESTION 4
A Cisco Web Security Appliance’s policy can provide visibility and control of which two elements? (Choose two.)
A. Voice and Video Applications
B. Websites with a reputation between -100 and -60
C. Secure websites with certificates signed under an unknown CA
D. High bandwidth websites during business hours
Correct Answer: CD Explanation
Explanation/Reference:
QUESTION 5
Which Cisco Web Security Appliance design requires minimal change to endpoint devices?
A. Transparent Mode
B. Explicit Forward Mode
C. Promiscuous Mode
D. Inline Mode
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 6
What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?
A. Web Security Manager HTTPS Proxy click Enable
B. Security Services HTTPS Proxy click Enable
C. HTTPS Proxy is enabled by default
D. System Administration HTTPS Proxy click Enable
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 7
Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.)
A. It integrates with Cisco Integrated Service Routers.
B. It supports threat avoidance and threat remediation.
C. It extends web security to the desktop, laptop, and PDA.
D. It integrates with Cisco ASA Firewalls.
Correct Answer: AD Explanation
Explanation/Reference:
QUESTION 8
Which Cisco Cloud Web Security tool provides URL categorization?
A. Cisco Dynamic Content Analysis Engine
B. Cisco ScanSafe
C. ASA Firewall Proxy
D. Cisco Web Usage Control
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 9
Which three functions can Cisco Application Visibility and Control perform? (Choose three.)
A. Validation of malicious traffic
B. Traffic control
C. Extending Web Security to all computing devices
D. Application-level classification
E. Monitoring
F. Signature tuning
Correct Answer: BDE Explanation
Explanation/Reference:
QUESTION 10
Which two options are features of the Cisco Email Security Appliance? (Choose two.)
A. Cisco Anti-Replay Services
B. Cisco Destination Routing
C. Cisco Registered Envelope Service
D. Cisco IronPort SenderBase Network
Correct Answer: CD Explanation
Explanation/Reference:
QUESTION 11
What is the authentication method for an encryption envelope that is set to medium security?
A. The recipient must always enter a password, even if credentials are cached.
B. A password is required, but cached credentials are permitted.
C. The recipient must acknowledge the sensitivity of the message before it opens.
D. The recipient can open the message without authentication.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 12
What is the default antispam policy for positively identified messages?
A. Drop
B. Deliver and Append with [SPAM]
C. Deliver and Prepend with [SPAM]
D. Deliver and Alternate Mailbox
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 13
Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance?
A. session 1 ip address
B. session 2 ip address
C. session 1
D. session ips console
E. session cxsc console
Correct Answer: E Explanation
Explanation/Reference:
QUESTION 14
What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?
A. 192.168.1.1
B. 192.168.1.2
C. 192.168.1.3
D. 192.168.1.4
E. 192.168.1.5
F. 192.168.8.8
Correct Answer: F Explanation
Explanation/Reference:
QUESTION 15
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration?
A. Inline Mode, Permit Traffic
B. Inline Mode, Close Traffic
C. Promiscuous Mode, Permit Traffic
D. Promiscuous Mode, Close Traffic
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 16
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?
A. Show statistics virtual-sensor
B. Show event alert
C. Show alert
D. Show version Correct Answer: A
Explanation Explanation/Reference:
QUESTION 17
What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance’s administrative interface?
A. adminaccessconfig
B. sshconfig
C. sslconfig
D. ipaccessconfig Correct Answer: A
Explanation Explanation/Reference:
QUESTION 18
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration?
A. Inline Mode, Permit Traffic
B. Inline Mode, Close Traffic
C. Promiscuous Mode, Permit Traffic
D. Promiscuous Mode, Close Traffic Correct Answer: B
Explanation Explanation/Reference:
QUESTION 19
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?
A. Show statistics virtual-sensor
B. Show event alert
C. Show alert
D. Show version Correct Answer: A
Explanation Explanation/Reference:
QUESTION 20
Which three options are characteristics of router-based IPS? (Choose three.)
A. It is used for large networks.
B. It is used for small networks.
C. It supports virtual sensors.
D. It supports multiple VRFs.
E. It uses configurable anomaly detection.
F. Signature definition files have been deprecated.
Correct Answer: BDF Explanation
Explanation/Reference:
QUESTION 21
What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)
A. Checking for new signatures every 4 hours
B. Checking for new signatures on a staggered schedule
C. Automatically updating signature packs
D. Manually updating signature packs
E. Group tuning of signatures
F. Single tuning of signatures
Correct Answer: BCE Explanation
Explanation/Reference:
QUESTION 22
Who or what calculates the signature fidelity rating?
A. the signature author
B. Cisco Professional Services
C. the administrator
D. the security policy
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 23
Which three zones are used for anomaly detection? (Choose three.)
A. Internal zone
B. External zone
C. Illegal zone
D. Inside zone
E. Outside zone
F. DMZ zone
Correct Answer: ABC Explanation
Explanation/Reference: QUESTION 24
What is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 – 255.255.255.255
C. 0.0.0.0/8
D. The network of the management interface Correct Answer: B
Explanation Explanation/Reference:
QUESTION 25
When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?
A. It is created every 24 hours and used for 24 hours.
B. It is created every 24 hours, but the current KB is used.
C. It is created every 1 hour and used for 24 hours.
D. A KB is created only in manual mode. Correct Answer: A
Explanation Explanation/Reference:
Flydumps is the leading company in providing Certification candidate with current Cisco 300-207 PDF for preparation. With Flydumps Cisco https://www.leads4pass.com/300-207.html dumps,you can pass your test easily and get a good job easily in the market and get on your path for success. Professionals with passed Cisco 300-207 Certification Exam are an absolute favorite in the industry.