CCNP Security Implementing Cisco Threat Control Solutions v1.0

Page:    1 / 31   
Total 451 questions Expand All

A system administrator wants to know if the email traffic from a remote partner will activate special treatment message filters that are created just for them. Which tool on the Cisco Email Security gateway can you use to debug and emulate the flow that a message takes through the work queue?

  • A. the trace tool
  • B. centralized or local message tracking
  • C. the CLI findevent command
  • D. the CLI grep command
  • E. the message tracker interface


Answer : A

In which two places can thresholding settings be configured? (Choose two.)

  • A. globally, per intrusion policy
  • B. globally, within the network analysis policy
  • C. on each access control rule
  • D. on each IPS rule
  • E. per preprocessor, within the network analysis policy


Answer : AD

Which cloud-based malware detection engine uses machine-learning detection techniques in the Cisco Advanced Malware Protection cloud?

  • A. third-party detections
  • B. Spero
  • C. Ethos
  • D. Memcache


Answer : B

Which Cisco FirePOWER setting is used to reduce the number of events received in a period of time and avoid being overwhelmed?

  • A. thresholding
  • B. rate-limiting
  • C. limiting
  • D. correlation


Answer : A




For which domains will the Cisco Email Security Appliance allow up to 5000 recipients per message?

  • A. violet.public
  • B. violet.public and blue.public
  • C. violet.public, blue.public and green.public
  • D. red.public
  • E. orange.public
  • F. red.public and orange.public


Answer : E

Explanation:
Here we see that the TRUSTED policy is being throttled to 5000 recipients per message.


By looking at the HAT policy we see that the TRUSTED policy applies to the WHITELIST sender group.

By clicking on the WHITELIST sender group we can see that orange.public is listed as the sender.




What is the maximum number of recipients per hour that the Cisco Email Security Appliance will accept from the green.public domain?

  • A. 0
  • B. 1
  • C. 20
  • D. 25
  • E. 50
  • F. 5000
  • G. Unlimited


Answer : C

Explanation:
From the instructions we know that the green.public domain has been assigned a reputation score of 2. From below we know that a reputation score of 2 belongs to the SUSPECTLIST, which has a policy of “THROTTLEDâ€:


By clicking on the THROTTLED policy we see that the max recipients per hour has been set to 20:




What is the maximum message size that the Cisco Email Security Appliance will accept from the violet.public domain?

  • A. 1 KB
  • B. 100 KB
  • C. 1 MB
  • D. 10 MB
  • E. 100 MB
  • F. Unlimited


Answer : D

Explanation:
From the instructions we know that the reputation score for the violet.public domain has been set to 8. From the HAT table shown below we know that a score of
8 belongs to the UNKNOWNLIST group, which is assigned the ACCEPTED policy.


By clicking on the ACCEPTED policy we see that max message size has been set to the default value of 10M:




The Cisco Email Security Appliance will reject messages from which domains?

  • A. red.public
  • B. red.public and orange.public
  • C. red.public, orange.public and yellow.public
  • D. orange.public
  • E. violet.public
  • F. violet.public and blue.public
  • G. None of the listed domains


Answer : G

Explanation:
The BLOCKED policy rejects messages as shown below:


The BLOCKED policy is assigned to the BLACKLIST sender group, and here we see that no senders have been applied to this group:







How many Cisco ASAs and how many Cisco WSAs are participating in the WCCP service?

  • A. One Cisco ASA or two Cisco ASAs configures as an Active/Standby failover pair, and one Cisco WSA.
  • B. One Cisco ASA or two Cisco ASAs configures as an Active/Active failover pair, and one Cisco WSA.
  • C. One Cisco ASA or two Cisco ASAs configures as an Active/Standby failover pair, and two Cisco WSA.
  • D. One Cisco ASA or two Cisco ASAs configures as an Active/Active failover pair, and two Cisco WSA.
  • E. Two Cisco ASAs and one Cisco WSA.
  • F. Two Cisco ASAs and two Cisco WSAs.


Answer : A

Explanation:
We can see from the output that the number of routers (ASA’s) is 1, so there is a single ASA or an active/ standby pair being used, and 1 Cache Engine. If the
ASA’s were in an active/active role it would show up as 2 routers.







What traffic is not redirected by WCCP?

  • A. Traffic destined to public address space
  • B. Traffic sent from public address space
  • C. Traffic destined to private address space
  • D. Traffic sent from private address space


Answer : B

Explanation:
From the screen shot below we see the WCCP-Redirection ACL is applied, so all traffic from the Private IP space to any destination will be redirected.








Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with respect to redirected ports?

  • A. Both are configured for port 80 only.
  • B. Both are configured for port 443 only.
  • C. Both are configured for both port 80 and 443.
  • D. Both are configured for ports 80, 443 and 3128.
  • E. There is a configuration mismatch on redirected ports.


Answer : C

Explanation:
This can be seen from the WSA Network tab shown below:








Which of the following is true with respect to the version of WCCP configured on the Cisco ASA and the Cisco WSA?

  • A. Both are configured for WCCP v1.
  • B. Both are configured for WCCP v2.
  • C. Both are configured for WCCP v3.
  • D. There is a WCCP version mismatch between the Cisco WSA and the Cisco ASA.


Answer : B

Explanation:
WCCP version shows as version 2.0:


WSA also shows version 2 is being used:

When you create a new server profile on the Cisco ESA, which subcommand of the ldapconfig command configures spam quarantine end-user authentication?

  • A. server
  • B. test
  • C. isqalias
  • D. isqauth


Answer : D

What is a value that Cisco ESA can use for tracing mail flow?

  • A. the source IP address
  • B. the FQDN of the destination IP address
  • C. the destination IP address
  • D. the FQDN of the source IP address


Answer : D

Which option is a benefit of Cisco Email Security virtual appliance over the Cisco ESA appliance?

  • A. global threat intelligence updates from Talos
  • B. reduced space and power requirements
  • C. outbound message protection
  • D. automated administration


Answer : B

Page:    1 / 31   
Total 451 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us