Cisco 300-207 Exam Dumps 2021

NEW QUESTION 1
Which three categories of the seven major risk management categories are covered in the Cyber Risk Reports? (Choose three.)

• A. vulnerability
• B. risk rating
• C. legal
• D. confidence level
• E. geopolitical
• F. global reputation

Answer: ACE

NEW QUESTION 2
Which command can change the HTTPS SSL method on the Cisco ESA?

• A. sslconfig
• B. strictssl
• C. sshconfig
• D. adminaccessconfig

Answer: A

NEW QUESTION 3
CORRECT TEXT

Answer:

Explanation: First, enable the Gig 0/0 and Gig 0/1 interfaces:

Second, create the pair under the “interface pairs” taB.

Then, apply the HIGHRISK action rule to the newly created interface pair:

Then apply the same for the MEDIUMRISK traffic (deny attacker inline)

Finally. Log the packets for the LOWRICK event:

When done it should look like this:

NEW QUESTION 4
Which option is a benefit of Cisco Email Security virtual appliance over the Cisco ESA appliance?

• A. reduced space and power requirements
• B. outbound message protection
• C. automated administration
• D. global threat intelligence updates from Talos

Answer: A

NEW QUESTION 5
What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?

• A. sslconfig
• B. sslciphers
• C. tlsconifg
• D. certconfig

Answer: A

NEW QUESTION 6
Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps should Joe implement to accomplish this goal? (Choose four.)

• A. Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI.
• B. Add the Cisco Web Security Appliance IP address to the local access list.
• C. Enable HTTPS access via the GUI/CLI with redirection from HTTP.
• D. Replace the Cisco self-signed certificate with a publicly signed certificate.
• E. Put the Cisco WSA Management interface on a private management VLAN.
• F. Change the netmask on the Cisco WSA Management interface to a 32-bit mask.
• G. Create an MX record for the Cisco Web Security Appliance in DNS.

Answer: ACDE

NEW QUESTION 7
Which command is used to enable strong ciphers on the Cisco Web Security Appliance?

• A. interfaceconfig
• B. strictssl
• C. etherconfig
• D. adminaccessconfig

Answer: B

NEW QUESTION 8
Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe that each time an alert fired, requests on the IP address exceeded
replies by the same number. Which configuration could cause this behavior?

• A. The reply-ratio parameter is enabled.
• B. MAC flip is enabled.
• C. The inspection condition is disabled.
• D. The IPS is misconfigured.

Answer: A

NEW QUESTION 9
Which two options are known limitations in deploying an IPS sensor in promiscuous mode versus inline mode? (Choose two).

• A. It is less effective in stopping email viruses and automated attackers such as worms.
• B. It requires less of an operational response because the attacks are blocked automatically without operational team support.
• C. Sensors in this deployment cannot stop the trigger packet and are not guaranteed to stop a connection.
• D. A sensor failure affects network functionality.
• E. It does not see the same traffic.

Answer: AC

NEW QUESTION 10
Which interface on the Cisco Email Security Appliance has HTTP and SSH enabled by default?

• A. data 1
• B. data 2
• C. management 1
• D. all interfaces

Answer: A

NEW QUESTION 11
Which configuration option causes an ASA with IPS module to drop traffic matching IPS signatures and to block all traffic if the module fails?

• A. Inline Mode, Permit Traffic
• B. Inline Mode, Close Traffic
• C. Promiscuous Mode, Permit Traffic
• D. Promiscuous Mode, Close Traffic

Answer: B

NEW QUESTION 12
Which Cisco WSA is intended for deployment in organizations of more than 6000 users?

• A. WSA S370
• B. WSA S670
• C. WSA S370-2RU
• D. WSA S170

Answer: B

NEW QUESTION 13
Refer to the exhibit.



What is the status of OS Identification?

• A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
• B. OS mapping information will not be used for Risk Rating calculations.
• C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
• D. It is enabled for passive OS fingerprinting for all networks.

Answer: D

Explanation: Understanding Passive OS Fingerprinting
Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type.
The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert.
Passive OS fingerprinting consists of three components:
•Passive OS learning
Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
•User-configurable OS identification
You can configure OS host mappings, which take precedence over learned OS mappings.
•Computation of attack relevance rating and risk rating.

NEW QUESTION 14
Which Cisco ESA command is used to edit the ciphers that are used for GUI access?

• A. interfaceconfig
• B. etherconfig
• C. certconfig
• D. sslconfig

Answer: D

NEW QUESTION 15
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.




Between the Cisco ASA configuration and the Cisco WSA configuration, what is true with respect to redirected ports?

• A. Both are configured for port 80 only.
• B. Both are configured for port 443 only.
• C. Both are configured for both port 80 and 443.
• D. Both are configured for ports 80, 443 and 3128.
• E. There is a configuration mismatch on redirected ports.

Answer: C

Explanation: This can be seen from the WSA Network tab shown below:

NEW QUESTION 16
What are the two policy types that can use a web reputation profile to perform reputation- based processing? (Choose two.)

• A. profile policies
• B. encryption policies
• C. decryption policies
• D. access policies

Answer: CD

NEW QUESTION 17
Which Cisco WSA is intended for deployment in organizations of up to 1500 users?

• A. WSA S370
• B. WSA S670
• C. WSA S370-2RU
• D. WSA S170

Answer: D

NEW QUESTION 18
Which IPS engine detects ARP spoofing?

• A. Atomic ARP Engine
• B. Service Generic Engine
• C. ARP Inspection Engine
• D. AIC Engine

Answer: A

NEW QUESTION 19
What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.)

• A. Alert Summary as Text
• B. Complete Alert as an HTML Attachment
• C. Complete Alert as HTML
• D. Complete Alert as RSS
• E. Alert Summary as Plain Text
• F. Alert Summary as MMS

Answer: ABC