Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which Cisco IPS CLI command shows the most fired signature?
A. show statistics virtual-sensor
B. show event alert
C. show alert
D. show version
Answer: A
Q2. Refer to the exhibit.
What Cisco ESA CLI command generated the output?
A. smtproutes
B. tophosts C. hoststatus
D. workqueuestatus
Answer: B
Q3. What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?
A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.
B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
C. It will not adjust risk rating values based on the known bad hosts list.
D. Reputation filtering is disabled.
Answer: D
Explanation:
This can be seen on the Globabl Correlation – Inspection/Reputation tab show below:
Q4. Refer to the exhibit.
What are two facts about the interface that you can determine from the given output? (Choose two.)
A. A Cisco Flexible NetFlow monitor is attached to the interface.
B. A quality of service policy is attached to the interface.
C. Cisco Application Visibility and Control limits throughput on the interface.
D. Feature activation array is active on the interface.
Answer: A,B
Q5. Refer to the exhibit.
When designing the network to redirect web traffic utilizing the Catalyst 6500 to the Cisco Web Security Appliance, impact on the switch platform needs consideration. Which four rows identify the switch behavior in correlation to the redirect method? (Choose four.)
A. Row 1
B. Row 2
C. Row 3
D. Row 4
E. Row 5
F. Row 6
G. Row 7
H. Row 8
Answer: B,C,F,G
Q6. Who or what calculates the signature fidelity rating in a Cisco IPS?
A. the signature author
B. Cisco Professional Services
C. the administrator
D. the security policy
Answer: A
Q7. Which command can change the HTTPS SSL method on the Cisco ESA?
A. sslconfig
B. strictssl
C. sshconfig
D. adminaccessconfig
Answer: A
Q8. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS
sessions and HTTPS access?
A. sslconfig
B. sslciphers
C. tlsconifg
D. certconfig
Answer: A
Q9. Which three user roles are partially defined by default in Prime Security Manager? (Choose three.)
A. networkoperator
B. admin
C. helpdesk
D. securityoperator
E. monitoringadmin
F. systemadmin
Answer: B,C,F
Q10. Which three administrator actions are used to configure IP logging in Cisco IME? (Choose three.)
A. Select a virtual sensor.
B. Enable IP logging.
C. Specify the host IP address.
D. Set the logging duration.
E. Set the number of packets to capture.
F. Set the number of bytes to capture.
Answer: A,C,D
Q11. Which Cisco ESA predefined sender group uses parameter-matching to reject senders?
A. BLACKLIST
B. WHITELIST
C. SUSPECTLIST
D. UNKNOWNLIST
Answer: A
Q12. Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps should Joe implement to accomplish this goal? (Choose four.)
A. Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI.
B. Add the Cisco Web Security Appliance IP address to the local access list.
C. Enable HTTPS access via the GUI/CLI with redirection from HTTP.
D. Replace the Cisco self-signed certificate with a publicly signed certificate.
E. Put the Cisco WSA Management interface on a private management VLAN.
F. Change the netmask on the Cisco WSA Management interface to a 32-bit mask.
G. Create an MX record for the Cisco Web Security Appliance in DNS.
Answer: A,C,D,E
Q13. What is the status of OS Identification?
A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Answer: D
Explanation:
Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating
Q14. A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?
A. drop-exE. if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }
B. drop-exE. if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }
C. drop-exe! if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }
D. drop-exe! if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }
Answer: A
Q15. What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?
A. Web Security Manager HTTPS Proxy click Enable
B. Security Services HTTPS Proxy click Enable
C. HTTPS Proxy is enabled by default
D. System Administration HTTPS Proxy click Enable
Answer: B
Q16. Which two Cisco IPS events will generate an IP log? (Choose two.)
A. A signature had an event action that was configured with log packets.
B. A statically configured IP or IP network criterion was matched.
C. A dynamically configured IP address or IP network was matched.
D. An attack produced a response action.
Answer: A,B