Implementing Cisco Threat Control Solutions (SITCS)

Question 1

Which Cisco ESA component receives connections from external mail servers?

A. SMTP incoming relay agent

B. recipient access table

C. MTA

D. public listener

E. private listener

Correct Answer: D

Question 2

Refer to the exhibit.

What Cisco ESA CLI command generated the output?

A. tophosts

B. hoststatus

C. workqueuestatus

D. smtproutes

Correct Answer: A

Question 3

An IPS is configured to fail-closed and you observe that all packets are dropped. What is a possible reason for this
behavior?

A. The attack drop file is misconfigured.

B. Mainapp is unresponsive.

C. The global correlation update failed.

D. The IPS span session failed.

Correct Answer: B

Question 4

Which two statements about Cisco ESA clusters are true? (Choose two.)

A. Clusters are implemented in a client/server relationship.

B. The cluster configuration must be managed by the cluster administrator.

C. The cluster configuration can be created and managed through either the GUI or the CLI.

D. A cluster can contain multiple groups.

E. A cluster must contain exactly one group.

Correct Answer: C,D

Question 5

Which IPS feature allows you to aggregate multiple IPS links over a single port channel?

A. PAgP

B. ECLB

C. UDLD

D. LACP

Correct Answer: B

Question 6

Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps
should Joe implement to accomplish this goal? (Choose four.)

A. Change the netmask on the Cisco WSA Management interface to a 32-bit mask.

B. Create an MX record for the Cisco Web Security Appliance in DNS.

C. Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI.

D. Put the Cisco WSA Management interface on a private management VLAN.

E. Replace the Cisco self-signed certificate with a publicly signed certificate.

F. Add the Cisco Web Security Appliance IP address to the local access list.

G. Enable HTTPS access via the GUI/CLI with redirection from HTTP.

Correct Answer: C,D,E,G

Question 7

An engineer manages a Cisco Intrusion Prevention System via IME. A new user must be able to tune signatures, but
must not be able to create new users. Which role for the new user is correct?

A. administrator

B. operator

C. service

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.)

A. Alert Summary as MMS

B. Complete Alert as an HTML Attachment

C. Complete Alert as HTML

D. Alert Summary as Text

E. Complete Alert as RSS

F. Alert Summary as Plain Text

Correct Answer: B,C,D

Question 9

A network security design engineer is considering using a Cisco Intrusion Detection System in the DMZ of the
network. Which option is the drawback to using IDS in the DMZ as opposed to using
Intrusion Prevention System?

A. Response actions cannot stop malicious packets or cannot guarantee to stop any DOS attack

B. Response actions cannot stop triggered packet or guarantee to stop a connection techniques.

C. IDS has impact on the network (thatis, latency and jitter).

Correct Answer: B

Question 10

The Cisco Email Security Appliance will reject messages from which domains?

A. red. public and orange. public

B. red. public, orange. Public and yellow. public

C. orange. public

D. violet. public

E. None of the listed domains

F. red. public

G. violet. public and blue.public

Correct Answer: B

Question 11

Refer to the following:
R01(config)#ip wccp web-cache redirect-list 80 password-local

A. The default "cisco" password is configured on the Cisco WSA

B. Traffic permitted in access-list 80 is redirected to the Cisco WSA

C. Traffic using TCP port 80 is redirected to the Cisco WSA

D. Traffic denied in prefix-list 80 is redirected to the Cisco WSA

Correct Answer: B

Question 12

Which two GUI options display users' activity in Cisco Web Security Appliance? (Choose two.)

A. Web Security Manager Identity Identity Name

B. Reporting Users

C. Security Services Reporting

D. Reporting Reports by User Location

Correct Answer: B,D

Question 13

When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in traffic being dropped?
(Choose two.)

A. The built-in signatures are unavailable.

B. An ACL is configured.

C. The signature engine is undergoing the build process.

D. The SDF failed to load.

Correct Answer: C,D

Question 14

Which Cisco IOS command uses the default class map to limit SNMP inspection to traffic from
10.1.1.0 to 192.168.1.0?

A. hostname(config)# access-list inspect extended permit ip 10.1.1.0.0.0.255
192.168.1.0.0.0.255
hostname(config)# class-map inspection_default

B. hostname(config)# access-list inspect extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0
255.255.255.0
hostname(config)# class-map inspection_default
hostname(config-cmap)# match access-list inspect

C. hostname(config)# access-list inspect extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0
255.255.255.0
hostname(config-cmap)# match access-list inspect

D. hostname(config)# access-list inspect extended permit ip 10.1.1.0.0.0.0.255
192.168.1.0.0.0.0.255
hostname(config)# class-map inspection_default
hostname(config-cmap)# match access-list inspect

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Cisco Implementing Cisco Threat Control Solutions (SITCS) - 300-207 Exam Practice Test

Latest Update

Useful Links

Contact Us