The Secret of 300-207 brain dumps

The article at going over is very comprehensive.

2021 Apr 300-207 exam

Q1. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS 

sessions and HTTPS access? 

A. sslconfig 

B. sslciphers 

C. tlsconifg 

D. certconfig 


Q2. Which three statements about threat ratings are true? (Choose three.) 

A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating. 

B. The largest threat rating from all actioned events is added to the risk rating. 

C. The smallest threat rating from all actioned events is subtracted from the risk rating. 

D. The alert rating for deny-attacker-inline is 45. 

E. Unmitigated events do not cause a threat rating modification. 

F. The threat rating for deny-attacker-inline is 50. 

Answer: A,D,E 

Q3. An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration? 

A. Inline Mode, Permit Traffic 

B. Inline Mode, Close Traffic 

C. Promiscuous Mode, Permit Traffic 

D. Promiscuous Mode, Close Traffic 


Q4. Which two commands are valid URL filtering commands? (Choose two.) 

A. url-server (DMZ) vendor smartfilter host 

B. url-server (DMZ) vendor url-filter host 

C. url-server (DMZ) vendor n2h2 host 

D. url-server (DMZ) vendor CISCO host 

E. url-server (DMZ) vendor web host 

Answer: A,C 

Q5. Which three functions can Cisco Application Visibility and Control perform? (Choose three.) 

A. Validation of malicious traffic 

B. Traffic control 

C. Extending Web Security to all computing devices 

D. Application-level classification 

E. Monitoring 

F. Signature tuning 

Answer: B,D,E 

Q6. How does a user access a Cisco Web Security Appliance for initial setup? 

A. Connect the console cable and use the terminal at 9600 baud to run the setup wizard. 

B. Connect the console cable and use the terminal at 115200 baud to run the setup wizard. 

C. Open the web browser at for the setup wizard over https. 

D. Open the web browser at for the setup wizard over https. 


Q7. When you create a new server profile on the Cisco ESA, which subcommand of the ldapconfig command configures spam quarantine end-user authentication? 

A. isqauth 

B. isqalias 

C. test 

D. server 


Q8. The security team needs to limit the number of e-mails they receive from the Intellishield Alert Service. Which three parameters can they adjust to restrict alerts to specific product sets? (Choose three.) 

A. Vendor 

B. Chassis/Module 

C. Device ID 

D. Service Contract 

E. Version/Release 

F. Service Pack/Platform 

Answer: A,E,F 

Q9. What is the access-list command on a Cisco IPS appliance used for? 

A. to permanently filter traffic coming to the Cisco.IPS.appliance via the sensing port 

B. to filter for traffic when the Cisco.IPS.appliance is in the inline mode 

C. to restrict management access to the sensor 

D. to create a filter that can be applied on the interface that is under attack 


Q10. Joe was asked to secure access to the Cisco Web Security Appliance to prevent unauthorized access. Which four steps should Joe implement to accomplish this goal? (Choose four.) 

A. Implement IP access lists to limit access to the management IP address in the Cisco Web Security Appliance GUI. 

B. Add the Cisco Web Security Appliance IP address to the local access list. 

C. Enable HTTPS access via the GUI/CLI with redirection from HTTP. 

D. Replace the Cisco self-signed certificate with a publicly signed certificate. 

E. Put the Cisco WSA Management interface on a private management VLAN. 

F. Change the netmask on the Cisco WSA Management interface to a 32-bit mask. 

G. Create an MX record for the Cisco Web Security Appliance in DNS. 

Answer: A,C,D,E