100% Valid Dumps For Passing 300-207 Exam: PassLeader are offering the updated and guaranteed 300-207 174q exam dumps for your Cisco 300-207 Exam, we ensure the 300-207 174q pdf and vce practice test is the latest, and will help you passing 300-207 exam easily. Visit passleader.com and get the free 300-207 174q exam questions with free VCE Player.
keywords: 300-207 exam,300-207 exam dumps,300-207 174q exam questions,300-207 pdf dumps,300-207 174q practice test,300-207 vce dumps,Implementing Cisco Threat Control Solutions
[NEW] QUESTION 1
What are two features of the Cisco ASA NGFW? (Choose two.)
A. It can restrict access based on qualitative analysis.
B. It can restrict access based on reputation.
C. It can reactively protect against Internet threats.
D. It can proactively protect against Internet threats.
[NEW] QUESTION 2
Which three statements about Cisco CWS are true? (Choose three.)
A. It provides protection against zero-day threats.
B. Cisco SIO provides it with threat updates in near real time.
C. It supports granular application policies.
D. Its Roaming User Protection feature protects the VPN from malware and data breaches.
E. It supports local content caching.
F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats outside the network.
Answer: ABC
[NEW] QUESTION 3
Refer to the exhibit. What are two facts about the interface that you can determine from the given output? (Choose two.)
A. A Cisco Flexible NetFlow monitor is attached to the interface.
B. A quality of service policy is attached to the interface.
C. Cisco Application Visibility and Control limits throughput on the interface.
D. Feature activation array is active on the interface.
Answer: AB
[NEW] QUESTION 4
What are the two policy types that can use a web reputation profile to perform reputation-based processing? (Choose two.)
A. profile policies
B. encryption policies
C. decryption policies
D. access policies
Answer: CD
[NEW] QUESTION 5
Which three pieces of information are required to implement transparent user identification using Context Directory Agent? (Choose three.)
A. the server name of the global catalog domain controller
B. the server name where Context Directory Agent is installed
C. the backup Context Directory Agent
D. the primary Context Directory Agent
E. the shared secret
F. the syslog server IP address
Answer: BDE
[NEW] QUESTION 6
Which method does Cisco recommend for collecting streams of data on a sensor that has been virtualized?
A. VACL capture
B. SPAN
C. the Wireshark utility
D. packet capture
Answer: D
[NEW] QUESTION 7
Which configuration mode enables a virtual sensor to monitor the session state for unidirectional traffic?
A. asymmetric mode
B. symmetric mode
C. loose mode
D. strict mode
Answer: A
[NEW] QUESTION 8
Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe that each time an alert fired, requests on the IP address exceeded replies by the same number. Which configuration could cause this behavior?
A. The reply-ratio parameter is enabled.
B. MAC flip is enabled.
C. The inspection condition is disabled.
D. The IPS is misconfigured.
Answer: A
[NEW] QUESTION 9
Which type of signature is generated by copying a default signature and modifying its behavior?
A. meta
B. custom
C. atomic
D. normalized
Answer: B
[NEW] QUESTION 10
Which two conditions must you configure in an event action override to implement a risk rating of 70 or higher and terminate the connection on the IPS? (Choose two.)
A. Configure the event action override to send a TCP reset.
B. Set the risk rating range to 70 to 100.
C. Configure the event action override to send a block-connection request.
D. Set the risk rating range to 0 to 100.
E. Configure the event action override to send a block-host request.
Answer: AB
[NEW] QUESTION 11
Which two conditions must you configure in an event action rule to match all IPv4 addresses in the victim range and filter on the complete subsignature range? (Choose two.)
A. Disable event action override.
B. Leave the victim address range unspecified.
C. Set the subsignature ID-range to the default.
D. Set the deny action percentage to 100.
E. Set the deny action percentage to 0.
Answer: BC
[NEW] QUESTION 12
If learning accept mode is set to “auto” and the knowledge base is loaded only when explicitly requested on the IPS, which statement about the knowledge base is true?
A. The knowledge base is set to load dynamically.
B. The knowledge base is set to “save only.”
C. The knowledge base is set to “discarded.”
D. The knowledge base is set to load statically.
Answer: B
[NEW] QUESTION 13
In which way are packets handled when the IPS internal zone is set to “disabled”?
A. All packets are dropped to the external zone.
B. All packets are dropped to the internal zone.
C. All packets are ignored in the internal zone.
D. All packets are sent to the default external zone.
Answer: D
[NEW] QUESTION 14
Which three statements about threat ratings are true? (Choose three.)
A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating.
B. The largest threat rating from all actioned events is added to the risk rating.
C. The smallest threat rating from all actioned events is subtracted from the risk rating.
D. The alert rating for deny-attacker-inline is 45.
E. Unmitigated events do not cause a threat rating modification.
F. The threat rating for deny-attacker-inline is 50.
Answer: ADE
[NEW] QUESTION 15
An IPS is configured to fail-closed and you observe that all packets are dropped. What is a possible reason for this behavior?
A. Mainapp is unresponsive.
B. The global correlation update failed.
C. The IPS span session failed.
D. The attack drop file is misconfigured.
Answer: A
[NEW] QUESTION 16
What can you use to access the Cisco IPS secure command and control channel to make configuration changes?
A. SDEE
B. the management interface
C. an HTTP server
D. Telnet
Answer: B
http://www.passleader.com/300-207.html
[NEW] QUESTION 17
Which Cisco technology provides spam filtering and email protection?
A. IPS
B. ESA
C. WSA
D. CX
Answer: B
[NEW] QUESTION 18
You ran the ssh generate-key command on the Cisco IPS and now administrators are unable to connect. Which action can be taken to correct the problem?
A. Replace the old key with a new key on the client.
B. Run the ssh host-key command.
C. Add the administrator IP addresses to the trusted TLS host list on the IPS.
D. Run the ssh authorized-keys command.
Answer: A
[NEW] QUESTION 19
Which command allows the administrator to access the Cisco WSA on a secure channel on port 8443?
A. strictssl
B. adminaccessconfig
C. ssl
D. ssh
Answer: A
[NEW] QUESTION 20
Which command can change the HTTPS SSL method on the Cisco ESA?
A. sslconfig
B. strictssl
C. sshconfig
D. adminaccessconfig
Answer: A
[NEW] QUESTION 21
When you configure the Cisco ESA to perform blacklisting, what are two items you can disable to enhance performance? (Choose two.)
A. spam scanning
B. antivirus scanning
C. APT detection
D. rootkit detection
Answer: AB
[NEW] QUESTION 22
Which Cisco ESA predefined sender group uses parameter-matching to reject senders?
A. BLACKLIST
B. WHITELIST
C. SUSPECTLIST
D. UNKNOWNLIST
Answer: A
[NEW] QUESTION 23
Which command disables SSH access for administrators on the Cisco ESA?
A. interfaceconfig
B. sshconfig
C. sslconfig
D. systemsetup
Answer: A
[NEW] QUESTION 24
When you create a new server profile on the Cisco ESA, which subcommand of the ldapconfig command configures spam quarantine end-user authentication?
A. isqauth
B. isqalias
C. test
D. server
Answer: A
[NEW] QUESTION 25
Which three administrator actions are used to configure IP logging in Cisco IME? (Choose three.)
A. Select a virtual sensor.
B. Enable IP logging.
C. Specify the host IP address.
D. Set the logging duration.
E. Set the number of packets to capture.
F. Set the number of bytes to capture.
Answer: ACD
[NEW] QUESTION 26
Which centralized reporting function of the Cisco Content Security Management Appliance aggregates data from multiple Cisco ESA devices?
A. message tracking
B. web tracking
C. system tracking
D. logging
Answer: A
[NEW] QUESTION 27
What is a value that Cisco ESA can use for tracing mail flow?
A. the FQDN of the source IP address
B. the FQDN of the destination IP address
C. the destination IP address
D. the source IP address
Answer: A
[NEW] QUESTION 28
What are three features of the Cisco Security Intellishield Alert Manager Service? (Choose three.)
A. validation of alerts by security analysts
B. custom notifications
C. complete threat and vulnerability remediation
D. vendor-specific threat analysis
E. workflow-management tools
F. real-time threat and vulnerability mitigation
Answer: ABE
[NEW] QUESTION 29
When you deploy a sensor to send connection termination requests, which additional traffic- monitoring function can you configure the sensor to perform?
A. Monitor traffic as it flows to the sensor.
B. Monitor traffic as it flows through the sensor.
C. Monitor traffic from the Internet only.
D. Monitor traffic from both the Internet and the intranet.
Answer: B
[NEW] QUESTION 30
Which IPS feature allows you to aggregate multiple IPS links over a single port channel?
A. UDLD
B. ECLB
C. LACP
D. PAgP
Answer: B
[NEW] QUESTION 31
Which Cisco IPS deployment mode is best suited for bridged interfaces?
A. inline interface pair mode
B. inline VLAN pair mode
C. inline VLAN group mode
D. inline pair mode
Answer: B
[NEW] QUESTION 32
When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in traffic being dropped? (Choose two.)
A. The signature engine is undergoing the build process.
B. The SDF failed to load.
C. The built-in signatures are unavailable.
D. An ACL is configured.
Answer: AB