300-207 Exam Questions - Online Test
300-207 Premium VCE File
150 Lectures, 20 Hours
Q1. Within Cisco IPS anomaly detection, what is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 - 255.255.255.255
C. 0.0.0.0/8
D. the network of the management interface
Answer: B
Q2. A system administrator wants to know if the email traffic from a remote partner will activate special treatment message filters that are created just for them. Which tool on the Cisco Email Security gateway can you use to debug or emulate the flow that a message takes through the work queue?
A. the message tracker interface
B. centralized or local message tracking
C. the CLI.findevent command
D. the trace tool
E. the CLI.grep command
Answer: D
Q3. Which two statements about Cisco ESA clusters are true? (Choose two.)
A. A cluster must contain exactly one group.
B. A cluster can contain multiple groups.
C. Clusters are implemented in a client/server relationship.
D. The cluster configuration must be managed by the cluster administrator.
E. The cluster configuration can be created and managed through either the GUI or the CLI.
Answer: B,E
Q4. Which two conditions must you configure in an event action rule to match all IPv4 addresses in the victim range and filter on the complete subsignature range? (Choose two.)
A. Disable event action override.
B. Leave the victim address range unspecified.
C. Set the subsignature ID-range to the default.
D. Set the deny action percentage to 100.
E. Set the deny action percentage to 0.
Answer: B,C
Q5. Refer to the exhibit.
What are two facts about the interface that you can determine from the given output? (Choose two.)
A. A Cisco Flexible NetFlow monitor is attached to the interface.
B. A quality of service policy is attached to the interface.
C. Cisco Application Visibility and Control limits throughput on the interface.
D. Feature activation array is active on the interface.
Answer: A,B
Q6. What is the status of OS Identification?
A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Answer: D
Explanation:
Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating
Q7. Which port is used for CLI Secure shell access?
A. Port 23
B. Port 25
C. Port 22
D. Port 443
Answer: C
Q8. Who or what calculates the signature fidelity rating in a Cisco IPS?
A. the signature author
B. Cisco Professional Services
C. the administrator
D. the security policy
Answer: A
Q9. What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)
A. SPAN does not introduce latency to network traffic.
B. SPAN can perform granular scanning on captures of per-IP-address or per-port monitoring.
C. Promiscuous Mode can silently block traffic flows on the IDS.
D. SPAN can analyze network traffic from multiple points.
Answer: A,D
Q10. Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?
A. sensor# configure terminal
sensor(config)# service sensor
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
B. sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings parameter ftp
sensor(config-hos-net)# ftp-timeout 500
C. sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
D. sensor# configure terminal
sensor(config)# service network
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
Answer: C
- [2021-New] Cisco 300-075 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 300-320 Dumps With Update Exam Questions (141-150)
- [2021-New] Cisco 640-916 Dumps With Update Exam Questions (1-10)
- [2021-New] Cisco 200-310 Dumps With Update Exam Questions (21-30)
- [2021-New] Cisco 300-320 Dumps With Update Exam Questions (101-110)
- [2021-New] Cisco 300-320 Dumps With Update Exam Questions (111-120)
- Cisco 210-065 Dumps Questions 2021
- [2021-New] Cisco 200-105 Dumps With Update Exam Questions (21-30)
- [2021-New] Cisco 400-251 Dumps With Update Exam Questions (51-60)
- [2021-New] Cisco 400-251 Dumps With Update Exam Questions (71-80)