which three types of certificates when implementing HTTPS decryption services on the ASA CX?

A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)

A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)

A.
Self Signed Server Certificate

B.
Self Signed Root Certificate

C.
Microsoft CA Server Certificate

D.
Microsoft CA Subordinate Root Certificate

E.
LDAP CA Server Certificate

F.
LDAP CA Root Certificate

G.
Public Certificate Authority Server Certificate

H.
Public Certificate Authority Root Certificate

Explanation:

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

Nul

Nul

I hope my exam questions from the Cisco 300-207 exam helps you pass the exam and earn your Cisco certification! Happy Studying!

QUESTION 161
The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.

1611_thumb
1612_thumb

1613_thumb

1614_thumb

Which of the following is true with respect to the version of WCCP configured on the Cisco ASA and the Cisco WSA?

A. Both are configured for WCCP v1.
B. Both are configured for WCCP v2.
C. Both are configured for WCCP v3.
D. There is a WCCP version mismatch between the Cisco WSA and the Cisco ASA.

Answer: B
Explanation:
ASA version shows as version 2.0:
WSA also shows version 2 is being used:

QUESTION 162
What are two features of the Cisco ASA NGFW? (Choose two.)

A. It can restrict access based on qualitative analysis.
B. It can restrict access based on reputation.
C. It can reactively protect against Internet threats.
D. It can proactively protect against Internet threats.

Answer: BD

QUESTION 163
Which three statements about Cisco CWS are true? (Choose three.)

A. It provides protection against zero-day threats.
B. Cisco SIO provides it with threat updates in near real time.
C. It supports granular application policies.
D. Its Roaming User Protection feature protects the VPN from malware and data breaches.
E. It supports local content caching.
F. Its Cognitive Threat Analytics feature uses cloud-based analysis and detection to block threats outside the network.

Answer: ABC

QUESTION 164
Refer to the exhibit. What are two facts about the interface that you can determine from the given output? (Choose two.)
1641_thumb

A. A Cisco Flexible NetFlow monitor is attached to the interface.
B. A quality of service policy is attached to the interface.
C. Cisco Application Visibility and Control limits throughput on the interface.
D. Feature activation array is active on the interface.

Answer: AB

QUESTION 165
What are the two policy types that can use a web reputation profile to perform reputation-based processing? (Choose two.)

A. profile policies
B. encryption policies
C. decryption policies
D. access policies

Answer: CD

QUESTION 166
Which three pieces of information are required to implement transparent user identification using Context Directory Agent? (Choose three.)

A. the server name of the global catalog domain controller
B. the server name where Context Directory Agent is installed
C. the backup Context Directory Agent
D. the primary Context Directory Agent
E. the shared secret
F. the syslog server IP address

Answer: BDE

QUESTION 167
Which method does Cisco recommend for collecting streams of data on a sensor that has been virtualized?

A. VACL capture
B. SPAN
C. the Wireshark utility
D. packet capture

Answer: D

QUESTION 168
Which configuration mode enables a virtual sensor to monitor the session state for unidirectional traffic?

A. asymmetric mode
B. symmetric mode
C. loose mode
D. strict mode

Answer: A

QUESTION 169
Over the period of one day, several Atomic ARP engine alerts fired on the same IP address.
You observe that each time an alert fired, requests on the IP address exceeded replies by the same number. Which configuration could cause this behavior?

A. The reply-ratio parameter is enabled.
B. MAC flip is enabled.
C. The inspection condition is disabled.
D. The IPS is misconfigured.

Answer: A

QUESTION 170
……

I have uploaded all the real questions of 300-207 exam to my Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDUlRQV2thWlpMa00
Welcome to download them freely!

Reply