[Free] 2017(Jan) Ensurepass Examcollection Cisco 300-207 Real Test 41-50

Ensurepass

Implementing Cisco Threat Control Solutions (SITCS)

 

QUESTION 41

With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic?

 

A.

protocol

B.

rate

C.

bandwidth

D.

limit

 

Correct Answer: B

 

 

QUESTION 42

Which two benefits are provided by the dynamic
dashboard in Cisco ASDM Version 5.2? (Choose two.)

 

A.

It configures system polices for NAC devices.

B.

It forwards traffic to destination devices.

C.

It provides statistics for device health.

D.

It replaces syslog, RADIUS, and TACACS+ servers.

E.

It automatically detects Cisco security appliances to configure.

 

Correct Answer: CE

 

 

QUESTION 43

Which Cisco monitoring solution displays information and important statistics for the security devices in a network?

 

A.

Cisco Prime LAN Management

B.

Cisco ASDM Version 5.2

C.

Cisco Threat Defense Solution

D.

Syslog Server

E.

TACACS+

 

Correct Answer: B

 

 

QUESTION 44

Which three search parameters are supported by the Email Security Monitor? (Choose three.)

 

A.

Destination domain

B.

Network owner

C.

MAC address

D.

Policy requirements

E.

Internal sender IP address

F.

Originating domain

 

Correct Answer: ABE

 

 

QUESTION 45

Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?

 

A.

the IntelliShield Threat Outbreak Alert

B.

IntelliShield Alert Manager vulnerability alerts

C.

the IntelliShield Alert Manager historical database

D.

the IntelliShield Alert Manager web portal

E.

the IntelliShield Alert Manager back-end intelligence engine

 

Correct Answer: A

 

 

QUESTION 46

A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.)

 

A.

Anomaly detection operational mode

B.

Inline TCP session tracking mode

C.

Normalizer mode

D.

Load-balancing mode

E.

Inline and Promiscuous mixed mode

F.

Fail-open and fail-close mode

 

Correct Answer: ABC

 

 

QUESTION 47

What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

 

A.

Inline; fail open

B.

Inline; fail closed

C.

Promiscuous; fail open

D.

Promiscuous; fail closed

 

Correct Answer: B

 

 

QUESTION 48

Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.)

 

A.

Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).

B.

Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).

C.

Implement redundant IPS and make data paths symme
trical.

D.

Implement redundant IPS and make data paths asymmetrical.

E.

Use NIPS only for small implementations.

 

Correct Answer: AC

 

 

QUESTION 49

Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

 

A.

sensor# configure terminal

sensor(config)# service sensor

sensor(config-hos)# network-settings

sensor(config-hos-net)# ftp-timeout 500

B.

sensor# configure terminal

sensor(config)# service host

sensor(config-hos)# network-settings parameter ftp

sensor(config-hos-net)# ftp-timeout 500

C.

sensor# configure terminal

sensor(config)# service host

sensor(config-hos)# network-settings

sensor(config-hos-net)# ftp-timeout 500

D.

sensor# configure terminal

sensor(config)# service network

sensor(config-hos)# network-settings

sensor(config-hos-net)# ftp-timeout 500

Correct Answer: C

 

 

QUESTION 50

What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)

 

A.

SPAN does not introduce latency to network traffic.

B.

SPAN can perform granular scanning on captures of per-IP-address or per-port monitoring.

C.

Promiscuous Mode can silently block traffic flows on the IDS.

D.

SPAN can analyze network traffic from multiple points.

 

Correct Answer: AD

 

Free VCE & PDF File for Cisco 300-207 Real Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

This entry was posted in 300-207 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.