What Improve 300-207 Is?
The article at Testaimer.com going over http://www.testaimer.com/300-207-test is very comprehensive.
Q11. Which three user roles are partially defined by default in Prime Security Manager? (Choose three.)
Q12. What is the status of OS Identification?
A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating
Q13. Which two design considerations are required to add the Cisco Email Security Appliance to an existing mail delivery chain? (Choose two.)
A. Existing MX records should be maintained and policy routing should be used to redirect traffic to the ESA.
B. Update the MX records to point to the inbound listener interfaces on the ESA.
C. Update the MX records to point to the outbound listener interfaces on the ESA.
D. Different Listeners must be used to handle inbound and outbound mail handling.
E. The ESA should be connected to the same subnet as the Email Server because it maintains only a single routing table.
F. The ESA can be connected to a DMZ external to the Email Server because it maintains multiple routing tables.
G. The ESA can be connected to a DMZ external to the Email Server but it maintains only a single routing table.
H. Mail Listeners by default can share the same IP interface by defining the routes for sending and receiving.
Q14. To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?
A. It will not contribute to the SensorBase network.
B. It will contribute to the SensorBase network, but will withhold some sensitive information
C. It will contribute the victim IP address and port to the SensorBase network.
D. It will not contribute to Risk Rating adjustments that use information from the SensorBase network.
To configure network participation, follow these steps:.Step 1.Log in to IDM using an account with administrator privileges..Step 2.Choose Configuration > Policies > Global Correlation > Network Participation..Step 3.To turn on network participation, click the Partial or Full radio button:..Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent...Full—All data is contributed to the SensorBase Network
In this case, we can see that this has been turned off as shown below:
Q15. Connections are being denied because of SenderBase Reputation Scores. Which two features must be enabled in order to record those connections in the mail log on the Cisco ESA? (Choose two.)
A. Rejected Connection Handling
B. Domain Debug Logs
C. Injection Debug Logs
D. Message Tracking
Q16. CCORRECT TEXT
Answer: Steps are in Explanation below:
Q17. If inline-TCP-evasion-protection-mode on a Cisco IPS is set to asymmetric mode, what is a side effect?
A. Packet flow is normal.
B. TCP requests are throttled.
C. Embryonic connections are ignored.
D. Evasion may become possible.
Q18. Who or what calculates the signature fidelity rating in a Cisco IPS?
A. the signature author
B. Cisco Professional Services
C. the administrator
D. the security policy
Q19. Which Cisco ESA command is used to edit the ciphers that are used for GUI access?
Q20. Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.)
A. It integrates with Cisco Integrated Service Routers.
B. It supports threat avoidance and threat remediation.
C. It extends web security to the desktop, laptop, and PDA.
D. It integrates with Cisco.ASA Firewalls.