web analytics

100% Pass Ensure 300-207 Dumps with Free VCE and PDF (Question 56 – Question 65)

New 300-207 exam questions from PassLeader 300-207 dumps! Welcome to download the newest PassLeader 300-207 VCE and PDF dumps: http://www.passleader.com/300-207.html (251 Q&As)

P.S. Free 300-207 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkU1Q3dsMlRzZVdzdjBOMTJYaWw4NzYxSk1sdm8yNTNsUzl3RGx2dllxOTg

QUESTION 56
Which Cisco technology is a customizable web-based alerting service designed to report threats and vulnerabilities?

A.    Cisco Security Intelligence Operations
B.    Cisco Security IntelliShield Alert Manager Service
C.    Cisco Security Optimization Service
D.    Cisco Software Application Support Service

Answer: B

QUESTION 57
Hotspot Questions
passleader-300-207-dumps-571
passleader-300-207-dumps-572
passleader-300-207-dumps-573
Which signature definition is virtual sensor 0 assigned to use?

A.    rules0
B.    vs0
C.    sig0
D.    ad0
E.    ad1
F.    sigl

Answer: C
Explanation:
This is the default signature. You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0, and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.

QUESTION 58
Hotspot Questions
passleader-300-207-dumps-581
passleader-300-207-dumps-582
passleader-300-207-dumps-583
What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?

A.    Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.
B.    Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
C.    It will not adjust risk rating values based on the known bad hosts list.
D.    Reputation filtering is disabled.

Answer: D

QUESTION 59
Hotspot Questions
passleader-300-207-dumps-591
passleader-300-207-dumps-592
passleader-300-207-dumps-593
To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?

A.    It will not contribute to the SensorBase network.
B.    It will contribute to the SensorBase network, but will withhold some sensitive information.
C.    It will contribute the victim IP address and port to the SensorBase network.
D.    It will not contribute to Risk Rating adjustments that use information from the SensorBase network.

Answer: B

QUESTION 60
Hotspot Questions
passleader-300-207-dumps-601
passleader-300-207-dumps-602
passleader-300-207-dumps-603
Which two statements about Signature 1104 are true? (Choose two.)

A.    This is a custom signature.
B.    The severity level is High.
C.    This signature has triggered as indicated by the red severity icon.
D.    Produce Alert is the only action defined.
E.    This signature is enabled, but inactive, as indicated bythe/0 to that follows the signature number.

Answer: BD

QUESTION 61
Hotspot Questions
passleader-300-207-dumps-611
passleader-300-207-dumps-612
passleader-300-207-dumps-613
Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)

A.    The maximum number of denied attackers is set to 10000.
B.    The block action duraton is set to 3600 seconds.
C.    The Meta Event Generator is globally enabled.
D.    Events Summarization is globally disabled.
E.    Threat Rating Adjustment is globally disabled.

Answer: ABC

QUESTION 62
Hotspot Questions
passleader-300-207-dumps-621
passleader-300-207-dumps-622
passleader-300-207-dumps-623
What is the status of OS Identification?

A.    It is only enabled to identify “Cisco IOS” OS using statically mapped OS fingerprinting.
B.    OS mapping information will not be used for Risk Rating calculations.
C.    It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D.    It is enabled for passive OS fingerprinting for all networks.

Answer: D
Explanation:
Understanding Passive OS Fingerprinting Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type. The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert. Passive OS fingerprinting consists of three components:
Passive OS learning occurs as the sensor observes traffic on the network.
Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
User-configurable OS identification You can configure OS host mappings, which take precedence over learned OS mappings.
Computation of attack relevance rating and risk rating.

QUESTION 63
Lab Simulation
passleader-300-207-dumps-631
passleader-300-207-dumps-632

Answer:
Steps are in Explanation below:
First, enable the Gig 0/0 and Gig 0/1 interfaces:
Second, create the pair under the “interface pairs” tab:
passleader-300-207-dumps-633
Then, apply the HIGHRISK action rule to the newly created interface pair:
passleader-300-207-dumps-634
Then apply the same for the MEDIUMRISK traffic (deny attacker inline)
passleader-300-207-dumps-635
Finally. Log the packets for the LOWRICK event:
passleader-300-207-dumps-636
When done it should look like this:
passleader-300-207-dumps-637
passleader-300-207-dumps-638

QUESTION 64
During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?

A.    cxsc fail
B.    cxsc fail-close
C.    cxsc fail-open
D.    cxssp fail-close

Answer: B

QUESTION 65
A network engineer may use which three types of certificates when implementing HTTPS decryption services on the ASA CX? (Choose three.)

A.    Self Signed Server Certificate
B.    Self Signed Root Certificate
C.    Microsoft CA Server Certificate
D.    Microsoft CA Subordinate Root Certificate
E.    LDAP CA Server Certificate
F.    LDAP CA Root Certificate
G.    Public Certificate Authority Server Certificate
H.    Public Certificate Authority Root Certificate

Answer: BDF


New 300-207 exam questions from PassLeader 300-207 dumps! Welcome to download the newest PassLeader 300-207 VCE and PDF dumps: http://www.passleader.com/300-207.html (251 Q&As)

P.S. Free 300-207 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkU1Q3dsMlRzZVdzdjBOMTJYaWw4NzYxSk1sdm8yNTNsUzl3RGx2dllxOTg