★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-207 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/300-207-dumps.html
Breathing of 300-207 test questions materials and preparation labs for Cisco certification for IT learners, Real Success Guaranteed with Updated 300-207 pdf dumps vce Materials. 100% PASS Implementing Cisco Threat Control Solutions (SITCS) exam Today!
2021 Apr 300-207 practice test
Q51. CCORRECT TEXT
Answer: Steps are in Explanation below:
Q52. What is the status of OS Identification?
A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Answer: D
Explanation:
Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating
Q53. Which signature definition is virtual sensor 0 assigned to use?
A. rules0
B. vs0
C. sig0
D. ad0
E. ad1
F. sigl
Answer: C
Explanation:
This is the default signature. You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0, and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.
Q54. A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?
A. drop-exE. if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }
B. drop-exE. if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }
C. drop-exe! if (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe") { drop(); }
D. drop-exe! if (recv-listener == "InboundMail" ) AND ( (attachment-filename == "\\.exe$") OR (attachment-filetype == "exe")) { drop(); }
Answer: A
Q55. Which command can change the HTTPS SSL method on the Cisco ESA?
A. sslconfig
B. strictssl
C. sshconfig
D. adminaccessconfig
Answer: A
Updated 300-207 exam question:
Q56. Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.)
A. It configures system polices for NAC devices.
B. It forwards traffic to destination devices.
C. It provides statistics for device health.
D. It replaces syslog, RADIUS, and TACACS+ servers.
E. It automatically detects Cisco security appliances to configure.
Answer: C,E
Q57. The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.
How many Cisco ASAs and how many Cisco WSAs are participating in the WCCP service?
A. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and one Cisco WSA.
B. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and one Cisco WSA.
C. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and two Cisco WSAs.
D. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and two Cisco WSAs.
E. Two Cisco ASAs and one Cisco WSA.
F. Two Cisco ASAs and two Cisco WSAs.
Answer: A
Explanation:
We can see from the output that the number of routers (ASA’s) is 1, so there is a single ASA or an active/ standby pair being used, and 1 Cache Engine. If the ASA’s were in a active/active role it would show up as 2 routers.
Q58. Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?
A. the IntelliShield Threat Outbreak Alert
B. IntelliShield Alert Manager vulnerability alerts
C. the IntelliShield Alert Manager historical database
D. the IntelliShield Alert Manager web portal
E. the IntelliShield Alert Manager back-end intelligence engine
Answer: A
Q59. Which command sets the number of packets to log on a Cisco IPS sensor?
A. ip-log-count number
B. ip-log-packets number
C. ip-log-bytes number
D. ip-log number
Answer: B
Q60. When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in traffic being dropped? (Choose two.)
A. The signature engine is undergoing the build process.
B. The SDF failed to load.
C. The built-in signatures are unavailable.
D. An ACL is configured.
Answer: A,B