Q1. How does a user access a Cisco Web Security Appliance for initial setup? 

A. Connect the console cable and use the terminal at 9600 baud to run the setup wizard. 

B. Connect the console cable and use the terminal at 115200 baud to run the setup wizard. 

C. Open the web browser at 192.168.42.42:8443 for the setup wizard over https. 

D. Open the web browser at 192.168.42.42:443 for the setup wizard over https. 

View Answer

Q2. Which IPS engine detects ARP spoofing? 

A. Atomic ARP Engine 

B. Service Generic Engine 

C. ARP Inspection Engine 

D. AIC Engine 

View Answer

Q3. Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.) 

A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces). 

B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces). 

C. Implement redundant IPS and make data paths symmetrical. 

D. Implement redundant IPS and make data paths asymmetrical. 

E. Use NIPS only for small implementations. 

View Answer

Q4. Which three options are valid event actions for a Cisco IPS? (Choose three.) 

A. deny-packet-inline 

B. deny-attack-reset 

C. produce-verbose-alert 

D. log-attacker-packets 

E. deny-packet-internal 

F. request-block-drop-connection 

View Answer

Q5. What is the default IP range of the external zone? 

A. 0.0.0.0 0.0.0.0 

B. 0.0.0.0 - 255.255.255.255 

C. 0.0.0.0/8 

D. The network of the management interface 

View Answer

Q6. What Event Action in an IPS signature is used to stop an attacker from communicating with a network using an access-list? 

A. Request Block Host 

B. Deny Attacker Inline 

C. Deny Connection Inline 

D. Deny Packet Inline 

E. Request Block Connection 

View Answer

Q7. An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration? 

A. Inline Mode, Permit Traffic 

B. Inline Mode, Close Traffic 

C. Promiscuous Mode, Permit Traffic 

D. Promiscuous Mode, Close Traffic 

View Answer

Q8. Refer to the exhibit. 

The system administrator of mydomain.com was informed that one of the users in his environment received spam from an Internet sender. Message tracking shows that the emails for this user were not scanned by antispam. Why did the Cisco Email Security gateway fail to do a spam scan on emails for user@mydomain.com? 

A. The remote MTA activated the SUSPECTLIST sender group. 

B. The Cisco Email Security gateway created duplicates of the message. 

C. The user user@mydomain.com matched an inbound rule with antispam disabled. 

D. The user bob@mydomain.com matched an inbound rule with antispam disabled. 

View Answer

Q9. Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email? 

A. SBA 

B. secure mobile access 

C. IPv6 DMZ web service 

D. ESA 

View Answer

Q10. Which two statements about devices within a Cisco ESA cluster are true? (Choose two.) 

A. Clustered systems must consist of devices in the same hardware series. 

B. Clustered devices can communicate via either SSH or Cluster Communication Service. 

C. Clustered devices can communicate only with Cluster Communication Service. 

D. In-the-cloud devices must be in a separate cluster from on-premise devices. 

E. Clustered devices can run different versions of AsyncOS. 

View Answer