Professional Documents
Culture Documents
Version: 17.031
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
One year after your purchase.
You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)
PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.
Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.
If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
support@braindump2go.com and our technical experts will provide support in 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently.
If anyone who share the file we will disable the free update and account access.
Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.
A. session 1 ip address
B. session 2 ip address
C. session 1
D. session ips console
E. session cxsc console
Answer: E
QUESTION 2
What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?
A. 192.168.1.1
B. 192.168.1.2
C. 192.168.1.3
D. 192.168.1.4
E. 192.168.1.5
F. 192.168.8.8
Answer: F
QUESTION 3
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block
all traffic if the module fails. Which describes the correct configuration?
Answer: B
QUESTION 4
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI
command shows the most fired signature?
Answer: A
QUESTION 5
What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email
Security appliance's administrative interface?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 2
http://www.braindump2go.com
A. adminaccessconfig
B. sshconfig
C. sslconfig
D. ipaccessconfig
Answer: A
QUESTION 6
When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or
PAT, which type of VPN tunneling should be used to allow the VPN traffic through the stateful
firewall?
Answer: B
QUESTION 7
Upon receiving a digital certificate, what are three steps that a Cisco ASA will perform to
authenticate the digital certificate? (Choose three.)
A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
B. Identity certificates are exchanged during IPsec negotiations.
C. The identity certificate signature is validated by using the stored root certificate.
D. The signature is validated by using the stored identity certificate.
E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.
Answer: ACE
QUESTION 8
To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have
which two Cisco ASA licenses enabled on its security appliance? (Choose two.)
Answer: AE
QUESTION 9
After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune
the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in
Cisco ASDM?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 3
http://www.braindump2go.com
A. IPsec user profile
B. Crypto Map
C. Group Policy
D. IPsec policy
E. IKE policy
Answer: D
QUESTION 10
Who or what calculates the signature fidelity rating?
Answer: A
QUESTION 11
Which three zones are used for anomaly detection? (Choose three.)
A. Internal zone
B. External zone
C. Illegal zone
D. Inside zone
E. Outside zone
F. DMZ zone
Answer: ABC
QUESTION 12
What is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 - 255.255.255.255
C. 0.0.0.0/8
D. The network of the management interface
Answer: B
QUESTION 13
When learning accept mode is set to auto, and the action is set to rotate, when is the KB created
and used?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 4
http://www.braindump2go.com
D. A KB is created only in manual mode.
Answer: A
QUESTION 14
What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?
A. filterconfig
B. filters new
C. messagefilters
D. policyconfig-- inbound or outbound-- filters
Answer: B
QUESTION 15
A Cisco Email Security Appliance uses which message filter to drop all executable attachments
entering and leaving the Cisco Email Security Appliance?
Answer: A
QUESTION 16
What can Cisco Prime Security Manager (PRSM) be used to achieve?
A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies
B. Configure Cisco ASA connection limits
C. Configure TCP state bypass in Cisco ASA and IOS
D. Configure Cisco IPS signature and monitor signature alerts
E. Cisco Cloud Security on Cisco ASA
Answer: A
QUESTION 17
Which is the default IP address and admin port setting for https in the Cisco Web Security
Appliance?
A. http://192.168.42.42:8080
B. http://192.168.42.42:80
C. https://192.168.42.42:443
D. https://192.168.42.42:8443
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 5
http://www.braindump2go.com
QUESTION 18
Which port is used for CLI Secure shell access?
A. Port 23
B. Port 25
C. Port 22
D. Port 443
Answer: C
QUESTION 19
Which Cisco technology prevents targeted malware attacks, provides data loss prevention and
spam protection, and encrypts email?
A. SBA
B. secure mobile access
C. IPv6 DMZ web service
D. ESA
Answer: D
QUESTION 20
Which Cisco technology combats viruses and malware with virus outbreak filters that are
downloaded from Cisco SenderBase?
A. ASA
B. WSA
C. Secure mobile access
D. IronPort ESA
E. SBA
Answer: D
QUESTION 21
Which Cisco WSA is intended for deployment in organizations of up to 1500 users?
A. WSA S370
B. WSA S670
C. WSA S370-2RU
D. WSA S170
Answer: D
QUESTION 22
Which Cisco WSA is intended for deployment in organizations of more than 6000 users?
A. WSA S370
B. WSA S670
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 6
http://www.braindump2go.com
C. WSA S370-2RU
D. WSA S170
Answer: B
QUESTION 23
Which command verifies that the correct CWS license key information was entered on the Cisco
ASA?
Answer: B
QUESTION 24
Which four parameters must be defined in an ISAKMP policy when creating an IPsec site-to-site
VPN using the Cisco ASDM? (Choose four.)
A. encryption algorithm
B. hash algorithm
C. authentication method
D. IP address of remote IPsec peer
E. D-H group
F. perfect forward secrecy
Answer: ABCE
QUESTION 25
Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the
validation of two sets of username and password credentials on the SSL VPN login page?
A. Single Sign-On
B. Certificate to Profile Mapping
C. Double Authentication
D. RSA OTP
Answer: D
QUESTION 26
Which two types of digital certificate enrollment processes are available for the Cisco ASA
security appliance? (Choose two.)
A. LDAP
B. FTP
C. TFTP
D. HTTP
E. SCEP
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 7
http://www.braindump2go.com
F. Manual
Answer: EF
QUESTION 27
Your corporate finance department purchased a new non-web-based TCP application tool to run
on one of its servers. The finance employees need remote access to the software during non-
business hours. The employees do not have "admin" privileges to their PCs. How would you
configure the SSL VPN tunnel to allow this application to run?
Answer: A
QUESTION 28
What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose
three.)
Answer: ABC
QUESTION 29
With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic?
A. protocol
B. rate
C. bandwidth
D. limit
Answer: B
QUESTION 30
Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose
two.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 8
http://www.braindump2go.com
E. It automatically detects Cisco security appliances to configure.
Answer: CE
QUESTION 31
Which Cisco monitoring solution displays information and important statistics for the security
devices in a network?
Answer: B
QUESTION 32
Which three search parameters are supported by the Email Security Monitor? (Choose three.)
A. Destination domain
B. Network owner
C. MAC address
D. Policy requirements
E. Internal sender IP address
F. Originating domain
Answer: ABE
QUESTION 33
Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet,
phishing, and web-based threats?
Answer: A
QUESTION 34
A network engineer can assign IPS event action overrides to virtual sensors and configure which
three modes? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 9
http://www.braindump2go.com
E. Inline and Promiscuous mixed mode
F. Fail-open and fail-close mode
Answer: ABC
QUESTION 35
What is the correct deployment for an IPS appliance in a network where traffic identified as threat
traffic should be blocked and all traffic is blocked if the IPS fails?
Answer: B
QUESTION 36
Which two practices are recommended for implementing NIPS at enterprise Internet edges?
(Choose two.)
A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).
B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).
C. Implement redundant IPS and make data paths symmetrical.
D. Implement redundant IPS and make data paths asymmetrical.
E. Use NIPS only for small implementations.
Answer: AC
QUESTION 37
Which set of commands changes the FTP client timeout when the sensor is communicating with
an FTP server?
Answer: C
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 10
http://www.braindump2go.com
QUESTION 38
What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)
Answer: AD
QUESTION 39
What are the initial actions that can be performed on an incoming SMTP session by the
workqueue of a Cisco Email Security Appliance?
Answer: A
QUESTION 40
Refer to the exhibit. What CLI command generated the output?
A. smtproutes
B. tophosts
C. hoststatus
D. workqueuestatus
Answer: B
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 11
http://www.braindump2go.com
QUESTION 41
Which version of AsyncOS for web is required to deploy the Web Security Appliance as a CWS
connector?
Answer: C
QUESTION 42
What are three benefits of the Cisco AnyConnect Secure Mobility Solution? (Choose three.)
Answer: BCE
QUESTION 43
Which Cisco technology secures the network through malware filtering, category-based control,
and reputation-based control?
Answer: C
QUESTION 44
Which antispam technology assumes that email from server A, which has a history of distributing
spam, is more likely to be spam than email from server B, which does not have a history of
distributing spam?
A. Reputation-based filtering
B. Context-based filtering
C. Cisco ESA multilayer approach
D. Policy-based filtering
Answer: A
QUESTION 45
Which Cisco technology is a modular security service that combines a stateful inspection firewall
with next-generation application awareness, providing near real-time threat protection?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 12
http://www.braindump2go.com
A. Cisco ASA 5500 series appliances
B. Cisco ASA CX Context-Aware Security
C. WSA
D. Internet Edge Firewall / IPS
Answer: B
QUESTION 46
Which three statements about Cisco ASA CX are true? (Choose three.)
Answer: BEF
QUESTION 47
During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP
fails by using which command in a policy-map?
A. cxsc fail
B. cxsc fail-close
C. cxsc fail-open
D. cxssp fail-close
Answer: B
QUESTION 48
Cisco AVC allows control of which three of the following? (Choose three.)
A. Facebook
B. LWAPP
C. IPv6
D. MySpace
E. Twitter
F. WCCP
Answer: ADE
QUESTION 49
The Web Security Appliance has identities defined for faculty and staff, students, and default
access. The faculty and staff identity identifies users based on the source network and
authenticated credentials. The identity for students identifies users based on the source network
along with successful authentication credentials. The global identity is for guest users not
authenticated against the domain.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 13
http://www.braindump2go.com
Recently, a change was made to the organization's security policy to allow faculty and staff
access to a social network website, and the security group changed the access policy for faculty
and staff to allow the social networking category.
Which are the two most likely reasons that the category is still being blocked for a faculty and
staff user? (Choose two.)
A. The user is being matched against the student policy because the user did not enter credentials.
B. The user is using an unsupported browser so the credentials are not working.
C. The social networking URL was entered into a custom URL category that is blocked in the access policy.
D. The user is connected to the wrong network and is being blocked by the student policy.
E. The social networking category is being allowed but the AVC policy is still blocking the website.
Answer: CE
QUESTION 50
Which five system management protocols are supported by the Intrusion Prevention System?
(Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv2
D. SNMPv3
E. syslog
F. SDEE
G. SMTP
Answer: ABCFG
QUESTION 51
Which IPS signature regular expression CLI command matches a host issuing a domain lookup
for www.theblock.com?
A. regex-string (\x03[Tt][Hh][Ee]\x05[Bb][Ll][Oo][Cc][Kk])
B. regex-string (\x0b[theblock.com])
C. regex-string (\x03[the]\x05[block]0x3[com])
D. regex-string (\x03[T][H][E]\x05[B][L][O][C][K]\x03[.][C][O][M]
Answer: A
QUESTION 52
Which three user roles are partially defined by default in Prime Security Manager? (Choose
three.)
A. networkoperator
B. admin
C. helpdesk
D. securityoperator
E. monitoringadmin
F. systemadmin
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 14
http://www.braindump2go.com
Answer: BCF
QUESTION 53
Which three options are IPS signature classifications? (Choose three.)
A. tuned signatures
B. response signatures
C. default signatures
D. custom signatures
E. preloaded signatures
F. designated signatures
Answer: ACD
QUESTION 54
At which value do custom signatures begin?
A. 1024
B. 10000
C. 1
D. 60000
Answer: D
QUESTION 55
Which two commands are valid URL filtering commands? (Choose two.)
Answer: AC
QUESTION 56
Which Cisco technology is a customizable web-based alerting service designed to report threats
and vulnerabilities?
Answer: B
QUESTION 57
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 15
http://www.braindump2go.com
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 16
http://www.braindump2go.com
Which signature definition is virtual sensor 0 assigned to use?
A. rules0
B. vs0
C. sig0
D. ad0
E. ad1
F. sigl
Answer: C
Explanation:
This is the default signature. You can create multiple security policies and apply them to
individual virtual sensors. A security policy is made up of a signature definition policy, an event
action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature
definition policy called sig0, a default event action rules policy called rules0, and a default
anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you
can create new policies.
QUESTION 58
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 17
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 18
http://www.braindump2go.com
What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco
SensorBase network?
A. Global correlation is configured in Audit mode fortesting the feature without actually denying
any hosts.
B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on
deny actions.
C. It will not adjust risk rating values based on the known bad hosts list.
D. Reputation filtering is disabled.
Answer: D
Explanation:
This can be seen on the Globabl Correlation ?Inspection/Reputation tab show below:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 19
http://www.braindump2go.com
QUESTION 59
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 20
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 21
http://www.braindump2go.com
To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?
Answer: B
Explanation:
To configure network participation, follow these steps: Step 1 Log in to IDM using an account with
administrator privileges. Step 2 Choose Configuration > Policies > Global Correlation > Network
Participation. Step 3 To turn on network participation, click the Partial or Full radio button: Partial--
Data is contributed to the SensorBase Network, but data considered potentially sensitive is
filtered out and never sent. Full--All data is contributed to the SensorBase Network
In this case, we can see that this has been turned off as shown below:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 22
http://www.braindump2go.com
QUESTION 60
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 23
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 24
http://www.braindump2go.com
Which two statements about Signature 1104 are true? (Choose two.)
Answer: BD
Explanation:
This can be seen here where signature 1004 is the 5th one down:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 25
http://www.braindump2go.com
QUESTION 61
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 26
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 27
http://www.braindump2go.com
Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)
Answer: ABC
QUESTION 62
Hotspot Questions
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 28
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 29
http://www.braindump2go.com
What is the status of OS Identification?
Answer: D
Explanation:
Understanding Passive OS Fingerprinting Passive OS fingerprinting lets the sensor determine the
OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS
of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets
exchanged on the network to determine the OS type. The sensor then uses the OS of the target
host OS to determine the relevance of the attack to the victim by computing the attack relevance
rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the
risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can
then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or
definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also
enhances the alert output by reporting the victim OS, the source of the OS identification, and the
relevance to the victim OS in the alert. Passive OS fingerprinting consists of three components:
Passive OS learning occurs as the sensor observes traffic on the network.
Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a
determination of the OS running on the host of the source IP address.
User-configurable OS identification You can configure OS host mappings, which take precedence
over learned OS mappings.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 30
http://www.braindump2go.com
Computation of attack relevance rating and risk rating
QUESTION 63
Lab Simulation
Answer:
Steps are in Explanation below:
First, enable the Gig 0/0 and Gig 0/1 interfaces:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 31
http://www.braindump2go.com
Second, create the pair under the "interface pairs" tab:
Then, apply the HIGHRISK action rule to the newly created interface pair:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 32
http://www.braindump2go.com
Then apply the same for the MEDIUMRISK traffic (deny attacker inline)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 33
http://www.braindump2go.com
When done it should look like this:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 34
http://www.braindump2go.com
QUESTION 64
During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP
fails by using which command in a policy-map?
A. cxsc fail
B. cxsc fail-close
C. cxsc fail-open
D. cxssp fail-close
Answer: B
QUESTION 65
A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)
Answer: BDF
QUESTION 66
Cisco's ASA CX includes which two URL categories? (Choose two.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 35
http://www.braindump2go.com
A. Proxy Avoidance
B. Dropbox
C. Hate Speech
D. Facebook
E. Social Networking
F. Instant Messaging and Video Messaging
Answer: CE
QUESTION 67
A Cisco Web Security Appliance's policy can provide visibility and control of which two elements?
(Choose two.)
Answer: CD
QUESTION 68
Which Cisco Web Security Appliance design requires minimal change to endpoint devices?
A. Transparent Mode
B. Explicit Forward Mode
C. Promiscuous Mode
D. Inline Mode
Answer: A
QUESTION 69
What step is required to enable HTTPS Proxy on the Cisco Web Security Appliance?
Answer: B
QUESTION 70
Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 36
http://www.braindump2go.com
Answer: AD
QUESTION 71
Which Cisco Cloud Web Security tool provides URL categorization?
Answer: A
QUESTION 72
Which three functions can Cisco Application Visibility and Control perform? (Choose three.)
Answer: BDE
QUESTION 73
Which two options are features of the Cisco Email Security Appliance? (Choose two.)
Answer: CD
QUESTION 74
What is the authentication method for an encryption envelope that is set to medium security?
A. The recipient must always enter a password, even if credentials are cached.
B. A password is required, but cached credentials are permitted.
C. The recipient must acknowledge the sensitivity of the message before it opens.
D. The recipient can open the message without authentication.
Answer: B
QUESTION 75
What is the default antispam policy for positively identified messages?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 37
http://www.braindump2go.com
A. Drop
B. Deliver and Append with [SPAM]
C. Deliver and Prepend with [SPAM]
D. Deliver and Alternate Mailbox
Answer: C
QUESTION 76
Which five system management protocols are supported by the Cisco Intrusion Prevention
System? (Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv2
D. SNMPv3
E. Syslog
F. SDEE
G. SMTP
Answer: ABCFG
QUESTION 77
Which four statements are correct regarding management access to a Cisco Intrusion Prevention
System? (Choose four.)
Answer: BDEG
QUESTION 78
Which two GUI options display users' activity in Cisco Web Security Appliance? (Choose two.)
Answer: CD
QUESTION 79
The security team needs to limit the number of e-mails they receive from the Intellishield Alert
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 38
http://www.braindump2go.com
Service. Which three parameters can they adjust to restrict alerts to specific product sets?
(Choose three.)
A. Vendor
B. Chassis/Module
C. Device ID
D. Service Contract
E. Version/Release
F. Service Pack/Platform
Answer: AEF
QUESTION 80
A Cisco AnyConnect user profile can be pushed to the PC of a remote user from a Cisco ASA.
Which three user profile parameters are configurable? (Choose three.)
Answer: ACF
QUESTION 81
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block
all traffic if the module fails. Which describes the correct configuration?
Answer: B
QUESTION 82
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI
command shows the most fired signature?
Answer: A
QUESTION 83
Which three options are characteristics of router-based IPS? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 39
http://www.braindump2go.com
A. It is used for large networks.
B. It is used for small networks.
C. It supports virtual sensors.
D. It supports multiple VRFs.
E. It uses configurable anomaly detection.
F. Signature definition files have been deprecated.
Answer: BDF
QUESTION 84
What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)
Answer: BCE
QUESTION 85
Which three statements concerning keystroke logger detection are correct? (Choose three.)
Answer: ACE
QUESTION 86
Which three webtype ACL statements are correct? (Choose three.)
Answer: BDE
QUESTION 87
Which four advanced endpoint assessment statements are correct? (Choose four.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 40
http://www.braindump2go.com
A. examines the remote computer for personnel firewalls applications
B. examines the remote computer for antivirus applications
C. examines the remote computer for antispyware applications
D. examines the remote computer for malware applications
E. does not perform any remediation but provides input that can be evaluated by DAP records
F. performs active remediation by applying rules, activating modules, and providing updates where
applicable
Answer: ABCF
QUESTION 88
Which statement regarding hashing is correct?
Answer: B
QUESTION 89
What is the access-list command on a Cisco IPS appliance used for?
A. to permanently filter traffic coming to the Cisco IPS appliance via the sensing port
B. to filter for traffic when the Cisco IPS appliance is in the inline mode
C. to restrict management access to the sensor
D. to create a filter that can be applied on the interface that is under attack
Answer: C
QUESTION 90
How does a user access a Cisco Web Security Appliance for initial setup?
A. Connect the console cable and use the terminal at 9600 baud to run the setup wizard.
B. Connect the console cable and use the terminal at 115200 baud to run the setup wizard.
C. Open the web browser at 192.168.42.42:8443 for the setup wizard over https.
D. Open the web browser at 192.168.42.42:443 for the setup wizard over https.
Answer: C
QUESTION 91
What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS
sessions and HTTPS access?
A. sslconfig
B. sslciphers
C. tlsconifg
D. certconfig
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 41
http://www.braindump2go.com
Answer: A
QUESTION 92
Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized
access. Which four steps should Joe implement to accomplish this goal? (Choose four.)
A. Implement IP access lists to limit access to the management IP address in the Cisco Web
Security Appliance GUI.
B. Add the Cisco Web Security Appliance IP address to the local access list.
C. Enable HTTPS access via the GUI/CLI with redirection from HTTP.
D. Replace the Cisco self-signed certificate with a publicly signed certificate.
E. Put the Cisco WSA Management interface on a private management VLAN.
F. Change the netmask on the Cisco WSA Management interface to a 32-bit mask.
G. Create an MX record for the Cisco Web Security Appliance in DNS.
Answer: ACDE
QUESTION 93
Which command is used to enable strong ciphers on the Cisco Web Security Appliance?
A. interfaceconfig
B. strictssl
C. etherconfig
D. adminaccessconfig
Answer: B
QUESTION 94
Which Cisco ESA command is used to edit the ciphers that are used for GUI access?
A. interfaceconfig
B. etherconfig
C. certconfig
D. sslconfig
Answer: D
QUESTION 95
In order to set up HTTPS decryption on the Cisco Web Security Appliance, which two steps must
be performed? (Choose two.)
A. Enable and accept the EULA under Security Services > HTTPS Proxy.
B. Upload a publicly signed server certificate.
C. Configure or upload a certificate authority certificate.
D. Enable HTTPS decryption in Web Security Manager > Access Policies.
Answer: AC
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 42
http://www.braindump2go.com
QUESTION 96
When a Cisco Email Security Appliance joins a cluster, which four settings are inherited?
(Choose four.)
A. IP address
B. DNS settings
C. SMTP routes
D. HAT
E. RAT
F. hostname
G. certificates
Answer: BCDE
QUESTION 97
The helpdesk was asked to provide a record of delivery for an important email message that a
customer claims it did not receive. Which feature of the Cisco Email Security Appliance provides
this record?
Answer: C
QUESTION 98
Connections are being denied because of SenderBase Reputation Scores. Which two features
must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose
two.)
Answer: AD
QUESTION 99
Which five system management and reporting protocols are supported by the Cisco Intrusion
Prevention System? (Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv2
D. SNMPv3
E. syslog
F. SDEE
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 43
http://www.braindump2go.com
G. SMTP
Answer: ABCFG
QUESTION 100
Refer to the exhibit. The system administrator of mydomain.com received complaints that some
messages that were sent from sender user@somedomain.com were delayed. Message tracking
data on the sender shows that an email sample that was received was clean and properly
delivered. What is the likely cause of the intermittent delays?
Answer: C
QUESTION 101
A system administrator wants to know if the email traffic from a remote partner will activate
special treatment message filters that are created just for them. Which tool on the Cisco Email
Security gateway can you use to debug or emulate the flow that a message takes through the
work queue?
Answer: D
QUESTION 102
Which command verifies that CWS redirection is working on a Cisco IOS router?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 44
http://www.braindump2go.com
A. show content-scan session active
B. show content-scan summary
C. show interfaces stats
D. show sessions
Answer: A
QUESTION 103
Which two commands are used to verify that CWS redirection is working on a Cisco ASA
appliance? (Choose two.)
Answer: AC
QUESTION 104
A user is deploying a Cisco IPS appliance in a data center to mitigate most attacks, including
atomic attacks. Which two modes does Cisco recommend using to configure for this? (Choose
two.)
A. VLAN pair
B. interface pair
C. transparent mode
D. EtherChannel load balancing
E. promiscuous mode
Answer: AD
QUESTION 105
Which statement about Cisco IPS Manager Express is true?
Answer: B
QUESTION 106
Refer to the exhibit. When designing the network to redirect web traffic utilizing the Catalyst 6500
to the Cisco Web Security Appliance, impact on the switch platform needs consideration.
Which four rows identify the switch behavior in correlation to the redirect method? (Choose four.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 45
http://www.braindump2go.com
A. Row 1
B. Row 2
C. Row 3
D. Row 4
E. Row 5
F. Row 6
G. Row 7
H. Row 8
Answer: BCFG
QUESTION 107
Refer to the exhibit. Which four rows exhibit the correct WCCP service to protocol assignments?
(Choose four.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 46
http://www.braindump2go.com
A. Row 1
B. Row 2
C. Row 3
D. Row 4
E. Row 5
F. Row 6
G. Row 7
H. Row 8
Answer: BDFH
QUESTION 108
Which three protocols are required when considering firewall rules for email services using a
Cisco Email Security Appliance? (Choose three.)
A. SMTP
B. HTTP
C. DNS
D. SNMP
E. FTP
Answer: ABC
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 47
http://www.braindump2go.com
QUESTION 109
Which two design considerations are required to add the Cisco Email Security Appliance to an
existing mail delivery chain? (Choose two.)
A. Existing MX records should be maintained and policy routing should be used to redirect traffic to
the ESA.
B. Update the MX records to point to the inbound listener interfaces on the ESA.
C. Update the MX records to point to the outbound listener interfaces on the ESA.
D. Different Listeners must be used to handle inbound and outbound mail handling.
E. The ESA should be connected to the same subnet as the Email Server because it maintains only
a single routing table.
F. The ESA can be connected to a DMZ external to the Email Server because it maintains multiple
routing tables.
G. The ESA can be connected to a DMZ external to the Email Server but it maintains only a single
routing table.
H. Mail Listeners by default can share the same IP interface by defining the routes for sending and
receiving.
Answer: BG
QUESTION 110
Which three sender reputation ranges identify the default behavior of the Cisco Email Security
Appliance? (Choose three.)
Answer: ACF
QUESTION 111
Which two statements regarding the basic setup of the Cisco CX for services are correct?
(Choose two.)
A. The Packet capture feature is available for either permitted or dropped packets by default.
B. Public Certificates can be used for HTTPS Decryption policies.
C. Public Certificates cannot be used for HTTPS Decryption policies.
D. When adding a standard LDAP realm, the group attribute will be UniqueMember.
E. The Packet capture features is available for permitted packets by default.
Answer: CE
QUESTION 112
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 48
http://www.braindump2go.com
Which three zones are used for anomaly detection in a Cisco IPS? (Choose three.)
A. internal zone
B. external zone
C. illegal zone
D. inside zone
E. outside zone
F. DMZ zone
Answer: ABC
QUESTION 113
Who or what calculates the signature fidelity rating in a Cisco IPS?
Answer: A
QUESTION 114
Which command sets the number of packets to log on a Cisco IPS sensor?
A. ip-log-count number
B. ip-log-packets number
C. ip-log-bytes number
D. ip-log number
Answer: B
QUESTION 115
Refer to the exhibit. The system administrator of mydomain.com was informed that one of the
users in his environment received spam from an Internet sender. Message tracking shows that
the emails for this user were not scanned by antispam. Why did the Cisco Email Security gateway
fail to do a spam scan on emails for user@mydomain.com?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 49
http://www.braindump2go.com
A. The remote MTA activated the SUSPECTLIST sender group.
B. The Cisco Email Security gateway created duplicates of the message.
C. The user user@mydomain.com matched an inbound rule with antispam disabled.
D. The user bob@mydomain.com matched an inbound rule with antispam disabled.
Answer: D
QUESTION 116
Drag and Drop Question
Drag and drop the Cisco Security IntelliShield Alert Manager Service components on the left onto
the corresponding description on the right.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 50
http://www.braindump2go.com
Answer:
QUESTION 117
Which three features does Cisco CX provide? (Choose three.)
Answer: ABC
QUESTION 118
Which three functions can Cisco Application Visibility and Control perform within Cisco Cloud
Web Security? (Choose three.)
Answer: BDE
QUESTION 119
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 51
http://www.braindump2go.com
Which Cisco Web Security Appliance deployment mode requires minimal change to endpoint
devices?
A. Transparent Mode
B. Explicit Forward Mode
C. Promiscuous Mode
D. Inline Mode
Answer: A
QUESTION 120
What is the default antispam policy for positively identified messages within the Cisco Email
Security Appliance?
A. Drop
B. Deliver and Append with [SPAM]
C. Deliver and Prepend with [SPAM]
D. Deliver and Alternate Mailbox
Answer: C
QUESTION 121
Refer to the exhibit. What Cisco ESA CLI command generated the output?
A. smtproutes
B. tophosts
C. hoststatus
D. workqueuestatus
Answer: B
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 52
http://www.braindump2go.com
QUESTION 122
What Event Action in an IPS signature is used to stop an attacker from communicating with a
network using an access-list?
Answer: A
QUESTION 123
Within Cisco IPS anomaly detection, what is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 - 255.255.255.255
C. 0.0.0.0/8
D. the network of the management interface
Answer: B
QUESTION 124
Which two Cisco IPS events will generate an IP log? (Choose two.)
A. A signature had an event action that was configured with log packets.
B. A statically configured IP or IP network criterion was matched.
C. A dynamically configured IP address or IP network was matched.
D. An attack produced a response action.
Answer: AB
QUESTION 125
Which three options are valid event actions for a Cisco IPS? (Choose three.)
A. deny-packet-inline
B. deny-attack-reset
C. produce-verbose-alert
D. log-attacker-packets
E. deny-packet-internal
F. request-block-drop-connection
Answer: ACD
QUESTION 126
Which configuration option causes an ASA with IPS module to drop traffic matching IPS
signatures and to block all traffic if the module fails?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 53
http://www.braindump2go.com
B. Inline Mode, Close Traffic
C. Promiscuous Mode, Permit Traffic
D. Promiscuous Mode, Close Traffic
Answer: B
QUESTION 127
Which Cisco IPS CLI command shows the most fired signature?
Answer: A
QUESTION 128
Which IPS engine detects ARP spoofing?
Answer: A
QUESTION 129
Which two options are characteristics of router-based IPS? (Choose two.)
Answer: CE
QUESTION 130
An IPS is configured to fail-closed and you observe that all packets are dropped. What is a
possible reason for this behavior?
A. Mainapp is unresponsive.
B. The global correlation update failed.
C. The IPS span session failed.
D. The attack drop file is misconfigured.
Answer: A
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 54
http://www.braindump2go.com
QUESTION 131
What can you use to access the Cisco IPS secure command and control channel to make
configuration changes?
A. SDEE
B. the management interface
C. an HTTP server
D. Telnet
Answer: B
QUESTION 132
Which Cisco technology provides spam filtering and email protection?
A. IPS
B. ESA
C. WSA
D. CX
Answer: B
QUESTION 133
You ran the ssh generate-key command on the Cisco IPS and now administrators are unable to
connect. Which action can be taken to correct the problem?
Answer: A
QUESTION 134
Which command allows the administrator to access the Cisco WSA on a secure channel on port
8443?
A. strictssl
B. adminaccessconfig
C. ssl
D. ssh
Answer: A
QUESTION 135
Which command can change the HTTPS SSL method on the Cisco ESA?
A. sslconfig
B. strictssl
C. sshconfig
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 55
http://www.braindump2go.com
D. adminaccessconfig
Answer: A
QUESTION 136
When you configure the Cisco ESA to perform blacklisting, what are two items you can disable to
enhance performance? (Choose two.)
A. spam scanning
B. antivirus scanning
C. APT detection
D. rootkit detection
Answer: AB
QUESTION 137
Which Cisco ESA predefined sender group uses parameter-matching to reject senders?
A. BLACKLIST
B. WHITELIST
C. SUSPECTLIST
D. UNKNOWNLIST
Answer: A
QUESTION 138
Which command disables SSH access for administrators on the Cisco ESA?
A. interfaceconfig
B. sshconfig
C. sslconfig
D. systemsetup
Answer: A
QUESTION 139
When you create a new server profile on the Cisco ESA, which subcommand of the ldapconfig
command configures spam quarantine end-user authentication?
A. isqauth
B. isqalias
C. test
D. server
Answer: A
QUESTION 140
Which three administrator actions are used to configure IP logging in Cisco IME? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 56
http://www.braindump2go.com
A. Select a virtual sensor.
B. Enable IP logging.
C. Specify the host IP address.
D. Set the logging duration.
E. Set the number of packets to capture.
F. Set the number of bytes to capture.
Answer: ACD
QUESTION 141
Which centralized reporting function of the Cisco Content Security Management Appliance
aggregates data from multiple Cisco ESA devices?
A. message tracking
B. web tracking
C. system tracking
D. logging
Answer: A
QUESTION 142
What is a value that Cisco ESA can use for tracing mail flow?
Answer: A
QUESTION 143
What are three features of the Cisco Security Intellishield Alert Manager Service? (Choose three.)
Answer: ABE
QUESTION 144
When you deploy a sensor to send connection termination requests, which additional traffic-
monitoring function can you configure the sensor to perform?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 57
http://www.braindump2go.com
B. Monitor traffic as it flows through the sensor.
C. Monitor traffic from the Internet only.
D. Monitor traffic from both the Internet and the intranet.
Answer: B
QUESTION 145
Which IPS feature allows you to aggregate multiple IPS links over a single port channel?
A. UDLD
B. ECLB
C. LACP
D. PAgP
Answer: B
QUESTION 146
Which Cisco IPS deployment mode is best suited for bridged interfaces?
Answer: B
QUESTION 147
When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in
traffic being dropped? (Choose two.)
Answer: AB
QUESTION 148
If inline-TCP-evasion-protection-mode on a Cisco IPS is set to asymmetric mode, what is a side
effect?
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 58
http://www.braindump2go.com
QUESTION 149
Which sensor deployment mode does Cisco recommend when interface capacity is limited and
you need to increase sensor functionality?
Answer: C
QUESTION 150
Which role does Passive Identity Management play in the Cisco Cloud Web Security
architecture?
Answer: A
QUESTION 151
Which two statements about Cisco ESA clusters are true? (Choose two.)
Answer: BE
QUESTION 152
Which two statements about devices within a Cisco ESA cluster are true? (Choose two.)
Answer: AB
QUESTION 153
What is a primary difference between the web security features of the Cisco WSA and the Cisco
ASA NGFW?
A. Cisco WSA provides URL filtering, while Cisco ASA NGFW does not.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 59
http://www.braindump2go.com
B. Cisco ASA NGFW provides caching services, while Cisco WSA does not.
C. Cisco WSA provides web reputation filtering, while Cisco ASA NGFW does not.
D. Cisco ASA NGFW provides application visibility and control on all ports, while Cisco WSA does
not.
Answer: D
QUESTION 154
Which Cisco ASA configuration command drops traffic if the Cisco ASA CX module fails?
A. no fail-open
B. fail-close
C. fail-close auth-proxy
D. auth-proxy
Answer: B
QUESTION 155
Which Cisco Cloud Web Security Connector feature allows access by all of an organization's
users while applying Active Directory group policies?
Answer: A
QUESTION 156
Which Cisco ESA component receives connections from external mail servers?
A. MTA
B. public listener
C. private listener
D. recipient access table
E. SMTP incoming relay agent
Answer: B
QUESTION 157
What is the function of the Cisco Context Adaptive Scanning Engine in Cisco Hybrid Email
Security services?
A. It uses real-time traffic threat assessment to identify suspicious email senders and messages.
B. It provides a preventive defense against viruses by scanning messages before they enter the
network.
C. It analyzes message content and attachments to protect an organization's intellectual property.
D. It protects against blended threats by using human-like logic to review and evaluate traffic.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 60
http://www.braindump2go.com
Answer: D
QUESTION 158
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate
the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web
traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security
Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one
Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select
the best answer.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 61
http://www.braindump2go.com
How many Cisco ASAs and how many Cisco WSAs are participating in the WCCP service?
A. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and one Cisco WSA.
B. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and one Cisco WSA.
C. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and two Cisco WSAs.
D. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and two Cisco WSAs.
E. Two Cisco ASAs and one Cisco WSA.
F. Two Cisco ASAs and two Cisco WSAs.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 62
http://www.braindump2go.com
Answer: A
Explanation:
We can see from the output that the number of routers (ASA's) is 1, so there is a single ASA or
an active/ standby pair being used, and 1 Cache Engine. If the ASA's were in a active/active role
it would show up as 2 routers.
QUESTION 159
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate
the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web
traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security
Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one
Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select
the best answer.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 63
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 64
http://www.braindump2go.com
What traffic is not redirected by WCCP?
Answer: B
Explanation:
From the screen shot below we see the WCCP-Redirection ACL is applied, so all traffic from the
Private IP space to any destination will be redirected.
QUESTION 160
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate
the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web
traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security
Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one
Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 65
http://www.braindump2go.com
Your task is to examine the details available in the simulated graphical user interfaces and select
the best answer.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 66
http://www.braindump2go.com
Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with respect
to redirected ports?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 67
http://www.braindump2go.com
Answer: C
Explanation:
This can be seen from the WSA Network tab shown below:
QUESTION 161
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate
the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web
traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security
Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one
Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are
implemented in the simulator. The options that have been implemented are sufficient to
determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select
the best answer.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 68
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 69
http://www.braindump2go.com
Which of the following is true with respect to the version of WCCP configured on the Cisco ASA
and the Cisco WSA?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 70
http://www.braindump2go.com
Answer: B
Explanation:
ASA version shows as version 2.0:
QUESTION 162
What are two features of the Cisco ASA NGFW? (Choose two.)
Answer: BD
QUESTION 163
Which three statements about Cisco CWS are true? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 71
http://www.braindump2go.com
A. It provides protection against zero-day threats.
B. Cisco SIO provides it with threat updates in near real time.
C. It supports granular application policies.
D. Its Roaming User Protection feature protects the VPN from malware and data breaches.
E. It supports local content caching.
F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats
outside the network.
Answer: ABC
QUESTION 164
Refer to the exhibit. What are two facts about the interface that you can determine from the given
output? (Choose two.)
Answer: AB
QUESTION 165
What are the two policy types that can use a web reputation profile to perform reputation-based
processing? (Choose two.)
A. profile policies
B. encryption policies
C. decryption policies
D. access policies
Answer: CD
QUESTION 166
Which three pieces of information are required to implement transparent user identification using
Context Directory Agent? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 72
http://www.braindump2go.com
Answer: BDE
QUESTION 167
Which method does Cisco recommend for collecting streams of data on a sensor that has been
virtualized?
A. VACL capture
B. SPAN
C. the Wireshark utility
D. packet capture
Answer: D
QUESTION 168
Which configuration mode enables a virtual sensor to monitor the session state for unidirectional
traffic?
A. asymmetric mode
B. symmetric mode
C. loose mode
D. strict mode
Answer: A
QUESTION 169
Over the period of one day, several Atomic ARP engine alerts fired on the same IP address.
You observe that each time an alert fired, requests on the IP address exceeded replies by the
same number. Which configuration could cause this behavior?
Answer: A
QUESTION 170
Which type of signature is generated by copying a default signature and modifying its behavior?
A. meta
B. custom
C. atomic
D. normalized
Answer: B
QUESTION 171
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 73
http://www.braindump2go.com
Which two conditions must you configure in an event action override to implement a risk rating of
70 or higher and terminate the connection on the IPS? (Choose two.)
Answer: AB
QUESTION 172
Which two conditions must you configure in an event action rule to match all IPv4 addresses in
the victim range and filter on the complete subsignature range? (Choose two.)
Answer: BC
QUESTION 173
If learning accept mode is set to "auto" and the knowledge base is loaded only when explicitly
requested on the IPS, which statement about the knowledge base is true?
Answer: B
QUESTION 174
In which way are packets handled when the IPS internal zone is set to "disabled"?
Answer: D
QUESTION 175
Which type of server is required to communicate with a third-party DLP solution?
A. an HTTPS server
B. an HTTP server
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 74
http://www.braindump2go.com
C. an ICAP-capable proxy server
D. a PKI certificate server
Answer: C
QUESTION 176
Which feature does Acceptable Use Controls use to implement Cisco AVC?
A. ISA
B. Cisco Web Usage Controls
C. Cisco WSA
D. Cisco ESA
Answer: B
QUESTION 177
You have configured a VLAN pair that is connected to a switch that is unable to pass traffic. If the
IPS is configured correctly, which additional configuration must you perform to enable the switch
to pass traffic?
Answer: A
QUESTION 178
You ran the ssh generate-key command on the Cisco IPS and now administrators are unable to
connect. Which action can be taken to correct the problem?
Answer: A
QUESTION 179
Which piece of information is required to perform a policy trace for the Cisco WSA?
Answer: A
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 75
http://www.braindump2go.com
QUESTION 180
What is a valid search parameter for the Cisco ESA find event tool?
A. Envelope Origination
B. Envelope Type
C. Message ID
D. Download Type
Answer: C
QUESTION 181
Which website can be used to validate group information about connections that flow through
Cisco CWS?
A. whoami.scansafe.net
B. policytrace.scansafe.net
C. whoami.scansafe.com
D. policytrace.scansafe.com
Answer: B
QUESTION 182
What are three arguments that can be used with the show content-scan command in Cisco IOS
software? (Choose three)
A. session
B. data
C. verbose
D. buffer
E. summary
F. statistics
Answer: AEF
QUESTION 183
In addition to the CLI, what is another option to manage a Cisco IPS?
A. SDEE
B. Cisco SDM
C. Cisco IDM
D. Cisco ISE
Answer: C
QUESTION 184
What is the function of the Web Proxy Auto-Discovery protocol?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 76
http://www.braindump2go.com
C. It enables a web client's traffic flows to be redirected in real time.
D. It enables web clients to dynamically resolve hostname records.
Answer: A
QUESTION 185
What is a difference between a Cisco Content Security Management virtual appliance and a
physical appliance?
Answer: A
QUESTION 186
Which Cisco Web Security Appliance feature enables the appliance to block suspicious traffic on
all of its ports and IP addresses?
Answer: A
QUESTION 187
Which feature of the Cisco Hybrid Email Security services enables you to create multiple email
senders on a single Cisco ESA?
A. Virtual Gateway
B. Sender Groups
C. Mail Flow Policy Connector
D. Virtual Routing and Forwarding
E. Email Marketing Connector
Answer: A
QUESTION 188
Which option is a benefit of Cisco Email Security virtual appliance over the Cisco ESA appliance?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 77
http://www.braindump2go.com
Answer: A
QUESTION 189
Which option is a benefit of Cisco hybrid email security?
Answer: A
QUESTION 190
Which technology is used to improve business-critical application performance?
Answer: A
QUESTION 191
Which option is a benefit of deploying Cisco Application Visibility and Control?
Answer: A
QUESTION 192
Which solution must a customer deploy to prioritize traffic to a cloud-based contact management
application while still allowing employees access to the Internet for business and personal use?
Answer: A
QUESTION 193
Which three categories of the seven major risk management categories are covered in the Cyber
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 78
http://www.braindump2go.com
Risk Reports? (Choose three.)
A. vulnerability
B. risk rating
C. legal
D. confidence level
E. geopolitical
F. global reputation
Answer: ACE
QUESTION 194
Which option describes a customer benefit of the Cisco Security IntelliShield Alert Manager?
A. It provides access to threat and vulnerability information for Cisco related products only.
B. It consolidates vulnerability information from an internal Cisco source, which allows security
personnel to focus on remediation and proactive protection versus research.
C. It provides effective and timely security intelligence via early warnings about new threats and
technology vulnerabilities.
D. It enhances the efficiency of security staff with accurate, noncustomizable threat intelligence,
critical remediation information, and easy-to-use workflow tools.
Answer: C
QUESTION 195
Which two options are known limitations in deploying an IPS sensor in promiscuous mode versus
inline mode? (Choose two).
A. It is less effective in stopping email viruses and automated attackers such as worms.
B. It requires less of an operational response because the attacks are blocked automatically without
operational team support.
C. Sensors in this deployment cannot stop the trigger packet and are not guaranteed to stop a
connection.
D. A sensor failure affects network functionality.
E. It does not see the same traffic.
Answer: AC
QUESTION 196
Which option describes how the native VLAN is set up on an IPS sensor when VLAN groups are
used in an inline deployment of the sensor?
A. The sensor looks at the native VLAN setup on the switch to determine the correct native VLAN to
use.
B. The sensor does not care about VLANs.
C. A default VLAN variable must be associated with each physical interface on the sensor.
D. There is no way to set this, so you need to tag all traffic.
E. ISL links are only supported.
Answer: C
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 79
http://www.braindump2go.com
QUESTION 197
Using the Cisco WSA GUI, where should an operator navigate to determine the running software
image on the Cisco WSA?
Answer: A
QUESTION 198
When a user receives an encrypted email from a Cisco ESA, which technology is used to retrieve
the key to open the email?
Answer: C
QUESTION 199
Which four methods are used to deploy transparent mode traffic redirection? (Choose four.)
A. PAC files
B. Web Cache Communication Protocol
C. policy-based routing
D. Microsoft GPO
E. Layer 4 switch
F. DHCP server
G. Layer 7 switch
H. manual browser configuration
Answer: BCEG
QUESTION 200
When centralized message tracking is enabled on the Cisco ESA, over which port does the
communication to the SMA occur by default?
A. port 2222/TCP
B. port 443/TCP
C. port 25/TCP
D. port 22/TCP
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 80
http://www.braindump2go.com
QUESTION 201
Which platform has message tracking enabled by default?
A. C670
B. C370
C. Virtual ESA
D. It is not enabled by default on any platform.
Answer: D
QUESTION 202
Which two options are the correct URL and credentials used to access the Cisco Web Security
Appliance for the first time? (Choose two.)
A. admin/password
B. http://192.168.1.1:8080
C. ironport/ironport
D. http://192.168.42.42:8080
E. admin/ironport
F. http://192.168.42.42:8443
Answer: DE
QUESTION 203
Which interface on the Cisco Email Security Appliance has HTTP and SSH enabled by default?
A. data 1
B. data 2
C. management 1
D. all interfaces
Answer: A
QUESTION 204
Lab Simulation
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 81
http://www.braindump2go.com
Answer:
Review the explanation part for full solution.
We need to create a policy map named inside-policy and send the traffic to the CXSC blade:
ASA-FW# config t
ASA-FW(config)# policy-map inside-policy
ASA-FW(config-pmap)# policy-map inside-policy
ASA-FW(config-pmap)# class class-default
ASA-FW(config-pmap-c)# cxsc fail-close auth-proxy
ASA-FW(config-pmap-c)# exit
ASA-FW(config-pmap)# exit
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 82
http://www.braindump2go.com
The fail-close is needed as per instructions that if the CX module fails, no traffic should be
allowed. The auth-proxy keyword is needed for active authentication.
Next, we need to apply this policy map to the inside interface:
QUESTION 205
Lab Simulation
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 83
http://www.braindump2go.com
Answer: Review the explanation part for full solution.
We need to define the parameter map, specifying port 8080 for http and https and define the
servers and the license:
Branch-ISR#config t
Branch-ISR(config)#parameter-map type content-scan global
Branch-ISR(config-profile)#server scansafe primary name proxy-
a.scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#server scansafe secondary name proxy-
b.scansafe.net port http 8080 https 8080
Branch-ISR(config-profile)#license 0 0123456789abcdef
If the CWS proxy servers are not available, we traffic should be denied. This is done by the
following configuration:
Finally, we can verify out configuration by using the "show content-scan summary command:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 84
http://www.braindump2go.com
Interfaces: Fastethernet0/1
QUESTION 206
Hotspot Questions (QUESTION 206 - QUESTION 209)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 85
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 86
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 87
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 88
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 89
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 90
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 91
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 92
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 93
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 94
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 95
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 96
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 97
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 98
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 99
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 100
http://www.braindump2go.com
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 101
http://www.braindump2go.com
For which domains will the Cisco Email Security Appliance allow up to 5000 recipients per
message?
A. violet.public
B. violet.public and blue.public
C. violet.public, blue.public and green.public
D. red.public
E. orange.public
F. red.public and orange.public
Answer: E
Explanation:
Here we see that the TRUSTED policy is being throttled to 5000 recipients per message.
By looking at the HAT policy we see that the TRUSTED policy applies to the WHITELIST sender
group.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 102
http://www.braindump2go.com
By clicking on the WHITELIST sender group we can see that orange.public is listed as the
sender.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 103
http://www.braindump2go.com
QUESTION 207
What is the maximum number of recipients per hour that the Cisco Email Security Appliance will
accept from the green.public domain?
A. 0
B. 1
C. 20
D. 25
E. 50
F. 5000
G. Unlimited
Answer: C
Explanation:
From the instructions we know that the green.public domain has been assigned a reputation
score of 2.
From below we know that a reputation score of 2 belongs to the SUSPECTLIST, which has a
policy of “THROTTLED”:
By clicking on the THROTTLED policy we see that the max recipients per hour has been set to
20:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 104
http://www.braindump2go.com
QUESTION 208
What is the maximum message size that the Cisco Email Security Appliance will accept
from the violet.public domain?
A. 1 KB
B. 100 KB
C. 1 MB
D. 10 MB
E. 100 MB
F. Unlimited
Answer: D
Explanation:
From the instructions we know that the reputation score for the violet.public domain has been set
to 8. From the HAT table shown below we know that a score of 8 belongs to the UNKNOWNLIST
group, which is assigned the ACCEPTED policy.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 105
http://www.braindump2go.com
By clicking on the ACCEPTED policy we see that max message size has been set to the default
value of 10M:
QUESTION 209
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 106
http://www.braindump2go.com
The Cisco Email Security Appliance will reject messages from which domains?
A. red.public
B. red.public and orange.public
C. red.public, orange.public and yellow.public
D. orange.public
E. violet.public
F. violet.public and blue.public
G. None of the listed domains
Answer: F
Explanation:
The BLOCKED policy rejects messages as shown below:
The BLOCKED policy is assigned to the BLACKLIST sender group, and here we see that no
senders have been applied to this group:
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 107
http://www.braindump2go.com
QUESTION 210
Refer to the exhibit, which description of the result of this configuration is true?
Answer: C
QUESTION 211
For which task can PRSM be used?
Answer: A
QUESTION 212
Which command applies WCCP redirection on the inside interface of a cisco asa 5500-x firewall?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 108
http://www.braindump2go.com
B. web-cache interface inside 90 redirect in
C. wccp interface inside redirect out
D. wccp web-cache
Answer: A
QUESTION 213
Which IPS signature engine inspects the IP protocol packets and the Layer TCP?
A. String TCP
B. Atomic TCP
C. Service HTTP
D. Atomic IP
Answer: D
QUESTION 214
Which statement about the Cisco CWS web filtering policy behavior is true?
Answer: A
QUESTION 215
How are HTTP requests handled by the Cisco WSA?
Answer: D
QUESTION 216
Which option describes what occurs with asymmetric routing when an IPS normalization engine is
enable?
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 109
http://www.braindump2go.com
QUESTION 217
Which statement about the Cisco ASA CX role in inspecting SSL traffic is true?
A. To decrypt traffic, the Cisco ASA CX must accept the websites' certificates as Trusted Root CAs.
B. If the administrator elects to decrypt traffic, the Cisco ASA CX acts as a man-in--me-middle.
C. Either all traffic is decrypted, or no traffic is decrypted by the Cisco ASA CX.
D. The traffic is encrypted, so the Cisco ASA CX cannot determine the content of the traffic.
Answer: B
QUESTION 218
When https traffic is scanned, which component of the full URL does CWS log?
A. only path
B. only host Y
C. host and query
D. path and query
Answer: B
QUESTION 219
Using the Cisco WSA GUI, where should an operator navigate to determine the running sotfware
image on the Cisco WSA?
Answer: B
QUESTION 220
Which step is required when you configure URL filtering to Cisco Cloud Web Security?
Answer: A
QUESTION 221
Which action cloud reduce the security of the management interface of the Cisco ESA appliance?
A. Assing delegated administrator roles to engineers who manage the mail policies.
B. create a network access list to allow all connections to the management interface
C. Display a login banner indicating that all appliance use is logged and reviewed
D. configure a web UI session timeout of 30 minutes for connected users.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 110
http://www.braindump2go.com
Answer: A
QUESTION 222
A security engineer is configuring user identity for the Cisco ASA connector for Cisco CWS. How
many AAA server groups must the engineer configure?
A. 1
B. 3
C. 4
D. 2
Answer: D
QUESTION 223
Which option represents the cisco event aggregation product?
A. CVSS system
B. IntelliShield
C. ASA CX Event Viewer
D. ASDM 7.5
Answer: C
QUESTION 224
Which statement about the default configuration of an IPS sensor's management security settings
is true?
Answer: A
QUESTION 225
Which information does the show scansafe statistics command provide?
Answer: D
QUESTION 226
On which plateforms can you run CWS connector? (choose two)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 111
http://www.braindump2go.com
A. Cisco ASA Firewall
B. Cisco IPS module
C. Standalone deployment
D. Cisco ISR router
E. Cisco Firepower NGIPS
Answer: AD
QUESTION 227
Refer to the exhibit, which description of the result of this configuration is true?
Router(config)#line vty 5 15
Router(config-line)#access-class 23 in
Answer: C
QUESTION 228
What does the anomaly detection Cisco IOS IPS component detection ?
A. ARP Spoofing
B. Worm-infected hosts
C. Signature changes
D. Network Congestion
Answer: B
QUESTION 229
Refer to the exhibit. The security engineer has configured cisco cloud web security redirection on
a cisco ASA firewall. Which statement describes what can be determined from exhibit?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 112
http://www.braindump2go.com
A. In case of issues, the next step should be to perform debugging on the cisco ASA.
B. The URL visited by the user was LAB://testgroup.
C. This out has been obtained by browsing to whoami.scansafe.net
D. The IP address of the Scansafe tower is 209.165.200.241
Answer: C
QUESTION 230
Refer to the exhibit. How is the "cisco" password stored?
A. As MD5 hash
B. As Type 0
C. As Type 7
D. As Clear Text
Answer: A
QUESTION 231
Refer to the exhibit. What type of password is "cisco"?
Router(config)#service password-encryption
Router(config)#username admin password cisco
A. Enhanced
B. CHAP
C. Type 7
D. Type 0
Answer: C
QUESTION 232
When does the Cisco ASA send traffic to the Cisco ASA IPS module for analysis?
Answer: C
QUESTION 233
Which technique is deployed to harden network devices?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 113
http://www.braindump2go.com
D. VLAN ACLs
Answer: B
QUESTION 234
Refer to the exhibit. Which option describe the result of this configuration on a Cisco ASA
firewall?
Answer: B
QUESTION 235
Which Option of SNMPv3 ensure authentication but no encryption?
A. priv
B. no auth
C. no priv
D. authNoPriv
Answer: D
Explanation:
SNMPv1, SNMPv2c, and SNMPv3 each represent a different security model. The security model
combines with the selected security level to determine the security mechanism applied when the
SNMP message is processed.
The security level determines the privileges required to view the message associated with an
SNMP trap. The privilege level determines whether the message needs to be protected from
disclosure or authenticated. The supported security level depends upon which security model is
implemented. SNMP security levels support one or more of the following privileges:
SNMPv3 provides for both security models and security levels. A security model is an
authentication strategy that is set up for a user and the role in which the user resides. A security
level is the permitted level of security within a security model. A combination of a security model
and a security level determines which security mechanism is employed when handling an SNMP
packet.
QUESTION 236
Which commands are required to configure SSH on router? (Choose two)
Answer: AB
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 114
http://www.braindump2go.com
Answer: A
QUESTION 237
An enginner manages a Cisco Intrusion Prevention System via IME. A new user must be able to
tune signatures, but must not be able to create new users. Which role for the new user is correct?
A. viewer
B. service
C. operator
D. administrator
Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/command/reference/cmdref/crIntro.html
QUESTION 238
Which two pieces of information are required to implement transparent user identification using
context Directory Agent? (Choose two)
Answer: BC
QUESTION 239
Which settings are required when deploying Cisco IPS in high-availability mode using
EtherChannel load balancy?
A. ECLB IPS appliances must be in on-a-stick mode, ECLB IPS solution maintains state if a sensor
goes down, and TCP flow is forced through the same IPS appliance.
B. ECLB IPS appliances must not be in on-a-stick mode, ECLB IPS solution maintains state if a
sensor goes down, and TCP flow is forced through the same IPS appliance flow
C. ECLB IPS appliances must be in on-a-stick mode, ECLB IPS solution does not maintain state if a
sensor goes down, and TCP flow is forced through a different IPS appliance.
D. ECLB IPS appliances must not be in on-a-stick mode, ECLB IPS solution does not maintain state
if a sensor goes down, and TCP flow is forced through a different IPS appliance.
Answer: C
Explanation:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186
a0080671a8d.shtml
QUESTION 240
Which Cisco technology secures the network through malware filtering, category-base control,
and reputation-based control?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 115
http://www.braindump2go.com
A. Cisco WSA
B. Cisco IPS
C. Cisco ASA 5500 series appliances
D. Cisco remote-access VPNs
Answer: A
QUESTION 241
Which option describes the role of the Learning Accept Mode for anomaly detection?
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/sec
urity_manager/4-0/user/guide/CSMUserGuide_wrapper/ipsanom.html
QUESTION 242
Which description of an advantage of utilizing IPS virtual sensors is true?
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ips/7-
0/configuration/guide/cli/cliguide7/cli_virtual_sensors.pdf
QUESTION 243
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace
which current encryption technology?
A. 3DES
B. RSA
C. DES
D. AES
Answer: B
QUESTION 244
Which action is possible when a signature is triggered on the Cisco IOS IPS?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 116
http://www.braindump2go.com
C. Deny all packets with the same port destination
D. Send an SNMP alert to a monitoring system
Answer: A
QUESTION 245
Which signature engine is responsible for ICMP inspection on Cisco IPS?
A. AIC Engine
B. Fixed Engine
C. Service Engine
D. Atomic IP Engine
Answer: D
QUESTION 246
A network security design engineer is considering using a Cisco Intrusion Detection System in the
DMZ of the network. Which option is the drawback to using IDS in the DMZ as opposed to using
Intrusion Prevention System?
A. Sensors, when placed in-line, can impact network functionality during sensor failure.
B. IDS has impact on the network (thatis, latency and jitter).
C. Response actions cannot stop triggered packet or guarantee to stop a connection techniques.
D. Response actions cannot stop malicious packets or cannot guarantee to stop any DOS attack.
Answer: C
QUESTION 247
Which three statements about threat ratings are true? (Choose three.)
A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating.
B. The largest threat rating from all actioned events is added to the risk rating.
C. The smallest threat rating from all actioned events is subtracted from the risk rating.
D. The alert rating for deny-attacker-inline is 45.
E. Unmitigated events do not cause a threat rating modification.
F. The threat rating for deny-attacker-inline is 50.
Answer: ADE
QUESTION 248
Which two configuration steps are required for implementing SSH for management access to a
Cisco router? (Choose two.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 117
http://www.braindump2go.com
Answer: DE
Explanation:
http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell- ssh/4145ssh.html
QUESTION 249
Which Cisco IOS command uses the default class map to limit SNMP inspection to traffic from
10.1.1.0 to 192.168.1.0?
Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/inspect_overv
iew.html
QUESTION 250
Drag and Drop Question
Drag and drop the terms on the left onto the correct definition for the promiscuous IPS risk rating
calculation on the right.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 118
http://www.braindump2go.com
Answer:
QUESTION 251
Drag and Drop Question
Drag and drop the steps on the left into the correct order on the right to configure a Cisco ASA
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 119
http://www.braindump2go.com
NGFW with multiple security contexts.
Answer:
QUESTION 252
Drag and Drop Question
Drag and drop the steps on the left into the correct order of initial Cisco IOS IPS configuration on
the right.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 120
http://www.braindump2go.com
Answer:
QUESTION 253
Which detection method is also known as machine learning on Network-based Cisco Advanced
Malware Protection?
Answer: C
Explantation:
http://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-
appliance/datasheet-c78-733180.html
QUESTION 254
Which policy is used to capture host information on the Cisco Next Generation Intrusion
Prevention System?
A. network discovery
B. correlation
C. intrusion
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 121
http://www.braindump2go.com
D. access control
Answer: C
QUESTION 255
With Cisco FirePOWER Threat Defense software, which interface mode do you configure for an
IPS deployment, where traffic passes through the appliance but does not require VLAN rewriting?
A. inline set
B. passive
C. inline tap
D. routed
E. transparent
Answer: D
QUESTION 256
How does the WSA policy trace tool make a request to the Proxy to emulate a client request?
A. explicitly
B. transparently
C. via WCCP
D. via policy-based routing
Answer: C
QUESTION 257
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in
your environment?
A. vulnerable software
B. file analysis
C. detections
D. prevalence
E. threat root cause
Answer: B
QUESTION 258
When the WSA policy trace tool is used to make a request to the proxy, where is the request
logged?
A. proxy logs
B. access logs
C. authentication logs
D. The request is not logged
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 122
http://www.braindump2go.com
QUESTION 259
When using Cisco FirePOWFR Services for ASA, how is traffic directed form based Cisco ASA to
the Cisco POWER Services?
Answer: D
QUESTION 260
In a Cisco FirePOWER instrusion policy, which two event actions can be configured on a rule?
(Choose two.)
A. drop packet
B. drop and generate
C. drop connection
D. capture trigger packet
E. generate events
Answer: CD
QUESTION 261
Which object can be used on a Cisco FirePOWER appliance, but not in an access control policy
rule on Cisco FirePOWER services running on a Cisco ASA?
A. URL
B. security intelligence
C. VLAN
D. geolocation
Answer: C
QUESTION 262
Which two appliances support logical routed interfaces? (Choose two.)
Answer: AE
QUESTION 263
A system administrator wants to know if the email traffic from a remote partner will active special
treatment message filters that are created just for them . Which tool on the Cisco Email Security
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 123
http://www.braindump2go.com
gateway can you use to debug and emulate the flow that a message takes through the work
queue?
Answer: A
QUESTION 264
In which two places can thresholding settings be configured? (Choose two.)
Answer: BD
QUESTION 265
Which cloud-based malware detection engine uses machine-learning detection techniques in the
Cisco Advanced Malware Protection cloud?
A. third-party detections
B. Spero
C. Ethos
D. Memcache
Answer: B
QUESTION 266
Which Cisco FirePOWER setting is used to reduce thenumber of events received in a period of
time and avoid being overwhelmed?
A. thresholding
B. rate-limiting
C. limiting
D. correlation
Answer: D
QUESTION 267
Access the configuration of the Cisco Email Security Appliance using the MailFlowPolicies tab.
Within the GUI, you can navigate between the Host Access Table Overview and Mail Flow
Policies tables. You can also navigate to the individual Mail Flow Policies and Sender Groups that
are configured on the appliance.
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 124
http://www.braindump2go.com
Consider the configuration and the SenderBase Reputation Scores of the following fictitious
domains when answering the four multiple choice questions.
A. red.public, -6
B. orange.public, -4
C. yellow.public, -2
D. green .. public, 2
E. blue.public, 6
F. violet.public, 8
Answer: D
QUESTION 268
What is the function of the Web Proxy Auto Discovery protocol?
Answer: D
QUESTION 269
On Cisco Firepower Management Center, which policy is used to collect health modules alerts
from managed devices?
A. health policy
B. system policy
C. correlation policy
D. access control policy
E. health awareness policy
Answer: A
QUESTION 270
Your organization has subscribed to the Cisco Cloud Web Security (CWS) service.
You have been assigned the task of configuring the CWS connector on the ISR-G2 router at a
branch office. Details of the configuration requirements include:
You can access the console of the ISR at the branch office using the icon on the topology display.
The enable password is Cisco!23
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 125
http://www.braindump2go.com
With Firepower Threat Defense, which two interface settings are required when configuring a
routed interface? (Choose two.)
A. Speed
B. Duplex
C. Media Type
D. Redundant Interface
E. EtherChannel
Answer: AB
QUESTION 271
Which Cisco AMP for Endpoints, what is meant by simple custom detection?
Answer: B
QUESTION 272
Which option lists the minimum requirements to deploy a managed device inline?
Answer: A
QUESTION 273
Which two methods are used to deploy transparent mode traffic redirection? (Choose two)
A. Microsoft GPO
B. policy-based routing
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 126
http://www.braindump2go.com
C. DHCP server
D. PAC files
E. Web Cache Communication Protocol
Answer: BE
QUESTION 274
When deploying Cisco FirePOWER appliances, which option must you configure to enable VLAN
rewriting?
A. hybrid interfaces
B. virtual switch
C. virtual router
D. inline set
Answer: B
QUESTION 275
Which policy must you edit to make changes to the Snort preprocessors?
Answer: A
QUESTION 276
Which three access control actions permit traffic to pass through the device when using Cisco
FirePOWER? (Choose three.)
A. pass
B. trust
C. monitor
D. allow
E. permit
F. inspect
Answer: BCD
QUESTION 277
Which two TCP ports can allow the Cisco Firepower Management Center to communication with
FireAMP cloud for file disposition information? (Choose two.)
A. 8080
B. 22
C. 8305
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 127
http://www.braindump2go.com
D. 32137
E. 443
Answer: DE
QUESTION 278
When creating an SSL policy on Cisco FirePOWER, which three options do you have?
A. do not decrypt
B. trust
C. allow
D. block with reset
E. block
F. encrypt
Answer: ADE
QUESTION 279
Which three operating systems are supported with Cisco AMP for Endpoints? (Choose three.)
A. Windows
B. AWS
C. Android
D. Cisco lOS
E. OSX
F. ChromeOS
Answer: ACE
QUESTION 280
Which feature requires the network discovery policy for it to work on the Cisco Next Generate
fusion Prevent-on System?
A. impact flags
B. URL filtering
C. security intelligence
D. health monitoring
Answer: A
QUESTION 281
Which CLI command is used to register a Cisco FirePOWER sensor to Firepower Management
Center?
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 128
http://www.braindump2go.com
Answer: D
Explanation:
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-
configure-firesight-00.html
QUESTION 282
Which CLI command is used to generate firewall debug messages on a Cisco FirePOWER
sensor?
Answer: C
QUESTION 283
When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for
analysis?
A. Spero analysis
B. dynamic analysis
C. sandbox analysis
D. malware analysis
Answer: B
QUESTION 284
With Cisco FirePOWER Threat Defense software, which interface mode do you configure to
passively receive traffic that passes the appliance?
A. transparent
B. routed
C. passive
D. inline set
E. inline tap
Answer: C
QUESTION 285
Which three routing options are valid with Cisco FirePOWER version 5.4? (Choose three.)
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 129
http://www.braindump2go.com
Answer: DEF
QUESTION 286
Which three statements about Cisco CWS are true'? (Choose three)
Answer: ABC
QUESTION 287
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to
keep data within a network perimeter?
Answer: C
QUESTION 288
Which type of policy do you configure if you want to look for a combination of events using
Boolean logic?
A. correlation
B. application detector
C. traffic profile
D. access control
E. intrusion
Answer: A
QUESTION 289
Which interface type allows packets to be dropped?
A. passive
B. inline
C. TAP
D. either passive or inline, provided that the intrusion policy has the Drop When lnline check box
selected.
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 130
http://www.braindump2go.com
QUESTION 290
Which Cisco Firepower rule action displays a HTTP warning page and resets the connection of
HTTP traffic specified in the access control rule ?
Answer: C
QUESTION 291
With Cisco AMP for Endpoints on Windows, which three engines are available in the connector?
(Choose three)
A. Ethos
B. Tetra
C. Annas
D. Spero
E. Talos
F. ClamAV
Answer: ABD
QUESTION 292
Refer to the exhibit. Which option is a result of this configuration?
A. All ingress traffic on the inside interface that matches the access list is redirected.
B. All egress traffic on the outside interface that matches the access list is redirected.
C. All TCP traffic that arrives on the inside interface is redirected.
D. All ingress and egress traffic is redirected to the Cisco FirePOWER module.
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 131
http://www.braindump2go.com
QUESTION 293
What are two requirements for configuring a hybrid interface in FirePOWER? (Choose two)
A. virtual network
B. virtual router
C. virtual appliance
D. virtual switch
E. virtual context
Answer: AD
QUESTION 294
Which type of policy is used to define the scope for applications that are running on hosts?
Answer: B
QUESTION 295
When you configure the Cisco ESA to perform blacklisting, what are two items you can disable to
enhance performance? (Choose two.)
A. rootkit detection
B. spam scanning
C. APT detection
D. antivirus scanning
E. URL filtering
Answer: BD
QUESTION 296
Which protocols can be specified in a Snort rule header for analysis?
Answer: D
Get Latest & Actual 300-210 Exam's Question and Answers from Braindump2go. 132
http://www.braindump2go.com