Cisco Data Center Solutions and Virtualization (server, storage, network)

“Do I Know This Already?” Quiz – Cisco Traffic Decryption Policy

by

Virtualization
in , , ,

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 18-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

  

Table 18-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Traffic Decryption Essentials

1

Best Practices for Traffic Decryption

2

Configuring a Decryption Policy

3, 4

Verification

5

Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. An administrator configured an SSL policy and then deployed the policy on a threat defense system right away however, the new configuration does not take any actions on encrypted traffic. Which of the following reasons could be applicable?

  1. The default action of the access control policy is set to Network Discovery Only.
  2. A file policy was not created and deployed on the threat defense.
  3. An SSL policy is not invoked in the access control policy.
  4. The SSL decryption license is not applied on the threat defense.

2. Which of the following statements is true?

  1. Decryption of encrypted traffic can impact overall throughput.
  2. SSL rules that require the least amount of information to determine the outcome should be placed at the top in order.
  3. When positioning the SSL rules, place the Block and Do Not Decrypt actions before the rules that have Decrypt Known Key and Decrypt Resign actions.
  4. All of these answers are correct.

3. To prevent an end user from downloading an executable file from https://example.com, which of the following actions is required?

  1. Add an SSL rule for the matching traffic with the Decrypt – Resign action.
  2. Add an access control rule for matching traffic with the Allow action.
  3. Add a file rule to block the executable file type.
  4. All of these answers are correct.

4. Which of the following options is the supported way to block the SSLv2 protocol?

  1. In an access control rule, add a rule condition to block port 443 (under the Ports tab).
  2. In an access control rule, add a rule condition to block an HTTPS application (under the Applications tab).
  3. In an SSL policy, choose the Block action for an SSLv2 session (under the Undecryptable Action tab).
  4. In an SSL rule, add a rule condition to block the SSLv2 protocol (under the Version tab).

5. Which of the following views in the GUI display the SSL status and action?

  1. The connection events page at Analysis > Connections > Events
  2. The file events page at Analysis > Files > File Events
  3. The Connection summary dashboard
  4. All of these answers are correct.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *