NEW QUESTION 1
The helpdesk was asked to provide a record of delivery for an important email message that a customer claims it did not receive. Which feature of the Cisco Email Security Appliance provides this record?

• A. Outgoing Mail Reports
• B. SMTP Routes
• C. Message Tracking
• D. Scheduled Reports
• E. System Administration

Answer: C

NEW QUESTION 2
Refer to the exhibit.

The system administrator of mydomain.com received complaints that some messages that were sent from sender user@somedomain.com were delayed. Message tracking data on the sender shows that an email sample that was received was clean and properly delivered. What is the likely cause of the intermittent delays?

• A. The remote MTA has a SenderBase Reputation Score of -1.0.
• B. The remote MTA is sending emails from RFC 1918 IP addresses.
• C. The remote MTA has activated the SUSPECTLIST sender group.
• D. The remote MTA has activated the default inbound mail policy.

Answer: C

NEW QUESTION 3
Which command verifies that the correct CWS license key information was entered on the Cisco ASA?

• A. sh run scansafe server
• B. sh run scansafe
• C. sh run server
• D. sh run server scansafe

Answer: B

NEW QUESTION 4
Which two statements about Cisco Firepower file and intrusion inspection under control policies are true? (Choose two.)

• A. File inspection occurs before intrusion prevention.
• B. Intrusion Inspection occurs after traffic is blocked by file type.
• C. File and intrusion drop the same packet.
• D. Blocking by file type takes precedence over malware inspection and blocking
• E. File inspection occurs after file discovery

Answer: AE

NEW QUESTION 5
Which statement about Cisco IPS Manager Express is true?

• A. It provides basic device management for large-scale deployments.
• B. It provides a GUI for configuring IPS sensors and security modules.
• C. It enables communication with Cisco ASA devices that have no administrative access.
• D. It provides greater security than simple ACLs.

Answer: B

NEW QUESTION 6
Which statement about Cisco ASA multicast routing support is true?

• A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
• B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from multicast receivers to the upstream multicast router.
• C. The Cisco ASA appliance supports DVMRP and PIM.
• D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled at the same time.
• E. The Cisco ASA appliance supports only IGMP v1.

Answer: D

NEW QUESTION 7
By default, which access rule is applied inbound to the inside interface?

• A. All IP traffic is denied.
• B. All IP traffic is permitted.
• C. All IP traffic sourced from any source to any less secure network destinations is permitted.
• D. All IP traffic sourced from any source to any more secure network destinations is permitted

Answer: C

NEW QUESTION 8
Which description of an email solution that uses hybrid mode is true?

• A. uses an on-premises Cisco ESA that scans inbound email by using the DLP service
• B. uses an on-premises Cisco ESA that scans inbound email by using encryption policies
• C. cleans inbound email by using a cloud-based Cisco ESA
• D. cleans outbound email by using a cloud-based Cisco ESA

Answer: C

NEW QUESTION 9
Which two conditions must you configure in an event action override to implement a risk rating of 70 or
higher and terminate the connection on the IPS? (Choose two.)

• A. Configure the event action override to send a TCP reset.
• B. Set the risk rating range to 70 to 100.
• C. Configure the event action override to send a block-connection request.
• D. Set the risk rating range to 0 to 100.
• E. Configure the event action override to send a block-host request.

Answer: AB

NEW QUESTION 10
Which Cisco WSA is intended for deployment in organizations of more than 6000 users?

• A. WSA S370
• B. WSA S670
• C. WSA S370-2RU
• D. WSA S170

Answer: B

NEW QUESTION 11
Which information does the show scansafe statistics command provide?

• A. ESA message tracking
• B. PRSM events
• C. AV statistics
• D. Cisco CWS activity

Answer: D

NEW QUESTION 12
Which Cisco AMP for Endpoints, what, is meant by simple custom detection?

• A. It is a rule for identifying a file that should be whitelisted by Cisco AMP.
• B. It is a method for identifying and quarantining a specific file by its SHA-256 hash.
• C. It is a feature for configuring a personal firewall.
• D. It is a method for identifying and quarantining a set of files by regular expression language.

Answer: A

NEW QUESTION 13
What are the two policy types that can use a web reputation profile to perform reputation-based processing? (Choose two.)

• A. profile policies
• B. encryption policies
• C. decryption policies
• D. access policies

Answer: CD

NEW QUESTION 14



What action will the sensor take regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?

• A. Global correlation is configured in Audit mode fortesting the feature without actually denying any hosts.
• B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
• C. It will not adjust risk rating values based on the known bad hosts list.
• D. Reputation filtering is disabled.

Answer: D

Explanation: This can be seen on the Globabl Correlation – Inspection/Reputation tab show below:

NEW QUESTION 15
Which two authentication options can be leveraged for directory integration with the Cisco Cloud Security ISR-G2 connector? (Choose Two)

• A. Kerberos
• B. NTLM
• C. LDAP
• D. OpenID
• E. SAML

Answer: BC

NEW QUESTION 16




For which domains will the Cisco Email Security Appliance allow up to 5000 recipients per message?

• A. viole
• B. public
• C. viole
• D. public and blu
• E. public
• F. viole
• G. Public, blu
• H. Public and green.public
• I. re
• J. public orang
• K. publicre
• L. public and orang
• M. public

Answer: B

NEW QUESTION 17
To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have which two Cisco ASA licenses enabled on its security appliance? (Choose two.)

• A. Cisco AnyConnect Premium license
• B. Cisco AnyConnect Essentials license
• C. Cisco AnyConnect Mobile license
• D. Host Scan license
• E. Advanced Endpoint Assessment license
• F. Cisco Security Agent license

Answer: AE

NEW QUESTION 18
What access control action will analyze the traffic as it passes through the device?

• A. trust
• B. Allow
• C. Monitor
• D. inspect

Answer: C