Exact 300-207 Dumps 2021

NEW QUESTION 1
Cisco AVC allows control of which three of the following? (Choose three.)

• A. Facebook
• B. LWAPP
• C. IPv6
• D. MySpace
• E. Twitter
• F. WCCP

Answer: ADE

NEW QUESTION 2
r01(config)#ip wccp web-cache redirect-list 80 password local
Refer to the above. What can be determined from this router configuration command for Cisco
WSA?

• A. Traffic using TCP port 80 is redirected to the Cisco WSA.
• B. The default “cisco” password is configured on the Cisco WSA.
• C. Traffic denied in prefix-list 80 is redirected to the Cisco WSA.
• D. Traffic permitted in access-list 80 is redirected to the Cisco WSA.

Answer: D

NEW QUESTION 3
What are two features of the Cisco ASA NGFW? (Choose two.)

• A. It can restrict access based on qualitative analysis.
• B. It can restrict access based on reputation.
• C. It can reactively protect against Internet threats.
• D. It can proactively protect against Internet threats.

Answer: BD

NEW QUESTION 4
Refer to the exhibit.


























What is the maximum message size that the Cisco Email Security Appliance will accept from the violet.public domain?

• A. 1 KB
• B. 100 KB
• C. 1 MB
• D. 10 MB
• E. 100 MB
• F. Unlimited

Answer: D

Explanation: From the instructions we know that the reputation score for the violet.public domain has been set to 8. From the HAT table shown below we know that a score of 8 belongs to the UNKNOWNLIST group, which is assigned the ACCEPTED policy.

Capture
By clicking on the ACCEPTED policy we see that max message size has been set to the default value of 10M:

Capture

NEW QUESTION 5
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration?

• A. Inline Mode, Permit Traffic
• B. Inline Mode, Close Traffic
• C. Promiscuous Mode, Permit Traffic
• D. Promiscuous Mode, Close Traffic

Answer: B

NEW QUESTION 6
Which Cisco technology is a modular security service that combines a stateful inspection firewall with next-generation application awareness, providing near real-time threat protection?

• A. Cisco ASA 5500 series appliances
• B. Cisco ASA CX Context-Aware Security
• C. WSA
• D. Internet Edge Firewall / IPS

Answer: B

NEW QUESTION 7
Which option represents the cisco event aggregation product?

• A. CVSS system
• B. IntelliShield
• C. ASA CX Event Viewer
• D. ASDM 7

Answer: C

NEW QUESTION 8
Which two statements regarding the basic setup of the Cisco CX for services are correct? (Choose two.)

• A. The Packet capture feature is available for either permitted or dropped packets by default.
• B. Public Certificates can be used for HTTPS Decryption policies.
• C. Public Certificates cannot be used for HTTPS Decryption policies.
• D. When adding a standard LDAP realm, the group attribute will be UniqueMember.
• E. The Packet capture features is available for permitted packets by default.

Answer: CE

NEW QUESTION 9
What can Cisco Prime Security Manager (PRSM) be used to achieve?

• A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies
• B. Configure Cisco ASA connection limits
• C. Configure TCP state bypass in Cisco ASA and IOS
• D. Configure Cisco IPS signature and monitor signature alerts
• E. Cisco Cloud Security on Cisco ASA

Answer: A

NEW QUESTION 10
Which three statements about Cisco ASA CX are true? (Choose three.)

• A. It groups multiple ASAs as a single logical device.
• B. It can perform context-aware inspection.
• C. It provides high-density security services with high availability.
• D. It uses policy-based interface controls to inspect and forward TCP- and UDP-based packets.
• E. It can make context-aware decisions.
• F. It uses four cooperative architectural constructs to build the firewall.

Answer: BEF

NEW QUESTION 11
You have configured a VLAN pair that is connected to a switch that is unable to pass traffic. If the IPS is configured correctly, which additional configuration must you perform to enable
the switch to pass traffic?

• A. Configure access ports on the switch.
• B. Configure the trunk port on the switch.
• C. Enable IP routing on the switch.
• D. Enable ARP inspection on the switch.

Answer: A

NEW QUESTION 12
Refer to the exhibit.



Which two statements about Signature 1104 are true? (Choose two.)

• A. This is a custom signature.
• B. The severity level is High.
• C. This signature has triggered as indicated by the red severity icon.
• D. Produce Alert is the only action defined.
• E. This signature is enabled, but inactive, as indicated bythe/0 to that follows the signature number.

Answer: BD

Explanation: This can be seen here where signature 1004 is the 5th one down:

NEW QUESTION 13
Refer to the exhibit.

What Cisco ESA CLI command generated the output?

• A. smtproutes
• B. tophosts
• C. hoststatus
• D. workqueuestatus

Answer: B

NEW QUESTION 14
A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.)

• A. Anomaly detection operational mode
• B. Inline TCP session tracking mode
• C. Normalizer mode
• D. Load-balancing mode
• E. Inline and Promiscuous mixed mode
• F. Fail-open and fail-close mode

Answer: ABC

NEW QUESTION 15
What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

• A. Inline; fail open
• B. Inline; fail closed
• C. Promiscuous; fail open
• D. Promiscuous; fail closed

Answer: B

NEW QUESTION 16
Which three zones are used for anomaly detection? (Choose three.)

• A. Internal zone
• B. External zone
• C. Illegal zone
• D. Inside zone
• E. Outside zone
• F. DMZ zone

Answer: ABC

NEW QUESTION 17
In addition to the CLI, what is another option to manage a Cisco IPS?

• A. SDEE
• B. Cisco SDM
• C. Cisco IDM
• D. Cisco ISE

Answer: C

NEW QUESTION 18
Who or what calculates the signature fidelity rating?

• A. the signature author
• B. Cisco Professional Services
• C. the administrator
• D. the security policy

Answer: A

NEW QUESTION 19
Which five system management protocols are supported by the Intrusion Prevention System? (Choose five.)

• A. SNMPv2c
• B. SNMPv1
• C. SNMPv2
• D. SNMPv3
• E. syslog
• F. SDEE
• G. SMTP

Answer: ABCFG