CCNP Security Practice Test | Threat Control (SITCS)

Which sensing interface mode has traffic flow through one interface pair where the traffic is isolated from other interfaces?

A. Inline VLAN groups

B. Promiscuous mode interface

C. Inline VLAN pairs

D. Inline interface pair

Identify the statements that accurately apply to the Policies Table for the Cisco Web Security Appliance. (Choose three)

A. It shows policy groups by row

B. Editing policy settings affects all other policy groups

C. It shows control settings by column

D. Policy groups can be edited by clicking the links in each row

Which stage of the anomaly detection process is traffic compared to a knowledge base?

A. Knowledge Base

B. Detection

C. Learning

D. Action

In which GUI tab are the Proxy Settings located?

A. Network

B. Security Services

C. System Administration

D. Web Security Manager

Which is a feature of the inline VLAN pair mode?

A. Only inspects outgoing traffic

B. Allows the use of redundant paths

C. Supports only one redundant sensor

D. Cannot avoid single points of failure

Which criteria is used by service objects to identify traffic? (Choose three)

A. Port

B. ICMP

C. Mac address

D. Protocol

Which best describes Cisco's Email Security Appliance licenses?

A. ESA applies usage-based pricing

B. One email security license is available

C. Subscriptions are permanent

D. Include Security Inbound Bundle

Which is not a required field in creating a URL object?

A. URL

B. Ticket ID

C. Destination

D. Web Category

Which client side authentication scheme that authenticates client credentials using a three-way handshake?

A. Basic

B. LDAP

C. NTLMSSP

D. NTLM

Which step is not shared between specifying and not specifying the signature engine in the Custom Signature Wizard?

A. Specify SFR and ASR

B. Specify specific matching criteria

C. Select layer 3 or 4 protocol

D. Specify name and description

Which feature best describes the Cisco Cloud Web Security solution?

A. CWS data center is located on a server

B. Scans for malware at specified times

C. This network has a fairly low uptime

D. Provides real-time malware protection

What information is not reported in the authentication test results?

A. User/Client IP

B. Bandwidth

C. Website

D. Activity risk

Which are steps in configuring the Cisco ASA using ASDM to integrate with the Cisco CWS?

A. Create a new traffic class

B. Set up to three servers

C. Set Whitelists for restrictions

D. Nest a 3-4 policy under a 5-7 policy

Which is not a feature of the AnyConnect Web Security Module?

A. Routes HTTP and HTTPS to ScanSafe

B. Forwards all web traffic to ScanSafe

C. Can be manually installed on client PC

D. Can be deployed standalone

What is a function of the Intrusion Prevention System?

A. Prevents network abuse and misuse

B. Requires network administrators input

C. It acts by generating alerts only

D. Only detects unauthorized access

When implementing Cisco IPS sensors, what would you do when managing false positive events?

A. Tune your Cisco IPS sensor by creating event action overrides.

B. Change the triggering conditions of problematic signatures to make them more generic.

C. Create a custom signature that will address an attack that was previously undetected.

D. Tune your Cisco IPS sensor by creating event action filters.

What is the result of tuning an IDS sensor to be too sensitive?

A. There will be a decrease in true negatives.

B. There will be an increase in false negatives.

C. There will be a decrease in true positives.

D. There will be an increase in false positives.

Which is not a feature of the Cloud Web Security connector on Cisco ISR G2 routers?

A. Redirects traffic to the cloud

B. Performs web security and filtering

C. Includes only two services

D. Includes the Router Firewall

Identify the statements that apply to on-box PRSM. (Choose two)

A. It is launched from a web browser

B. By default you can connect to the ASA CS application using https://192.168.0.1

C. It supports all versions of the Google Chrome browser

D. It is used to manage a single device

Which URL allows you to access the Cisco AnyConnect Secure Mobile Client statistics?

A. http://verifyconfig.scansafe.net

B. http://statistics.scansafe.net

C. http://whoami.scansafe.net

D. http://status.scansafe.net

Which is not an area that the Cisco IPS would typically be located within a typical modularized network?

A. Campus access

B. Internet edge

C. Data center

D. Branch offices

Which is a signature tuning method that reduces false positives?

A. Selectively enable signature for ports

B. Narrow matching of payload values

C. Reduce the number of required events

D. Broaden the search context

Identify the second step in the Cisco Web Security traffic flow from end user to the Internet.

A. ASA checks if traffic matches policies

B. ScanSafe checks for outbound malware

C. User makes a web request

D. Traffic forwarded and content received

What is the default TVR numeric value assigned to all assets?

A. 100

B. 75

C. 150

D. 50

Which two sets of mail policies does Cisco ESA use for message content security? (Choose two)

A. Outgoing mail policies for connections that match a HAT policy with the Accept connection behavior in any listener.

B. Incoming mail policies for connections that match a HAT policy with the Relay connection behavior in any listener.

C. Outgoing mail policies for connections that match a HAT policy with the Relay connection behavior in any listener.

D. Incoming mail policies for connections that match a HAT policy with the Accept connection behavior in any listener.

What command is used to reset the password on a Cisco ASA 5585-X device?

A. hw-module module cxsc password-reset

B. sw-module module cxsc password-reset

C. hw-module module 1 password-reset

D. sw-module module 1 password-reset

Which is not an optional step when configuring the Cloud Web Security connector on Cisco ISR G2 router?

A. Configure a default user group

B. Enable content scanning on egress

C. Configure web security parameters

D. K9 feature licensing

Which two statements about using Cisco IME to configure shared policies are true? (Choose two)

A. Up to five shared policies can be defined at any given time

B. Policy names must be less than 32 characters long

C. Shared policies can be deployed to multiple sensors

D. Policies do not retain connections to their source

Which class map keyword will cause a problem if the match criteria are not mutually exclusive?

A. Fail-open

B. Match-any

C. Fail-close

D. Match-all

Which is not a step in configuring Cisco ASA to download Cisco AnyConnect Web Security Module to the client machine?

A. Name the new policy

B. Add Web Security Module group policy

C. Determine client profiles to download

D. Configure settings in the Advanced page

What actions can the WSA take when it encounters an invalid certificate on the HTTPS server? (Choose three)

A. Drop the connection

B. Monitor it

C. Decrypt it

D. Reload it

Which field is only required for the Standard LDAP?

A. Primary domain

B. Join password

C. Name

D. Join user name

Which configurations are required when designing a web security solution to use Cisco ISR G2 cloud web security? (Choose two)

A. Default user group must be configured

B. User authentication must be configured on the ISR G2

C. Content scanning must be enabled on the router's egress interface

D. Company key must be generated in the Cisco ScanCenter

Which setting can be left Off to prevent NGIPS from filtering low risk sites?

A. Intrusion protection

B. Block blacklist traffic

C. Black listed traffic eventing

D. Scan high reputation traffic

Which two statements regarding a web site with a web reputation score of minus three are true? (Choose two)

A. Responsible content

B. Verified malicious content

C. Validated by third party

D. Potential malicious content

Which is not a part of the SMTP conversation?

A. Body

B. Footer

C. Header

D. Envelope

Which is not a deployment option for the ESA?

A. Virtual deployment

B. Hybrid option

C. Switch application

D. E-mail gateway

Which MIME type would be used as a filter to prevent downloading of files like an MPEG?

A. Model*

B. Multipart*

C. */*

D. Video*

What are event action overrides used for?

A. To set a numeric risk rating

B. Adds event actions globally

C. Overrides risk ranking

D. Delete event messages

Which category contains policies used to control access to third party software providers?

A. Web policies

B. Authentication policies

C. Data Transfer policies

D. Custom Policy Elements

Which statements about NGFW network objects are true? (Choose three)

A. Network objects can be edited and deleted

B. Network objects are also referred to as FQDNs

C. Network objects are used to identify traffic sources

D. Network objects are not available in the off box Cisco Prime Security Manager multi device mode

Which two MIME categories would be used to block the downloading of MP4 based files? (Choose two)

A. multipart/mp4

B. video/mp4

C. application/mp4

D. audio/mp4

Which component of the risk rating formula represents the potential damage?

A. TVR

B. ASR

C. SFR

D. ARR

Which network intrusion prevention approach uses network behavior analysis?

A. Statistical Anomaly-Based IPS

B. Protocol Verification Anomaly-Based IPS

C. Policy-Based IPS

D. Signature-Based IPS

Which statements about web reputation filtering are true? (Choose three)

A. Filters uses statistics to score reputations

B. Filters can only be used with IronPort Data Security Policies

C. Filters are used to proactively combat malware

D. It assigns a web-based reputation score to a URL

Which is not a feature of the guest access?

A. Access to users who fail authentication

B. Blocks the user’s network access

C. Makes use of guest policies

D. Provides limited access to users

Which is not a requirement when connecting the Cisco WSA to the Active Directory?

A. Must set up account in domain

B. May need domain admin credentials

C. Define organizational directory

D. Register identity group in domain

Which technique reduces false negatives?

A. Use the default signature

B. Narrow event counting signatures

C. Disable anti-evasion methods

D. Expand header matching signatures

Which Cisco IronPort Anti-Malware feature is responsible for up to a 35% higher efficiency in blocking malware?

A. Sophos protection

B. McAfee scanning

C. Adaptive Scanning

D. Web Reputation

Which two main areas of web usage controls are used by Cisco WSA? (Choose two)

A. FlexAuth

B. Port security

C. URL filters

D. RBAC

E. Cisco Application Visibility and Control

Which two statements are true regarding the Cisco CWS feature? (Choose two)

A. It provides malware protection

B. It provides scanning of encrypted traffic

C. It provides limited reporting capabilities

D. It uses per device subscription licensing

E. It utilizes data centers geographically all over the world

Which is the most aggressive Inline action?

A. Deny Connection Inline

B. Deny Attacker-Service Pair

C. Deny Attacker-Victim Pair

D. Deny Attacker Inline

Which term associated with the Intrusion Prevention Systems refers to the likelihood that a threat using a specific attack will exploit a vulnerability and lead to an undesirable consequence?

A. Threat

B. Risk

C. Exploit

D. Vulnerability

You need to configure Cisco CWS proxy server details on the Cisco ASA using the CLI. Refer to the options below. Which set of commands will correctly redirect traffic to the primary and backup proxy servers?

A. Option D

B. Option A

C. Option C

D. Option B

Which best describes the Cisco ASA NGFW Services NGIPS Threat Profiles?

A. Threats based on behavior analysis

B. Shared IPS profiles for access policy

C. Signatures used to prevent threats

D. Threats assigned score of 1 to 10

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Our Recommended Premium Cisco Training Resources:

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

Our Recommended Premium Cisco Training Resources:

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?