Download 300-207 Exam Questions and Answers 2021

NEW QUESTION 1
Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.)

• A. Rejected Connection Handling
• B. Domain Debug Logs
• C. Injection Debug Logs
• D. Message Tracking

Answer: AD

NEW QUESTION 2
Which three user roles are partially defined by default in Prime Security Manager? (Choose three.)

• A. networkoperator
• B. admin
• C. helpdesk
• D. securityoperator
• E. monitoringadmin
• F. systemadmin

Answer: BCF

NEW QUESTION 3
Which Cisco Web Security Appliance deployment mode requires minimal change to endpoint devices?

• A. Transparent Mode
• B. Explicit Forward Mode
• C. Promiscuous Mode
• D. Inline Mode

Answer: A

NEW QUESTION 4
What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance's administrative interface?

• A. adminaccessconfig
• B. sshconfig
• C. sslconfig
• D. ipaccessconfig

Answer: A

NEW QUESTION 5
Which information does the show scansafe statistics command provide?

• A. ESA message tracking
• B. PRSM events
• C. AV statistics
• D. Cisco CWS activity

Answer: D

NEW QUESTION 6
Refer to the exhibit.



To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?

• A. It will not contribute to the SensorBase network.
• B. It will contribute to the SensorBase network, but will withhold some sensitive information
• C. It will contribute the victim IP address and port to the SensorBase network.
• D. It will not contribute to Risk Rating adjustments that use information from the SensorBase network.

Answer: B

Explanation: To configure network participation, follow these steps:
Step 1: Log in to IDM using an account with administrator privileges.
Step 2: Choose Configuration > Policies > Global Correlation > Network Participation. Step 3: To turn on network participation, click the Partial or Full radio button:
•Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.
•Full—All data is contributed to the SensorBase Network
In this case, we can see that this has been turned off as shown below:

NEW QUESTION 7
Refer to the exhibit.

The security engineer has configured cisco cloud web security redirection on a Cisco ASA firewall. Which statement describes what can be determined from exhibit?

• A. In case of issues, the next step should be to perform debugging on the cisco ASA.
• B. The URL visited by the user was LAB://testgroup.
• C. This out has been obtained by browsing to whoami.scansafe.net
• D. The IP address of the Scansafe tower is 209.165.200.241

Answer: C

NEW QUESTION 8
What are three features of the Cisco Security Intellishield Alert Manager Service? (Choose three.)

• A. validation of alerts by security analysts
• B. custom notifications
• C. complete threat and vulnerability remediation
• D. vendor-specific threat analysis
• E. workflow-management tools
• F. real-time threat and vulnerability mitigation

Answer: ABE

NEW QUESTION 9
What can you use to access the Cisco IPS secure command and control channel to make configuration changes?

• A. SDEE
• B. the management interface
• C. an HTTP server
• D. Telnet

Answer: B

NEW QUESTION 10
Refer to the exhibit.



What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?

• A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.
• B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
• C. It will not adjust risk rating values based on the known bad hosts list.
• D. Reputation filtering is disabled.

Answer: D

Explanation: This can be seen on the Globabl Correlation – Inspection/Reputation tab show below:

NEW QUESTION 11
Which Cisco ESA predefined sender group uses parameter-matching to reject senders?

• A. BLACKLIST
• B. WHITELIST
• C. SUSPECTLIST
• D. UNKNOWNLIST

Answer: A

NEW QUESTION 12
Which three statements about Cisco CWS are true? (Choose three.)

• A. It provides protection against zero-day threats.
• B. Cisco SIO provides it with threat updates in near real time.
• C. It supports granular application policies.
• D. Its Roaming User Protection feature protects the VPN from malware and data breaches.
• E. It supports local content caching.
• F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats outside the network.

Answer: ABC

NEW QUESTION 13
What is the default IP range of the external zone?

• A. 0.0.0.0 0.0.0.0
• B. 0.0.0.0 - 255.255.255.255
• C. 0.0.0.0/8
• D. The network of the management interface

Answer: B

NEW QUESTION 14
Which two statements about Cisco ESA clusters are true? (Choose two.)

• A. A cluster must contain exactly one group.
• B. A cluster can contain multiple groups.
• C. Clusters are implemented in a client/server relationship.
• D. The cluster configuration must be managed by the cluster administrator.
• E. The cluster configuration can be created and managed through either the GUI or the CLI.

Answer: BE

NEW QUESTION 15
An engineer manages a Cisco Intrusion Prevention System via IME. A new user must be able to tune signatures, but must not be able to create new users. Which role for the new user is correct?

• A. service
• B. operator
• C. administrator

Answer: C

Explanation: http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/command/reference/cmdref/crIntro.html

NEW QUESTION 16
Which option is a benefit of deploying Cisco Application Visibility and Control?

• A. It ensures bandwidth availability and performance of mission-critical applications in a data- and media-rich environment.
• B. It performs deep packet inspection of mission-critical applications in a data- and media- rich environment.
• C. It encrypts mission-critical applications in a data- and media-rich environment.
• D. It securely tunnels mission-critical applications in a data- and media-rich environment.

Answer: A

NEW QUESTION 17
Which Cisco IPS CLI command shows the most fired signature?

• A. show statistics virtual-sensor
• B. show event alert
• C. show alert
• D. show version

Answer: A

NEW QUESTION 18
Which three features does Cisco CX provide? (Choose three.)

• A. HTTPS traffic decryption and inspection
• B. Application Visibility and Control
• C. Category or reputation-based URL filtering
• D. Email virus scanning
• E. Application optimization and acceleration
• F. VPN authentication

Answer: ABC

NEW QUESTION 19
A system administrator wants to know if the email traffic from a remote partner will activate special treatment message filters that are created just for them. Which tool on the Cisco Email Security gateway can you use to debug or emulate the flow that a message takes through the work queue?

• A. the message tracker interface
• B. centralized or local message tracking
• C. the CLI findevent command
• D. the trace tool
• E. the CLI grep command

Answer: D