300-207無料問題集「Cisco Implementing Cisco Threat Control Solutions (SITCS)」

質問 1

What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be
blocked and all traffic is blocked if the IPS fails?

（A）Promiscuous; fail open

（B）Inline; fail open

（C）Promiscuous; fail closed

（D）Inline; fail closed

正解：D 解答を投票する

質問 2

Refer to the exhibit.

What Cisco ESA CLI command generated the output?

（A）hoststatus

（B）smtproutes

（C）workqueuestatus

（D）tophosts

正解：D 解答を投票する

質問 3

Which centralized reporting function of the Cisco Content Security Management Appliance aggregates data from
multiple Cisco ESA devices?

（A）message tracking

（B）system tracking

（C）logging

（D）web tracking

正解：A 解答を投票する

質問 4

An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the
module fails. Which describes the correct configuration?

（A）Promiscuous Mode, Close Traffic

（B）Inline Mode, Permit Traffic

（C）Inline Mode, Close Traffic

（D）Promiscuous Mode, Permit Traffic

正解：C 解答を投票する

質問 5

Refer to the exhibit.

What CLI command generated the output?

（A）hoststatus

（B）smtproutes

（C）workqueuestatus

（D）tophosts

正解：D 解答を投票する

質問 6

Which five system management and reporting protocols are supported by the Cisco Intrusion Prevention System?
(Choose five.)

（A）SNMPv2

（B）SDEE

（C）syslog

（D）SMTP

（E）SNMPv3

（F）SNMPv1

（G）SNMPv2c

正解：A、B、D、F、G 解答を投票する

質問 7

Which two options are the correct URL and credentials used to access the Cisco Web Security Appliance for the first
time? (Choose two.)

（A）admin/ironport

（B）http://192.168.1.1:8080

（C）ironport/ironport

（D）http://192.168.42.42:8443

（E）http://192.168.42.42:8080

（F）admin/password

正解：A、E 解答を投票する

質問 8

Which step is required when you configure URL filtering to Cisco Cloud Web Security?

（A）Configure URL filtering criteria in the Cisco ASA FirePOWER access rules.

（B）Implement Next Generation IPS instrusion rules.

（C）install the ASA FirePOWER module on the Cisco AS

正解：C 解答を投票する

質問 9

Which statement about Cisco IPS Manager Express is true?

（A）It enables communication with Cisco ASA devices that have no administrative access.

（B）It provides basic device management for large-scale deployments.

（C）It provides greater security than simple ACLs.

（D）It provides a GUI for configuring IPS sensors and security modules.

正解：D 解答を投票する

質問 10

Which two commands are used to verify that CWS redirection is working on a Cisco ASA appliance? (Choose two.)

（A）show running-config scansafe

（B）show url-server statistics

（C）show service-policy inspect scansafe

（D）show scansafe statistics

（E）show webvpn statistics

（F）show running-config webvpn

正解：C、D 解答を投票する

質問 11

The Cisco Email Security Appliance will reject messages from which domains?

（A）violet. public

（B）violet. public and blue.public

（C）red. public, orange. Public and yellow. public

（D）red. public

（E）None of the listed domains

（F）red. public and orange. public

（G）orange. public

正解：C 解答を投票する

質問 12

Which role does Passive Identity Management play in the Cisco Cloud Web Security architecture?

（A）It controls content that passes into and out of the network.

（B）It enables the administrator to control web access for users and user groups.

（C）It provides user-level information that is received from Active Directory.

（D）It defines a standard for exchanging authentication and authorization data.

正解：C 解答を投票する

質問 13

Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

（A）sensor# configure terminal
sensor(config)# service sensor
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500

（B）sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500

（C）sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings parameter ftp
sensor(config-hos-net)# ftp-timeout 500

（D）sensor# configure terminal
sensor(config)# service network
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500

正解：B 解答を投票する

質問 14

Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps
should Joe implement to accomplish this goal? (Choose four.)

（A）Put the Cisco WSA Management interface on a private management VLAN.

（B）Enable HTTPS access via the GUI/CLI with redirection from HTTP.

（C）Add the Cisco Web Security Appliance IP address to the local access list.

（D）Change the netmask on the Cisco WSA Management interface to a 32-bit mask.

（E）Create an MX record for the Cisco Web Security Appliance in DNS.

（F）Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI.

（G）Replace the Cisco self-signed certificate with a publicly signed certificate.

正解：A、B、F、G 解答を投票する

質問 15

What are three benefits of the Cisco AnyConnect Secure Mobility Solution? (Choose three.)

（A）It provides clientless remote access to multiple network-based systems.

（B）It provides Internet transport while maintaining corporate security policies.

（C）It provides secure remote access to managed computers.

（D）It enforces security policies, regardless of the user location.

（E）It uses ACLs to determine best-route connections for clients in a secure environment.

（F）It can protect against command-injection and directory-traversal attacks.

正解：B、C、D 解答を投票する

質問 16

Which two statements about Cisco ESA clusters are true? (Choose two.)

（A）The cluster configuration can be created and managed through either the GUI or the CLI.

（B）The cluster configuration must be managed by the cluster administrator.

（C）A cluster can contain multiple groups.

（D）Clusters are implemented in a client/server relationship.

（E）A cluster must contain exactly one group.

正解：A、C 解答を投票する

質問 17

Which three protocols are required when considering firewall rules for email services using a Cisco Email Security
Appliance? (Choose three.)

（A）DNS

（B）HTTP

（C）FTP

（D）SNMP

（E）SMTP

正解：A、B、E 解答を投票する

質問 18

Which signature engine is responsible for ICMP inspection on Cisco IPS?

（A）Service Engine

（B）Fixed Engine

（C）Atomic IP Engine

（D）AIC Engine

正解：C 解答を投票する

質問 19

Which two statements about Signature 1104 are true? (Choose two.)

（A）This is a custom signature.

（B）This signature has triggered as indicated by the red severity icon.

（C）Produce Alert is the only action defined.

（D）The severity level is High.

（E）This signature is enabled, but inactive, as indicated bythe/0 to that follows the signature number.

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 20

What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?

（A）sslconfig

（B）tlsconifg

（C）sslciphers

（D）certconfig

正解：A 解答を投票する

300-207 無料問題集「Cisco Implementing Cisco Threat Control Solutions (SITCS)」

弊社を連絡する

関連リンク

トップ試験