[PDF&VCE] Lead2pass 300-207 Exam Questions Free Download (21-40)

[PDF&VCE] Lead2pass 300-207 Exam Questions Free Download (21-40)

2016 October Cisco Official New Released 300-207 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass updates Cisco 300-207 exam questions, adds some new changed questions from Cisco Official Exam Center. Want to know 2016 300-207 exam test points? Download the following free Lead2pass latest exam questions today!

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-207.html

QUESTION 21
Which Cisco WSA is intended for deployment in organizations of up to 1500 users?

A.    WSA S370
B.    WSA S670
C.    WSA S370-2RU
D.    WSA S170

Answer: D

QUESTION 22
Which Cisco WSA is intended for deployment in organizations of more than 6000 users?

A.    WSA S370
B.    WSA S670
C.    WSA S370-2RU
D.    WSA S170

Answer: B

QUESTION 23
Which command verifies that the correct CWS license key information was entered on the Cisco ASA?

A.    sh run scansafe server
B.    sh run scansafe
C.    sh run server
D.    sh run server scansafe

Answer: B

QUESTION 24
Which four parameters must be defined in an ISAKMP policy when creating an IPsec site-to-site VPN using the Cisco ASDM? (Choose four.)

A.    encryption algorithm
B.    hash algorithm
C.    authentication method
D.    IP address of remote IPsec peer
E.    D-H group
F.    perfect forward secrecy

Answer: ABCE

QUESTION 25
Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?

A.    Single Sign-On
B.    Certificate to Profile Mapping
C.    Double Authentication
D.    RSA OTP

Answer: D

QUESTION 26
Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)

A.    LDAP
B.    FTP
C.    TFTP
D.    HTTP
E.    SCEP
F.    Manual

Answer: EF

QUESTION 27
Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. The finance employees need remote access to the software during non- business hours. The employees do not have "admin" privileges to their PCs. How would you configure the SSL VPN tunnel to allow this application to run?

A.    Configure a smart tunnel for the application.
B.    Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal.
C.    Configure the plug-in that best fits the application.
D.    Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN client to the
finance employee each time an SSL VPN tunnel is established.

Answer: A

QUESTION 28
What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.)

A.    Alert Summary as Text
B.    Complete Alert as an HTML Attachment
C.    Complete Alert as HTML
D.    Complete Alert as RSS
E.    Alert Summary as Plain Text
F.    Alert Summary as MMS

Answer: ABC

QUESTION 29
With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic?

A.    protocol
B.    rate
C.    bandwidth
D.    limit

Answer: B

QUESTION 30
Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.)

A.    It configures system polices for NAC devices.
B.    It forwards traffic to destination devices.
C.    It provides statistics for device health.
D.    It replaces syslog, RADIUS, and TACACS+ servers.
E.    It automatically detects Cisco security appliances to configure.

Answer: CE

QUESTION 31
Which Cisco monitoring solution displays information and important statistics for the security devices in a network?

A.    Cisco Prime LAN Management
B.    Cisco ASDM Version 5.2
C.    Cisco Threat Defense Solution
D.    Syslog Server
E.    TACACS+

Answer: B

QUESTION 32
Which three search parameters are supported by the Email Security Monitor? (Choose three.)

A.    Destination domain
B.    Network owner
C.    MAC address
D.    Policy requirements
E.    Internal sender IP address
F.    Originating domain

Answer: ABE

QUESTION 33
Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?

A.    the IntelliShield Threat Outbreak Alert
B.    IntelliShield Alert Manager vulnerability alerts
C.    the IntelliShield Alert Manager historical database
D.    the IntelliShield Alert Manager web portal
E.    the IntelliShield Alert Manager back-end intelligence engine

Answer: A

QUESTION 34
A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.)

A.    Anomaly detection operational mode
B.    Inline TCP session tracking mode
C.    Normalizer mode
D.    Load-balancing mode
E.    Inline and Promiscuous mixed mode
F.    Fail-open and fail-close mode

Answer: ABC

QUESTION 35
What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

A.    Inline; fail open
B.    Inline; fail closed
C.    Promiscuous; fail open
D.    Promiscuous; fail closed

Answer: B

QUESTION 36
Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.)

A.    Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).
B.    Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).
C.    Implement redundant IPS and make data paths symmetrical.
D.    Implement redundant IPS and make data paths asymmetrical.
E.    Use NIPS only for small implementations.

Answer: AC

QUESTION 37
Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

A.    sensor# configure terminal
sensor(config)# service sensor
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
B.    sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings parameter ftp
sensor(config-hos-net)# ftp-timeout 500
C.    sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
D.    sensor# configure terminal
sensor(config)# service network
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500

Answer: C

QUESTION 38
What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)

A.    SPAN does not introduce latency to network traffic.
B.    SPAN can perform granular scanning on captures of per-IP-address or per-port monitoring.
C.    Promiscuous Mode can silently block traffic flows on the IDS.
D.    SPAN can analyze network traffic from multiple points.

Answer: AD

QUESTION 39
What are the initial actions that can be performed on an incoming SMTP session by the workqueue of a Cisco Email Security Appliance?

A.    Accept, Reject, Relay, TCPRefuse
B.    LDAP Verification, Envelope Sender Verification, Bounce Verification, Alias Table Verification
C.    Recipient Access Table Verification, Host DNS Verification, Masquerading, Spam Payload Check
D.    SMTP Authentication, SBRS Verification, Sendergroup matching, DNS host verification

Answer: A

QUESTION 40
Refer to the exhibit. What CLI command generated the output?

A.    smtproutes
B.    tophosts
C.    hoststatus
D.    workqueuestatus

Answer: B

Lead2pass promise that all 300-207 exam questions are the latest updated, we aim to provide latest and guaranteed questions for all certifications. You just need to be braved in trying then we will help you arrange all later things! 100% pass all exams you want or full money back! Do you want to have a try on passing 300-207?

300-207 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM2V5bnM0dTVhYjg

2016 Cisco 300-207 exam dumps (All 251 Q&As) from Lead2pass:

http://www.lead2pass.com/300-207.html [100% Exam Pass Guaranteed]

         

Author: admin