2016 October Cisco Official New Released 300-207 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass 300-207 latest updated braindumps including all new added 300-207 exam questions from exam center which guarantees you can 100% success 300-207 exam in your first try!
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-207.html
QUESTION 1
Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance?
A. session 1 ip address
B. session 2 ip address
C. session 1
D. session ips console
E. session cxsc console
Answer: E
QUESTION 2
What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?
A. 192.168.1.1
B. 192.168.1.2
C. 192.168.1.3
D. 192.168.1.4
E. 192.168.1.5
F. 192.168.8.8
Answer: F
QUESTION 3
An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration?
A. Inline Mode, Permit Traffic
B. Inline Mode, Close Traffic
C. Promiscuous Mode, Permit Traffic
D. Promiscuous Mode, Close Traffic
Answer: B
QUESTION 4
A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?
A. Show statistics virtual-sensor
B. Show event alert
C. Show alert
D. Show version
Answer: A
QUESTION 5
What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance’s administrative interface?
A. adminaccessconfig
B. sshconfig
C. sslconfig
D. ipaccessconfig
Answer: A
QUESTION 6
When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or PAT, which type of VPN tunneling should be used to allow the VPN traffic through the stateful firewall?
A. clientless SSL VPN
B. IPsec over TCP
C. Smart Tunnel
D. SSL VPN plug-ins
Answer: B
QUESTION 7
Upon receiving a digital certificate, what are three steps that a Cisco ASA will perform to authenticate the digital certificate? (Choose three.)
A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
B. Identity certificates are exchanged during IPsec negotiations.
C. The identity certificate signature is validated by using the stored root certificate.
D. The signature is validated by using the stored identity certificate.
E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.
Answer: ACE
QUESTION 8
To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have which two Cisco ASA licenses enabled on its security appliance? (Choose two.)
A. Cisco AnyConnect Premium license
B. Cisco AnyConnect Essentials license
C. Cisco AnyConnect Mobile license
D. Host Scan license
E. Advanced Endpoint Assessment license
F. Cisco Security Agent license
Answer: AE
QUESTION 9
After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?
A. IPsec user profile
B. Crypto Map
C. Group Policy
D. IPsec policy
E. IKE policy
Answer: D
QUESTION 10
Who or what calculates the signature fidelity rating?
A. the signature author
B. Cisco Professional Services
C. the administrator
D. the security policy
Answer: A
QUESTION 11
Which three zones are used for anomaly detection? (Choose three.)
A. Internal zone
B. External zone
C. Illegal zone
D. Inside zone
E. Outside zone
F. DMZ zone
Answer: ABC
QUESTION 12
What is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 – 255.255.255.255
C. 0.0.0.0/8
D. The network of the management interface
Answer: B
QUESTION 13
When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?
A. It is created every 24 hours and used for 24 hours.
B. It is created every 24 hours, but the current KB is used.
C. It is created every 1 hour and used for 24 hours.
D. A KB is created only in manual mode.
Answer: A
QUESTION 14
What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?
A. filterconfig
B. filters new
C. messagefilters
D. policyconfig– inbound or outbound– filters
Answer: B
QUESTION 15
A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?
A. drop-exe: if (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”) { drop(); }
B. drop-exe: if (recv-listener == “InboundMail” ) AND ( (attachment-filename == “\\.exe$”) OR
(attachment-filetype == “exe”)) { drop(); }
C. drop-exe! if (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”) { drop(); }
D. drop-exe! if (recv-listener == “InboundMail” ) AND ( (attachment-filename == “\\.exe$”) OR
(attachment-filetype == “exe”)) { drop(); }
Answer: A
QUESTION 16
What can Cisco Prime Security Manager (PRSM) be used to achieve?
A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies
B. Configure Cisco ASA connection limits
C. Configure TCP state bypass in Cisco ASA and IOS
D. Configure Cisco IPS signature and monitor signature alerts
E. Cisco Cloud Security on Cisco ASA
Answer: A
QUESTION 17
Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance?
A. http://192.168.42.42:8080
B. http://192.168.42.42:80
C. https://192.168.42.42:443
D. https://192.168.42.42:8443
Answer: D
QUESTION 18
Which port is used for CLI Secure shell access?
A. Port 23
B. Port 25
C. Port 22
D. Port 443
Answer: C
QUESTION 19
Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email?
A. SBA
B. secure mobile access
C. IPv6 DMZ web service
D. ESA
Answer: D
QUESTION 20
Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase?
A. ASA
B. WSA
C. Secure mobile access
D. IronPort ESA
E. SBA
Answer: D
Lead2pass regular updates of Cisco 300-207 dumps, with accurate answers, keeps the members one step ahead in the real 300-207 exam. The experts with more than 10 years experience in Certification Field work with us.
300-207 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM2V5bnM0dTVhYjg
2016 Cisco 300-207 exam dumps (All 251 Q&As) from Lead2pass:
http://www.lead2pass.com/300-207.html [100% Exam Pass Guaranteed]