BCCPP - Blue Coat Certified Proxy Professional, V.3.5.1
Go back to BlueCoat
When creating a policy-driven trace, which CPL property specifies the name of the policy trace file into which matching transactions are traced?
A Web Authentication layer in the VPM can be best implemented in which type of policy layer in CPL?
Which of these are the features of a Blue Coat Director? (Choose all that apply) (a) Install and update configurations of a group of ProxySG (b) Distribute and control content of a group of ProxySG (c) Managing SSL VPN configuration (d) Monitoring ProxySG Performance
a, b & d only
What is the meaning of the metacharacter \ (backslash) in regular expressions?
The Access Control List (ACL) option in the management console (configured by the menu item Configuration >Authentication >Console access) will be enforced for which types of administrative accounts? (Choose all that apply) (a) LDAP realm account (b) Local realm account (c) Built-in account (d) IWA realm account
All of the above
Which types of requests are likely to be served the fastest?
When will a policy trace report a rule processing result of "N/A"?
When the layer containing the rule is disabled.
What criterion is NOT used to determine location awareness of a ProxyClient
The IP address of the closest AND concentrator
Which of these proxy services must be enabled on the ProxySG to allow communication with an SNMP server?
Which of the following format can be used in troubleshooting authortization and authorization related problems in ProxySG? (Choose all that apply) (a) x-sc-authentication-error (b) x-sc-authentication-timeout (c) x-sc-authorlzation-error (d) x-sc-authorization-timeout
a & c only
Log format variable s-ip always refers to
IP address of the ProxySG to which client has established a connection
Which of the following statements are true? (Choose all that apply) (a) The SGOS object store utilizes a directory structure so that objects in cache can be accessed rapidly (b) Information about a single object in cache be retrieved from the Management console or the CLI (c) There are two object caches, the object cache which resides on disk and the object cache which resides in RAM (d) The SGOS object store is separated by protocol (HTTP cache, FTP cache, etc.)
a, b & c only
http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will the trigger url.domain=bluecoat.com match or miss?
At which checkpoint does the rewrite () perform the TWURL modification?
What is the protocol used for Blue Coat Director to communicate with ProxySG?
What are the two functions of configuring forwarding in ProxySG? (Choose all that apply)
To support Proxy Chaining
To intercept SSl
Hostname of the BCAAA= serverl DNS suffix =bluecoat.com Hostname of the Bluecoat SG = sgo1 Referring to the above information, what is the correct syntax for the SPN command in the Domain Controller?
setspn-A HTTP/sg01.bluecoat.com server1
When the ProxySG determines whether a user is a member of an LDAP group, is that considered authentication or authorization?
How must you configure the RTMP proxy service to process Flash traffic originating at youtube.com?
Enable HTTP handoff on the Flash proxy on the ProxySG.
Apparent Data Type objects can be created in the VPM for which of the following file types? (Choose all that apply) (a) Windows DLL (b) Windows Exe (c) Windows Ocx (d) Windows Cab
All of the above
When a user has credentials in an IWA realm and already has been authenticated into that realm, what happens when CPL code directs that user to be authenticated as a guest?
They are logged out from their previous credentials and are logged in as a guest.
By default, what type of authentication challenge will the user-agent receive if the authentication node is set to AUTO?
proxy for explicit and proxy-ip for transparent
After creating CPL in the local policy file, the policy is imported into the VPM CPL file so that it can be viewed through the Visual Policy Manager.
On the ProxySG, where can you specify whether a client is permitted to allow an untrusted server certificate? (Select all that apply)
In the Management Console.
Which one of these statements is NOT true about the caching architecture of the ProxySG?
Objects are first stored in the RAM object cache and are swapped into the disk-based object cache as needed.
CPL is required when creating which types of policy?
Policy that involves local users and groups
The ProxySG is intercepting Flash traffic. Client A requests an on-demand 100MB Flash video and watches the first 50MB of it before terminating the media player. Client B requests the same on-demand Flash video, starts at the 25MB mark, and plays the remainder of the video. In normal conditions without any policy specifically controlling caching, how is the video served to Client B?
The entire video is retrieved from the content server and is cached on the ProxySG.
Name two ways by which the ProxySG can determine that a DDOS attack is in progress. (Select 2)
Excessive number of requests from a specific server.
Name two settings that can be configured in a forwarding group to define which hosts in the group receive traffic. (Select all that apply)
What type of filesystem does SGOS use?
Who plays the role of the trusted third party, when client and server communicate via Kerberos?
KDC (Key Distribution Center)
Without asking a user or physically inspecting their computer, how can you determine which version of web browser they are using to make requests that are intercepted by the ProxySG? (Select all that apply)
By performing packet captures on the ProxySG when that web browser is in use.
By inspecting the ProxySG access log, if access logging is enabled.
In a typical client HTTP request, identify the four principal policy checkpoints in the order they are reached.
Client in, server out, client out, server in.
After creating CPL in the local policy file, the ProxySG imports the policy into the VPM-CPL file so that it can be viewed in the Visual Policy Manager.
When creating policy in the VPM, where can you instruct the ProxySG to enable or disable pipelining of referenced objects?
In a Web Content layer.
The ProxySG ICAP implementation is fully compatible with which of the following applications? (Choose all that apply) (a) Finjan SurfinGate (b) Webwasher (c) AntiVirus Scan Engine (SAVSE) (d) Trend Micro InterScan
All of the above
By, default is a Forwarding layer in the VPM processed before or after a Web Access layer?
In Kerberos authentication that uses BCAAA, which two entities negotiate the shared key that is used during the authentication? (Select 2)
The domain controller
What type of SGOS software worker can be invoked to perform pipelining of HTTP requests?
Which regular expression should you test against a URL to match both http and https schemes?
Which of the following are the benefits of using Bandwidth Management with the ProxySG (Choose all that apply) (a) Ensuring mission critical application receives minimum amount of bandwidth (b) Compressing certain type of traffic classes before transmitting it over the WAN (c) Prioritizing certain traffic classes (d) Rate limiting application to prevent "hogging" of network bandwidth.
a, c & d only
SGOS is based on which other operating system?
What type of authentication challenge is issued when using the Policy Substitution Realm?
No challenge will be issued
Health checks are automatically created under which scenarios? (Choose all that apply) (a) When a forwarding host is created. (b) When a failover group is created. (c) When the DRTR is enabled. (d) When a SOCKS gateway is created.
a, c & d only
When creating a TCP tunnel service in explicit mode, you must also configure a forwarding host?
With ProxySG failover, the failover Virtual IP address can be the same as the IP address assigned to the master.
Which of the following access log formats are supported by the ProxySG? (Choose all that apply) (a) ELFF (b) SQUID (c) Websense (d) NCSA
All of the above
An HTTP request containing which header instructs the content server to return whether the requested object has been modified since the last visit?
True or false: The ProxySG can apply policy to Flash traffic without requiring the installation of an add-on license.
Which of these must be specified on a ProxySG to enable its access logs to be used by Blue Coat Reporter? (Select all that apply)
The IP address or hostname of the computer on which Reporter is running.
An upload schedule.