Testking offers free demo for 300-207 exam. "Implementing Cisco Threat Control Solutions (SITCS)", also known as 300-207 exam, is a Cisco Certification. This set of posts, Passing the Cisco 300-207 exam, will help you answer those questions. The 300-207 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 300-207 exams and revised by experts!

Q61. When a Cisco IPS is deployed in fail-closed mode, what are two conditions that can result in traffic being dropped? (Choose two.) 

A. The signature engine is undergoing the build process. 

B. The SDF failed to load. 

C. The built-in signatures are unavailable. 

D. An ACL is configured. 

Answer: A,B 


Q62. A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature? 

A. Show statistics virtual-sensor 

B. Show event alert 

C. Show alert 

D. Show version 

Answer:


Q63. An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration? 

A. Inline Mode, Permit Traffic 

B. Inline Mode, Close Traffic 

C. Promiscuous Mode, Permit Traffic 

D. Promiscuous Mode, Close Traffic 

Answer:


Q64. Which Cisco Cloud Web Security tool provides URL categorization? 

A. Cisco Dynamic Content Analysis Engine 

B. Cisco ScanSafe 

C. ASA Firewall Proxy 

D. Cisco Web Usage Control 

Answer:


Q65. Which Cisco Web Security Appliance deployment mode requires minimal change to endpoint devices? 

A. Transparent Mode 

B. Explicit Forward Mode 

C. Promiscuous Mode 

D. Inline Mode 

Answer:


Q66. In order to set up HTTPS decryption on the Cisco Web Security Appliance, which two steps must be performed? (Choose two.) 

A. Enable and accept the EULA under Security Services > HTTPS Proxy. 

B. Upload a publicly signed server certificate. 

C. Configure or upload a certificate authority certificate. 

D. Enable HTTPS decryption in Web Security Manager > Access Policies. 

Answer: A,C 


Q67. An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration? 

A. Inline Mode, Permit Traffic 

B. Inline Mode, Close Traffic 

C. Promiscuous Mode, Permit Traffic 

D. Promiscuous Mode, Close Traffic 

Answer:


Q68. Which three features does Cisco CX provide? (Choose three.) 

A. HTTPS traffic decryption and inspection 

B. Application Visibility and Control 

C. Category or reputation-based URL filtering 

D. Email virus scanning 

E. Application optimization and acceleration 

F. VPN authentication 

Answer: A,B,C 


Q69. Which Cisco technology is a modular security service that combines a stateful inspection firewall with next-generation application awareness, providing near real-time threat protection? 

A. Cisco ASA 5500 series appliances 

B. Cisco ASA CX Context-Aware Security 

C. WSA 

D. Internet Edge Firewall / IPS 

Answer:


Q70. Which statement about Cisco IPS Manager Express is true? 

A. It provides basic device management for large-scale deployments. 

B. It provides a GUI for configuring IPS sensors and security modules. 

C. It enables communication with Cisco ASA devices that have no administrative access. 

D. It provides greater security than simple ACLs. 

Answer: