[Free] Download New Updated (April 2016) Cisco 300-207 Actual Tests 71-80

By | April 6, 2016

Ensurepass

QUESTION 71

clip_image002

clip_image004

clip_image006

 To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?

 

A.

It will not contribute to the SensorBase network.

B.

It will contribute to the SensorBase network, but will withhold some sensitive information

C.

It will contribute the victim IP address and port to the SensorBase network.

D.

It will not contribute to Risk Rating adjustments that use information from the SensorBase network.

 

Correct Answer: B

Explanation:

To configure network participation, follow these steps:

Step 1 Log in to IDM using an account with administrator privileges.

Step 2 Choose Configuration > Policies > Global Correlation > Network Participation.

Step 3 To turn on network participation, click the Partial or Full radio button:

Partial-Data is contributed to the SensorBase Network, but data considered potentiallysensitive is filtered out and never sent.

Full-All data is contributed to the SensorBase Network

 

In this case, we can see that this has been turned off as shown below:

 

clip_image008

 

 

QUESTION 72

clip_image009

clip_image010

clip_image011

Which two statements about Signature 1104 are true? (Choose two.)

 

A.

This is a custom signature.

B.

The severity level is High.

C.

This signature has triggered as indicated by the red severity icon.

D.

Produce Alert is the only action defined.

E.

This signature is enabled, but inactive, as indicated bythe/0 to that follows the signature number.

 

Correct Answer: BD

Explanation:

This can be seen here where signature 1004 is the 5thone down:

 

clip_image013

 

 

QUESTION 73

clip_image014

clip_image015

clip_image016

Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)

 

A.

The maximum number of denied attackers is set to 10000.

B.

The block action duraton is set to 3600 seconds.

C.

The Meta Event Generator is globally enabled.

D.

Events Summarization is globally disabled.

E.

Threat Rating Adjustment is globally disabled.

 

Correct Answer: ABC

 

 

QUESTION 74

clip_image017

clip_image018

clip_image019

 

What is the status of OS Identification?

 

A.

It is only enabled to identify “Cisco IOS” OS using statically mapped OS fingerprinting

B.

OS mapping information will not be used for Risk Rating calculations.

C.

It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.

D.

It is enabled for passive OS fingerprinting for all networks.

 

Correct Answer: D

Explanation:

Understanding Passive OS Fingerprinting Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS

of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type. The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert. Passive OS fingerprinting consists of three components:

Passive OS learning Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.

User-configurable OS identification You can configure OS host mappings, which take precedence over learned OS mappings.

Computation of attack relevance rating and risk rating

 

 

QUESTION 75

clip_image021

clip_image023

 

Correct Answer:

Steps are in Explanation below:

First, enable the Gig 0/0 and Gig 0/1 interfaces:

 

clip_image025

 

Second, create the pair under the “interface pairs” tab.

 

clip_image027

 

Then, apply the HIGHRISK action rule to the newly created interface pair:

 

clip_image029

 

Then apply the same for the MEDIUMRISK traffic (deny attacker inline)

 

clip_image031

 

Finally. Log the packets for the LOWRICK event:

 

clip_image033

 

When done it should look like this:

 

clip_image035

clip_image037

 

 

QUESTION 76

Which three features does Cisco CX provide? (Choose three.)

 

A.

HTTPS traffic decryption and inspection

B.

Application Visibility and Control

C.

Category or reputation-based URL filtering

D.

Email virus scanning

E.

Application optimization and acceleration

F.

VPN authentication

 

Correct Answer: ABC

 

 

QUESTION 77

What are three arguments that can be used with the show content-scan command in Cisco IOS software? (Choose three)

 

A.

session

B.

data

C.

verbose

D.

buffer

E.

summary

F.

statistics

 

Correct Answer: AEF

 

 

 

 

 

 

QUESTION 78

Which Cisco Web Security Appliance deployment mode requires minimal change to endpoint devices?

 

A.

Transparent Mode

B.

Explicit Forward Mode

C.

Promiscuous Mode

D.

Inline Mode

 

Correct Answer: A

 

 

QUESTION 79

What is the default antispam policy for positively identified messages within the Cisco Email Security Appliance?

 

A.

Drop

B.

Deliver and Append with [SPAM]

C.

Deliver and Prepend with [SPAM]

D.

Deliver and Alternate Mailbox

 

Correct Answer: C

 

 

QUESTION 80

Refer to the exhibit. What Cisco ESA CLI command generated the output?

 

clip_image039

 

A.

smtproutes

B.

tophosts

C.

hoststatus

D.

workqueuestatus

 

Correct Answer: B

 

Free VCE & PDF File for Cisco 300-207 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …