BCCPA : Blue Coat Certified ProxySG Administrator : Part 03
-
What is the behavior of content filtering policies, when the Blue Coat WebFilter license expires?
- All content is blocked
- All content is allowed
- Content is allowed or blocked depending on policy for System/unlicensed
- Content is allowed or blocked depending on fail open or fail closed setting in Management Console.
Explanation:
Reference: http://forums.bluecoat.com/viewtopic.php?f=2&t=4290
-
In a TCP connection, what will a listener service attempt to match before deciding to intercept or to bypass the connection? (Choose all that apply)
(a) Source IP
(b) Destination IP
(c) Destination Port
(d) Source Port- a & b only
- b & c only
- c & d only
- All of the above
-
Which is NOT a good reason to configure user authentication when deploying ProxySG as an Internet gateway proxy?
- To allow creation of granular polices by user or group
- To allow more detailed logging and reports
- To enable more convincing coaching pages for AUP violations
- To ensure that cache content is not expired
- To protect against unauthorized access of Web objects found in cache
-
How many content filtering databases can be used in a policy for SGOS 5.3 at the same time (apart from the local database and IWF restricted categories)?
- Only one content filtering database
- Any two content filtering databases
- Two content filtering databases — BCWF and one other
- Any number of content filtering databases from the list supported by ProxySG
-
Name two different ways to create a transparent proxy environment.
- Using the PAC File or configuring WCCP
- Configuring a Layer 4 switch or configuring the appliance in bridging mode
- Configuring WCCP or using an automatic configuration script
Explanation:Reference: http://bradal.com/nl/pages/candn/bluecoat/transproxy.htm (search for layer-4 switch) -
Assume that ProxySG has default policy set to Allow; it is configured so that the HTTP proxy service on port 8080 has Detect Protocol option disabled and there are no policy rules on either SSL Intercept Layer or SSL Access Layer. A Web browser is accessing an HTTPS site, using explicit proxying on the ProxySG, port 8080.
What would happen to this traffic?
- The HTTPS connection will never be established
- The HTTPS connection will always be established
- The HTTPS connection will be established only for the remote server port 443.
- The HTTPS connection will be established only for the remote server port 443 unless there are rules on Web Access Layer, explicitly allowing other port numbers.
-
The placeholder variables that are available in ProxyClient’s exception templates (i.e. the screens that are displayed, when there is a policy violation) are the same ones that are available for user-defined exceptions within ProxySG.
- True
- False
-
Which statement is not true?
- A VLAN trunk is a physical link that connects two switches together.
- A VLAN trunk is used for frame-tagging.
- A trunk port connects to CIFS server.
- A trunk port erases the tag in a frame.
-
In which of the following ways can Access Logging be enabled? (Choose all that apply)
(a) By a CLI command
(b) In the Management Console under Access Logging
(c) By adding another layer to VPM policy- a & b only
- a & c only
- b & c only
- All of the above
-
HTTP status codes requesting client authorization are 3-digit numbers of the following form:
- 1xx
- 2xx
- 3xx
- 4xx
- 5xx
Explanation:Reference: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error -
Which group of services does not have a specialized proxy and is handled by TCP Tunnel instead?
- HTTP, HTTPS, FTP
- SOCKS
- LDAP, IMAP, SSH
- QuickTime, Real Audio
- AOL, MSN IM, Yahoo IM
-
Which HTTP error code corresponds to the ProxySG default exception identifier authentication failed?
- 403
- 404
- 503
- 401
Explanation:Reference: http://newcafe.org/401.shtml -
User with administrative rights can stop ProxyClient as a Windows service.
- True
- False
-
Which of the following statements are true about WCCP? (Choose all that apply)
(a) WCCP version 1 only redirects traffic based on TCP destination port 80 while WCCP version 2 can redirect more than just port 80.
(b) WCCP version 1 supports only single proxy while WCCP version 2 can support up to 32 proxies in a single service group.
(c) WCCP version 1 is the default version supported by ProxySG unless configured otherwise.
(d) WCCP version 2 is more suitable for multiple router deployment as it allows multicast discovery.- a & b only
- b & d only
- a & d only
- a & c only
-
What are the two hardware chassis options that are available in Blue Coat Director? (Choose all that apply)
(a) SG210
(b) SG510
(c) SG800
(d) SG8100- a & b only
- b & c only
- c & d only
- a & d only
Explanation:Reference: http://www.bluecoat.com/support/eol-sg#director -
For ProxyClient content filtering to work, the client’s computer should be able to do a correct lookup of DNS address sp.cwfservice.net.
- True
- False
-
Which are the two packets that are used in WCCP discovery process? (Choose all that apply)
(a) HERE_I_AM
(b) HOME_ROUTER_IP:
(c) I_SEE_YOU
(d) WEB_CACHE_HERE- All of the above
- a, b & c only
- b & d only
- a & c only
-
Which of the following types of traffic are scanned with ICAP RESPMOD?
- HTTP responses
- FTP uploads
- HTTP PUT data
- HTTP POST data
- All of the above
-
Why should ProxySG set HTTP proxy behavior profile to “portal” in a reverse proxy deployment? (Choose all that apply)
(a) To ensure ProxySG will ignore reload attempt.
(b) To only allow authenticated users that are allowed to browse the page.
(c) To ensure that ProxySG will trust server expiration header.
(d) To restrict client access by User-Agent type.- a & b only
- a & c only
- b & d only
- b & c only
- c & d only
-
When using transparent authentication, which of the following statements is true?
- The virtual URL used for origin-style redirects must resolve to the IP address of the ProxySG.
- The virtual URL used for origin-style redirects must resolve to an IP address.
- The virtual URL used for origin-style redirects must be configured as an IP address.
- The virtual URL used for origin-style redirects must be configured as a host name.
Explanation:Reference: https://kb.bluecoat.com/index?page=content&id=KB2877
Subscribe
0 Comments
Newest