♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 300-207 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-207 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/300-207-exam-dumps.html

Q21. Which Cisco WSA is intended for deployment in organizations of more than 6000 users? 

A. WSA S370 

B. WSA S670 

C. WSA S370-2RU 

D. WSA S170 

Answer:


Q22. Which three statements about threat ratings are true? (Choose three.) 

A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating. 

B. The largest threat rating from all actioned events is added to the risk rating. 

C. The smallest threat rating from all actioned events is subtracted from the risk rating. 

D. The alert rating for deny-attacker-inline is 45. 

E. Unmitigated events do not cause a threat rating modification. 

F. The threat rating for deny-attacker-inline is 50. 

Answer: A,D,E 


Q23. Which three sender reputation ranges identify the default behavior of the Cisco Email Security Appliance? (Choose three.) 

A. If it is between -1 and +10, the email is accepted 

B. If it is between +1 and +10, the email is accepted 

C. If it is between -3 and -1, the email is accepted and additional emails from the sender are throttled 

D. If it is between -3 and +1, the email is accepted and additional emails from the sender are throttled 

E. If it is between -4 and +1, the email is accepted and additional emails from the sender are throttled 

F. If it is between -10 and -3, the email is blocked 

G. If it is between -10 and -3, the email is sent to the virus and spam engines for additional scanning 

H. If it is between -10 and -4, the email is blocked 

Answer: A,C,F 


Q24. Which two options are features of the Cisco Email Security Appliance? (Choose two.) 

A. Cisco Anti-Replay Services 

B. Cisco Destination Routing 

C. Cisco Registered Envelope Service 

D. Cisco IronPort SenderBase Network 

Answer: C,D 


Q25. Which five system management protocols are supported by the Cisco Intrusion Prevention System? (Choose five.) 

A. SNMPv2c 

B. SNMPv1 

C. SNMPv2 

D. SNMPv3 

E. Syslog 

F. SDEE 

G. SMTP 

Answer: A,B,C,F,G 


Q26. Which type of signature is generated by copying a default signature and modifying its behavior? 

A. meta 

B. custom 

C. atomic 

D. normalized 

Answer:


Q27. If inline-TCP-evasion-protection-mode on a Cisco IPS is set to asymmetric mode, what is a side effect? 

A. Packet flow is normal. 

B. TCP requests are throttled. 

C. Embryonic connections are ignored. 

D. Evasion may become possible. 

Answer:


Q28. Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.) 

A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces). 

B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces). 

C. Implement redundant IPS and make data paths symmetrical. 

D. Implement redundant IPS and make data paths asymmetrical. 

E. Use NIPS only for small implementations. 

Answer: A,C 


Q29. Who or what calculates the signature fidelity rating? 

A. the signature author 

B. Cisco Professional Services 

C. the administrator 

D. the security policy 

Answer:


Q30. In order to set up HTTPS decryption on the Cisco Web Security Appliance, which two steps must be performed? (Choose two.) 

A. Enable and accept the EULA under Security Services > HTTPS Proxy. 

B. Upload a publicly signed server certificate. 

C. Configure or upload a certificate authority certificate. 

D. Enable HTTPS decryption in Web Security Manager > Access Policies. 

Answer: A,C