700-281 - Web Security Field Engineer (WSFE)
Go back to
What is a benefit of NTLMSSP over basic authentication?
NTLMSSP is more secure than basic.
What is the S-Series Proxy Bypass List?
a list of clients and destinations that will bypass the proxy in transparent mode
Which credentials must be entered into the S-Series GUI when joining the Active Directory domain?
the credentials of a privileged account on the Active Directory server
Which of these is not part of the pre_installation worksheet?
Which statement is true?
The L4TM allow list overrides the block list.
Bandwidth limits cannot be:
per (LDAP) group
If you want to reset your configuration back to the factory defaults but keep your logs and reports, which CLI command should you use?
Which statement about WSA user authentication is true?
A single WSA can have multiple LDAP realms.
TRR and TRT are associated with which WSA component?
Which option describes the Cisco best practice for using authentication-based access policies?
It should be used above nonauthentieating access policies in the Web Security Manager/Access Policies menu page
Which of these is a suspect user agent?
Which of these is not used as a monitoring tool?
Which action does Dynamic Content Analysis enable the Web Security Appliance to do?
Determine the most likely category of the website delivering content.
You are helping the customer configure authentication. A new AsyncOS upgrade becomes available; what should you do?
Schedule a convenient time to upgrade again, backing up the configuration before and after the upgrade.
Why does L4TM require T1 to be in promiscuous mode?
To process traffic that is not intended for its MAC address
Which statement about HTTPS decryption on the WSA is true?
If WBRS is enabled, it can be used to determine whether the HTTPS traffic is to be decrypted
For WSA SaaS Access Control, the Identity Provider is:
Integrated into the WSA.
Which of these cannot be used in defining policies?
What does the appearance of the ACL tag BLOCK_WBRS in the access log mean?
The proxy blocked access to a site with a low reputation score.
Which of these uses ICAP?
Data loss prevention policies
Which option describes the policies that the security administrator can create using Adaptive Scanning?
to use optimized antivirus weighting and scanning algorithms against content types without administrator configuration
Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts to exhaust critical router resources and if preventative controls have been bypassed or are not working correctly?
Control Plane Protection
Which S-Series CLI command can help troubleshoot WCCP?
Which CLI command is used to create a W3C log?
Which sites does WBRS block by default?
those with a reputation score equal to or less than -6
Which file characteristic cannot be used in the Cisco IronPort Data Security policies?
What feature on the WSA provides Day Zero Revocation of access to third party sites such as Salesforce?
SaaS Access Control
Which statement about the DVS engine is true?
The DVS engine can use Webroot and McAfee scanning in parallel
Which of the following is NOT provided by AVC?
Web usage quotas
Which option describes the Cisco best practice for configuration of the Web Usage Control feature?
To configure every access policy using the inherited attributes from the Global Policy
Which of these is an optional feature, requiring the purchase of a separate license after 30 days?
A single transaction can be scanned in parallel by:
Webroot and Sophos
What is "stream scanning"?
passing pieces of a download to the client while the download is being scanned
Which option describes how a user enables licensed features on the virtual WSA?
from the CLI using the loadlicense command
Which statement is false?
Custom URL categories cannot contain IP addresses.
In the access log, what does an ACL tag beginning with BLOCK_ADMIN indicate?
The transaction was blocked because of application or object properties.
How long is reporting data kept on record in WIRe by default?
45 days for both "blocked traffic", and for "allowed traffic"
If you want to create a ScanSafe filter that will block any shopping or gambling website, what should you add to the filter?
Specific URL categories
When do you need to configure the P1 interface?
whenever you have a separate management VLAN or subnetwork
Which of these is not an action that is associated with HTTPS decryption policies?
Which action can the security administrator define using Application Visibility and Controls?
to define bandwidth controls for streaming media content types
Which option describes a reason that a security administrator would configure suspect user agent scanning?
to block corporate users from using nonsanctioned web browsers
What are PAC files used for?
explicit forward mode proxy deployments
In AsyncOS 7.0 for web the choice of Authentication Surrogate is?
Defined separately for each Identity
Which statement about the S-Series native FTP proxy is not true?
Authentication is supported in transparent mode.
If authentication is enabled, which statement is true?
Client reports will display authenticated usernames.
How is PIM usually run?
Via a login script or GPO at the time that the user logs on