BCCPP : Blue Coat Certified ProxySG Professional : Part 02

  1. By default, which standard keyring is used to authenticate a ProxySG to other devices?

    • authentication-key
    • default
    • appliance-key
    • default-untrusted

    Explanation:

    Reference: https://bto.bluecoat.com/doc/9102 (page 18)

  2. The HTTP request header Pragma: no-cache performs the same function as what other header?

    • Cache-control: no-cache
    • Cache-control: cache=none
    • GET If-Modified-Since
    • None of the above
  3. Policy that is written in CPL to control ProxySG forwarding should be placed in which policy file?

    • Forward policy file.
    • Threat protection policy file.
    • Local policy file.
    • Central policy file.
    • The answer depends on the processing order configured in the Management Console.
    Explanation:
    Reference: https://bto.bluecoat.com/doc/16293 (page 26, 4th bullet on the page)
  4. Perl statements can be included into CPL code as part of policy processing.

    • True
    • False
  5. What does this CPL layer do?

    • Sets the transaction status to Allow for all users who have the group attribute of Administrators.
    • This policy contains a syntax error and cannot be installed.
    • Nothing.
    • Sets the group attribute of Administrators for all users whose transactions are allowed.
  6. When analyzing an authentication error, which of these diagnostic tools provides the most detailed information about the protocol-level messages among the client, the ProxySG, and the authentication server?

    • Packet captures
    • Policy traces
    • Access logs
    • Event logs
  7. If the ProxySG and a client cannot successfully authenticate the use of Kerberos credentials during authentication in a realm where use of Kerberos credentials is enabled, what happens to the authentication request?

    • The request automatically downgrades and tries to use Basic credentials.
    • The request automatically downgrades and tries to use NTLM credentials, and then Basic credentials.
    • The request fails.
    Explanation:
    Reference: https://bto.bluecoat.com/sgos/ProxySG/SecurityFirstSteps/6.5/Content/PDFs/Auth_IWA_Direct_Solution.pdf (page 10)
  8. When one ProxySG forwards HTTP requests to another ProxySG, does the originating ProxySG send a server-style GET request or a proxy-style GET request?

    • Server-style
    • Proxy-style
  9. Without asking a user or physically inspecting their computer, how can you determine which version of web browser they are using to make requests that are intercepted by the ProxySG? (Select all that apply)

    • By performing packet captures on the ProxySG when that web browser is in use.
    • By inspecting the ProxySG access log, if access logging is enabled.
    • By using the VPM realm browser.
    • You cannot do this.
    Explanation:
    Reference: https://wikileaks.org/spyfiles/files/0/219_BLUECOAT-SGOS_5.3.x_SSL_Proxy_Reference_Guide.pdf
  10. What type of filesystem does SGOS use?

    • ZFS
    • NTFS
    • FAT32
    • None of the above
  11. SGOS is based on which other operating system?

    • VxWorks
    • pSOS
    • Unix
    • Windows
    • None of the above
  12. An HTTP request containing which header instructs the content server to return whether the requested object has been modified since the last visit?

    • Pragma: no-cache
    • GET If-Modified-Since
    • Cache-control: max-age
    • None of the above
  13. Which policy file can be automatically updated when the ProxySG detects changes to an external source?

    • Threat protection policy file.
    • Central policy file.
    • Forward policy file.
    • Local policy file.
  14. Which Blue Coat product is best suited for simultaneously administering a large number of ProxySG appliances?

    • ProxyAV
    • PacketShaper
    • Reporter
    • Director
    Explanation:
    Reference: https://bto.bluecoat.com/doc/17538
  15. When SGOS processes a client HTTP request, how many server workers are associated with each client worker?

    • Zero or one, depending on whether the request is served from the SGOS object cache.
    • One.
    • Two.
    • The answer varies depending on current ProxySG CPU utilization.
  16. In CPL, rules that have similar syntax can be grouped into what?

    • Actions
    • Layer guards
    • Triggers
    • Sections
  17. In CPL, what is the difference between Deny and Force Deny?

    • Only one Force Deny can appear in any policy layer.
    • A later Allow can override a Force Deny.
    • Force Deny exists only in the VPM, not in CPL.
    • A Force Deny is final and cannot be reversed by subsequent policy processing.
    Explanation:
    Reference: https://kb.bluecoat.com/index?page=content&id=FAQ1541
  18. When creating a policy-driven trace, which CPL property specifies the name of the policy trace file into which matching transactions are traced?

    • trace.destination()
    • trace.request()
    • trace.rules()
    • None of the above
    Explanation:
    Reference: https://bto.bluecoat.com/doc/16293 (page 406)
  19. In a typical client HTTP request, identify the four principal policy checkpoints in the order they are reached.

    • Client in, server out, client out, server in.
    • Client in, server in, client out, server out.
    • Client in, server out, server in, client out.
    • Client in, server in, server out, client out.
  20. If a mobile client is using ProxyClient and sends traffic through a ProxySG, which content filtering policy has priority?

    • The policy on the ProxyClient.
    • It depends on whether any policy has been installed on the ProxySG to disable ProxyClient content filtering on that transaction.
    • The policy that is evaluated last.
    • The policy on the ProxySG.
    • The policy that is evaluated first.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments