Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which centralized reporting function of the Cisco Content Security Management Appliance
aggregates data from multiple Cisco ESA devices?
A. message tracking
B. web tracking
C. system tracking
D. logging
Answer: A
Q2. Which Cisco Web Security Appliance design requires minimal change to endpoint devices?
A. Transparent Mode
B. Explicit Forward Mode
C. Promiscuous Mode
D. Inline Mode
Answer: A
Q3. You ran the ssh generate-key command on the Cisco IPS and now administrators are unable to connect. Which action can be taken to correct the problem?
A. Replace the old key with a new key on the client.
B. Run the ssh host-key command.
C. Add the administrator IP addresses to the trusted TLS host list on the IPS.
D. Run the ssh authorized-keys command.
Answer: A
Q4. Which two commands are valid URL filtering commands? (Choose two.)
A. url-server (DMZ) vendor smartfilter host 10.0.1.1
B. url-server (DMZ) vendor url-filter host 10.0.1.1
C. url-server (DMZ) vendor n2h2 host 10.0.1.1
D. url-server (DMZ) vendor CISCO host 10.0.1.1
E. url-server (DMZ) vendor web host 10.0.1.1
Answer: A,C
Q5. An IPS is configured to fail-closed and you observe that all packets are dropped. What is a possible reason for this behavior?
A. Mainapp is unresponsive.
B. The global correlation update failed.
C. The IPS span session failed.
D. The attack drop file is misconfigured.
Answer: A
Q6. Which three statements about Cisco ASA CX are true? (Choose three.)
A. It groups multiple ASAs as a single logical device.
B. It can perform context-aware inspection.
C. It provides high-density security services with high availability.
D. It uses policy-based interface controls to inspect and forward TCP- and UDP-based packets.
E. It can make context-aware decisions.
F. It uses four cooperative architectural constructs to build the firewall.
Answer: B,E,F
Q7. Which IPS engine detects ARP spoofing?
A. Atomic ARP Engine
B. Service Generic Engine
C. ARP Inspection Engine
D. AIC Engine
Answer: A
Q8. What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?
A. filterconfig
B. filters new
C. messagefilters
D. policyconfig-- inbound or outbound-- filters
Answer: B
Q9. Refer to the exhibit.
What CLI command generated the output?
A. smtproutes
B. tophosts
C. hoststatus
D. workqueuestatus
Answer: B
Q10. When you configure the Cisco ESA to perform blacklisting, what are two items you can disable to enhance performance? (Choose two.)
A. spam scanning
B. antivirus scanning
C. APT detection
D. rootkit detection
Answer: A,B
Q11. Which two statements about Cisco ESA clusters are true? (Choose two.)
A. A cluster must contain exactly one group.
B. A cluster can contain multiple groups.
C. Clusters are implemented in a client/server relationship.
D. The cluster configuration must be managed by the cluster administrator.
E. The cluster configuration can be created and managed through either the GUI or the CLI.
Answer: B,E
Q12. Which command verifies that CWS redirection is working on a Cisco IOS router?
A. show content-scan session active
B. show content-scan summary
C. show interfaces stats
D. show sessions
Answer: A
Q13. A network engineer can assign IPS event action overrides to virtual sensors and configure
which three modes? (Choose three.)
A. Anomaly detection operational mode
B. Inline TCP session tracking mode
C. Normalizer mode
D. Load-balancing mode
E. Inline and Promiscuous mixed mode
F. Fail-open and fail-close mode
Answer: A,B,C
Q14. Which Cisco technology provides spam filtering and email protection?
A. IPS
B. ESA
C. WSA
D. CX
Answer: B
Q15. Within Cisco IPS anomaly detection, what is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 - 255.255.255.255
C. 0.0.0.0/8
D. the network of the management interface
Answer: B
Q16. Refer to the exhibit.
The system administrator of mydomain.com received complaints that some messages that were sent from sender user@somedomain.com were delayed. Message tracking data on the sender shows that an email sample that was received was clean and properly delivered. What is the likely cause of the intermittent delays?
A. The remote MTA has a.SenderBase Reputation Score of -1.0.
B. The remote MTA is sending emails from RFC 1918 IP addresses.
C. The remote MTA has activated the SUSPECTLIST sender group.
D. The remote MTA has activated the default inbound mail policy.
Answer: C