Q81. Which three statements about the Cisco IPS appliance configurations are true? (Choose three.) 

A. The maximum number of denied attackers is set to 10000. 

B. The block action duraton is set to 3600 seconds. 

C. The Meta Event Generator is globally enabled. 

D. Events Summarization is globally disabled. 

E. Threat Rating Adjustment is globally disabled. 

Answer: A,B,C 

Q82. Which three pieces of information are required to implement transparent user identification using Context Directory Agent? (Choose three.) 

A. the server name of the global catalog domain controller 

B. the server name where Context Directory Agent is installed 

C. the backup Context Directory Agent 

D. the primary Context Directory Agent 

E. the shared secret 

F. the syslog server IP address 

Answer: B,D,E 

Q83. What is the status of OS Identification? 

A. It is only enabled to identify "Cisco IOS" OS using statically mapped OS fingerprinting 

B. OS mapping information will not be used for Risk Rating calculations. 

C. It is configured to enable OS mapping and ARR only for the network. 

D. It is enabled for passive OS fingerprinting for all networks. 



Understanding Passive OS Fingerprinting.Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type..The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the alert..Passive OS fingerprinting consists of three components: .Passive OS learning.Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address. 

.User-configurable OS identification.You can configure OS host mappings, which take precedence over learned OS mappings. .Computation of attack relevance rating and risk rating 

Q84. Which Cisco WSA is intended for deployment in organizations of more than 6000 users? 

A. WSA S370 

B. WSA S670 

C. WSA S370-2RU 

D. WSA S170 


Q85. What is the default antispam policy for positively identified messages within the Cisco Email Security Appliance? 

A. Drop 

B. Deliver and Append with [SPAM] 

C. Deliver and Prepend with [SPAM] 

D. Deliver and Alternate Mailbox 


Q86. What is the authentication method for an encryption envelope that is set to medium security? 

A. The recipient must always enter a password, even if credentials are cached. 

B. A password is required, but cached credentials are permitted. 

C. The recipient must acknowledge the sensitivity of the message before it opens. 

D. The recipient can open the message without authentication. 


Q87. Which command allows the administrator to access the Cisco WSA on a secure channel on 

port 8443? 

A. strictssl 

B. adminaccessconfig 

C. ssl 

D. ssh 


Q88. Which IPS engine detects ARP spoofing? 

A. Atomic ARP Engine 

B. Service Generic Engine 

C. ARP Inspection Engine 

D. AIC Engine 


Q89. Which two statements about Cisco Cloud Web Security functionality are true? (Choose two.) 

A. It integrates with Cisco Integrated Service Routers. 

B. It supports threat avoidance and threat remediation. 

C. It extends web security to the desktop, laptop, and PDA. 

D. It integrates with Cisco.ASA Firewalls. 

Answer: A,D 

Q90. Which signature definition is virtual sensor 0 assigned to use? 

A. rules0 

B. vs0 

C. sig0 

D. ad0 

E. ad1 

F. sigl 



This is the default signature. You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0, and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.