Q1. During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map? 

A. cxsc fail 

B. cxsc fail-close 

C. cxsc fail-open 

D. cxssp fail-close 

View Answer

Q2. Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.) 

A. It integrates with Cisco Integrated Service Routers. 

B. It supports threat avoidance and threat remediation. 

C. It extends web security to the desktop, laptop, and PDA. 

D. It integrates with Cisco.ASA Firewalls. 

View Answer

Q3. Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance? 

A. http://192.168.42.42:8080 

B. http://192.168.42.42:80 

C. https://192.168.42.42:443 

D. https://192.168.42.42:8443 

View Answer

Q4. Which centralized reporting function of the Cisco Content Security Management Appliance 

aggregates data from multiple Cisco ESA devices? 

A. message tracking 

B. web tracking 

C. system tracking 

D. logging 

View Answer

Q5. Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.) 

A. Rejected Connection Handling 

B. Domain Debug Logs 

C. Injection Debug Logs 

D. Message Tracking 

View Answer

Q6. What can Cisco Prime Security Manager (PRSM) be used to achieve? 

A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies 

B. Configure Cisco ASA connection limits 

C. Configure TCP state bypass in Cisco ASA and IOS 

D. Configure Cisco IPS signature and monitor signature alerts 

E. Cisco Cloud Security on Cisco ASA 

View Answer

Q7. What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network? 

A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts. 

B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions. 

C. It will not adjust risk rating values based on the known bad hosts list. 

D. Reputation filtering is disabled. 

View Answer

Q8. Which command disables SSH access for administrators on the Cisco ESA? 

A. interfaceconfig 

B. sshconfig 

C. sslconfig 

D. systemsetup 

View Answer

Q9. Which three features does Cisco CX provide? (Choose three.) 

A. HTTPS traffic decryption and inspection 

B. Application Visibility and Control 

C. Category or reputation-based URL filtering 

D. Email virus scanning 

E. Application optimization and acceleration 

F. VPN authentication 

View Answer

Q10. What is the access-list command on a Cisco IPS appliance used for? 

A. to permanently filter traffic coming to the Cisco.IPS.appliance via the sensing port 

B. to filter for traffic when the Cisco.IPS.appliance is in the inline mode 

C. to restrict management access to the sensor 

D. to create a filter that can be applied on the interface that is under attack 

View Answer