NEW QUESTION 1
Which IPS signature regular expression CLI command matches a host issuing a domain lookup for www.theblock.com?

• A. regex-string (x03[Tt][Hh][Ee]x05[Bb][Ll][Oo][Cc][Kk])
• B. regex-string (x0b[theblock.com])
• C. regex-string (x03[the]x05[block]0x3[com])
• D. regex-string (x03[T][H][E]x05[B][L][O][C][K]x03[.][C][O][M]

Answer: A

NEW QUESTION 2
Which three sender reputation ranges identify the default behavior of the Cisco Email Security Appliance? (Choose three.)

• A. If it is between -1 and +10, the email is accepted
• B. If it is between +1 and +10, the email is accepted
• C. If it is between -3 and -1, the email is accepted and additional emails from the sender are throttled
• D. If it is between -3 and +1, the email is accepted and additional emails from the sender are throttled
• E. If it is between -4 and +1, the email is accepted and additional emails from the sender are throttled
• F. If it is between -10 and -3, the email is blocked
• G. If it is between -10 and -3, the email is sent to the virus and spam engines for additional scanning
• H. If it is between -10 and -4, the email is blocked

Answer: ACF

NEW QUESTION 3
Which Cisco ESA predefined sender group uses parameter-matching to reject senders?

• A. BLACKLIST
• B. WHITELIST
• C. SUSPECTLIST
• D. UNKNOWNLIST

Answer: A

NEW QUESTION 4
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.




Which of the following is true with respect to the version of WCCP configured on the Cisco ASA and the Cisco WSA?

• A. Both are configured for WCCP v1.
• B. Both are configured for WCCP v2.
• C. Both are configured for WCCP v3.
• D. There is a WCCP version mismatch between the Cisco WSA and the Cisco ASA.

Answer: B

Explanation: ASA version shows as version 2.0:

WSA also shows version 2 is being used:

NEW QUESTION 5
Which IPS feature allows you to aggregate multiple IPS links over a single port channel?

• A. UDLD
• B. ECLB
• C. LACP
• D. PAgP

Answer: B

NEW QUESTION 6
Which option represents the cisco event aggregation product?

• A. CVSS system
• B. IntelliShield
• C. ASA CX Event Viewer
• D. ASDM 7

Answer: C

NEW QUESTION 7
Which statement about the Cisco ASA CX role in inspecting SSL traffic is true?

• A. To decrypt traffic, the Cisco ASA CX must accept the websites' certificates as Trusted Root Cas.
• B. If the administrator elects to decrypt traffic, the Cisco ASA CX acts as a man-in—me- middle.
• C. Either all traffic is decrypted, or no traffic is decrypted by the Cisco ASA CX.
• D. The traffic is encrypted, so the Cisco ASA CX cannot determine the content of the traffic.

Answer: B

NEW QUESTION 8
CORRECT TEXT

Answer:

Explanation: We need to define the parameter map, specifying port 8080 for http and https and define the servers and the license:
Branch-ISR#config t
Branch-ISR(config)# parameter-map type content-scan global
Branch-ISR(config-profile)#server scansafe primary name proxy-a.scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#server scansafe secondary name proxy-b.scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#license 0 0123456789abcdef
If the CWS proxy servers are not available, we traffic should be denied. This is done by the following configuration:
Branch-ISR(config-profile)#server scansafe on-failure block-all
Now we need to apply this to the fastethernet 0/1 interface outbound: Branch-ISR(config)#interface Fastethernet 0/1
Branch-ISR(config-if)#content-scan outbound
Branch-ISR(config-if)#exit Branch-ISR(config)#exit
Finally, we can verify out configuration by using the “show content-scan summary command:
Branch-ISR#show content-scan summary Primary: 72.37.244.203(Up)*
Secondary: 70.39.231.99 (Up) Interfaces: Fastethernet0/1

NEW QUESTION 9
Which three functions can Cisco Application Visibility and Control perform? (Choose three.)

• A. Validation of malicious traffic
• B. Traffic control
• C. Extending Web Security to all computing devices
• D. Application-level classification
• E. Monitoring
• F. Signature tuning

Answer: BDE

NEW QUESTION 10
Refer to the exhibit.

What Cisco ESA CLI command generated the output?

• A. smtproutes
• B. tophosts
• C. hoststatus
• D. workqueuestatus

Answer: B

NEW QUESTION 11
Which three statements about Cisco CWS are true? (Choose three.)

• A. It provides protection against zero-day threats.
• B. Cisco SIO provides it with threat updates in near real time.
• C. It supports granular application policies.
• D. Its Roaming User Protection feature protects the VPN from malware and data breaches.
• E. It supports local content caching.
• F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats outside the network.

Answer: ABC

NEW QUESTION 12
Which platform has message tracking enabled by default?

• A. C670
• B. C370
• C. Virtual ESA
• D. It is not enabled by default on any platform.

Answer: D

NEW QUESTION 13
The security team needs to limit the number of e-mails they receive from the Intellishield Alert Service. Which three parameters can they adjust to restrict alerts to specific product sets? (Choose three.)

• A. Vendor
• B. Chassis/Module
• C. Device ID
• D. Service Contract
• E. Version/Release
• F. Service Pack/Platform

Answer: AEF

NEW QUESTION 14
Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

• A. sensor# configure terminal sensor(config)# service sensor sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500
• B. sensor# configure terminal sensor(config)# service hostsensor(config-hos)# network-settings parameter ftp sensor(config-hos-net)# ftp-timeout 500
• C. sensor# configure terminal sensor(config)# service host sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500
• D. sensor# configure terminal sensor(config)# service network sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500

Answer: C

NEW QUESTION 15
Refer to the exhibit.



Which signature definition is virtual sensor 0 assigned to use?

• A. rules0
• B. vs0
• C. sig0
• D. ad0
• E. ad1
• F. sigl

Answer: C

Explanation: This is the default signature.
You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0, and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.

NEW QUESTION 16
Who or what calculates the signature fidelity rating?

• A. the signature author
• B. Cisco Professional Services
• C. the administrator
• D. the security policy

Answer: A

NEW QUESTION 17
Which type of signature is generated by copying a default signature and modifying its behavior?

• A. meta
• B. custom
• C. atomic
• D. normalized

Answer: B