BCCPA : Blue Coat Certified ProxySG Administrator : Part 03

  1. What is the behavior of content filtering policies, when the Blue Coat WebFilter license expires?

    • All content is blocked
    • All content is allowed
    • Content is allowed or blocked depending on policy for System/unlicensed
    • Content is allowed or blocked depending on fail open or fail closed setting in Management Console.

    Explanation:

    Reference: http://forums.bluecoat.com/viewtopic.php?f=2&t=4290 

  2. In a TCP connection, what will a listener service attempt to match before deciding to intercept or to bypass the connection? (Choose all that apply)

    (a) Source IP
    (b) Destination IP
    (c) Destination Port
    (d) Source Port

    • a & b only
    • b & c only
    • c & d only
    • All of the above
  3. Which is NOT a good reason to configure user authentication when deploying ProxySG as an Internet gateway proxy?

    • To allow creation of granular polices by user or group
    • To allow more detailed logging and reports
    • To enable more convincing coaching pages for AUP violations
    • To ensure that cache content is not expired
    • To protect against unauthorized access of Web objects found in cache
  4. How many content filtering databases can be used in a policy for SGOS 5.3 at the same time (apart from the local database and IWF restricted categories)?

    • Only one content filtering database
    • Any two content filtering databases
    • Two content filtering databases — BCWF and one other
    • Any number of content filtering databases from the list supported by ProxySG
  5. Name two different ways to create a transparent proxy environment.

    • Using the PAC File or configuring WCCP
    • Configuring a Layer 4 switch or configuring the appliance in bridging mode
    • Configuring WCCP or using an automatic configuration script
    Explanation:
    Reference: http://bradal.com/nl/pages/candn/bluecoat/transproxy.htm (search for layer-4 switch)
  6. Assume that ProxySG has default policy set to Allow; it is configured so that the HTTP proxy service on port 8080 has Detect Protocol option disabled and there are no policy rules on either SSL Intercept Layer or SSL Access Layer. A Web browser is accessing an HTTPS site, using explicit proxying on the ProxySG, port 8080.

    What would happen to this traffic?

    • The HTTPS connection will never be established
    • The HTTPS connection will always be established
    • The HTTPS connection will be established only for the remote server port 443.
    • The HTTPS connection will be established only for the remote server port 443 unless there are rules on Web Access Layer, explicitly allowing other port numbers.
  7. The placeholder variables that are available in ProxyClient’s exception templates (i.e. the screens that are displayed, when there is a policy violation) are the same ones that are available for user-defined exceptions within ProxySG.

    • True
    • False
  8. Which statement is not true?

    • A VLAN trunk is a physical link that connects two switches together.
    • A VLAN trunk is used for frame-tagging.
    • A trunk port connects to CIFS server.
    • A trunk port erases the tag in a frame.
  9. In which of the following ways can Access Logging be enabled? (Choose all that apply)

    (a) By a CLI command
    (b) In the Management Console under Access Logging
    (c) By adding another layer to VPM policy

    • a & b only
    • a & c only
    • b & c only
    • All of the above
  10. HTTP status codes requesting client authorization are 3-digit numbers of the following form:

    • 1xx
    • 2xx
    • 3xx
    • 4xx
    • 5xx
    Explanation:
    Reference: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error 
  11. Which group of services does not have a specialized proxy and is handled by TCP Tunnel instead?

    • HTTP, HTTPS, FTP
    • SOCKS
    • LDAP, IMAP, SSH
    • QuickTime, Real Audio
    • AOL, MSN IM, Yahoo IM
  12. Which HTTP error code corresponds to the ProxySG default exception identifier authentication failed?

    • 403
    • 404
    • 503
    • 401
    Explanation:
    Reference: http://newcafe.org/401.shtml 
  13. User with administrative rights can stop ProxyClient as a Windows service.

    • True
    • False
  14. Which of the following statements are true about WCCP? (Choose all that apply)

    (a) WCCP version 1 only redirects traffic based on TCP destination port 80 while WCCP version 2 can redirect more than just port 80.
    (b) WCCP version 1 supports only single proxy while WCCP version 2 can support up to 32 proxies in a single service group.
    (c) WCCP version 1 is the default version supported by ProxySG unless configured otherwise.
    (d) WCCP version 2 is more suitable for multiple router deployment as it allows multicast discovery.

    • a & b only
    • b & d only
    • a & d only
    • a & c only
  15. What are the two hardware chassis options that are available in Blue Coat Director? (Choose all that apply)

    (a) SG210
    (b) SG510
    (c) SG800
    (d) SG8100

    • a & b only
    • b & c only
    • c & d only
    • a & d only
    Explanation:
    Reference: http://www.bluecoat.com/support/eol-sg#director 
  16. For ProxyClient content filtering to work, the client’s computer should be able to do a correct lookup of DNS address sp.cwfservice.net.

    • True
    • False
  17. Which are the two packets that are used in WCCP discovery process? (Choose all that apply)

    (a) HERE_I_AM
    (b) HOME_ROUTER_IP:
    (c) I_SEE_YOU
    (d) WEB_CACHE_HERE

    • All of the above
    • a, b & c only
    • b & d only
    • a & c only
  18. Which of the following types of traffic are scanned with ICAP RESPMOD?

    • HTTP responses
    • FTP uploads
    • HTTP PUT data
    • HTTP POST data
    • All of the above
  19. Why should ProxySG set HTTP proxy behavior profile to “portal” in a reverse proxy deployment? (Choose all that apply)

    (a) To ensure ProxySG will ignore reload attempt.
    (b) To only allow authenticated users that are allowed to browse the page.
    (c) To ensure that ProxySG will trust server expiration header.
    (d) To restrict client access by User-Agent type.

    • a & b only
    • a & c only
    • b & d only
    • b & c only
    • c & d only
  20. When using transparent authentication, which of the following statements is true?

    • The virtual URL used for origin-style redirects must resolve to the IP address of the ProxySG.
    • The virtual URL used for origin-style redirects must resolve to an IP address.
    • The virtual URL used for origin-style redirects must be configured as an IP address.
    • The virtual URL used for origin-style redirects must be configured as a host name.
    Explanation:
    Reference: https://kb.bluecoat.com/index?page=content&id=KB2877 
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments