braindumps bccpp 191q - gratis exam - convert … · in regards to authentication the proxysg does...

Braindumps BCCPP 191q

Number: BCCPPPassing Score: 800Time Limit: 120 minFile Version: 22.5

http://www.gratisexam.com/

BCCPP

Blue Coat Certified Proxy Professional, V4.2

This is my first share of braindumps questions. Very helpful study center it is. Best Testing VCE it is.

Exam A

QUESTION 1Which of the following are true when attempting to deny access to file types?

A. MIME type objects are matched against the Content-type request header; File Extension objects arematched against the GET response header; Apparent Data Type objects are matched against requestdata.

B. MIME type objects are matched against the Content-type response header; File Extension objects arematched against the GET request header; Apparent Data Type objects are matched against responsedata.

C. MIME type objects are matched against the Content-encoding response header; FileExtension objectsare matched against the GET request header; Apparent Data Type objects are matched againstresponse data.

D. MIME type objects are matched against the Content-type response header; File Extension objects arematched against the GET request header; Apparent Data Type objects are matched against requestdata.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 2Which of the following steps have to be performed to support Kerberos Authentication? (Choose all thatapply)(a) A virtual URL that resolves to the IP of the ProxySG. (b) Registering the BCAAA as a Service PrincipalName.(c) Configuring IWA Realm.(d) Configuring Explicit Proxy.

A. All of the aboveB. None of the aboveC. a, b & c onlyD. b, c & d only

Correct Answer: DSection: (none)Explanation


QUESTION 3The ProxySG acts as both an ICAP client and ICAP server.

A. TrueB. False

Correct Answer: ASection: (none)Explanation


QUESTION 4Which of the following statements are true about ProxySG Protocol Detection feature? (Choose all thatapply)

(a) Protocol detection is performed on the server's response. (b) Protocol detection is performed on theclient's request. (c) Enabling Detect Protocol option will automatically enable early intercept attribute inproxy services.(d) Protocol detection is performed by looking at the TCP port number.


A. a & b onlyB. b & c onlyC. c & d onlyD. ALL of the above



QUESTION 5Which of the following statements are true about dynamic bypass list? (Choose all that apply) (a)Configured polices will not be enforced on client request if the request matches an entry in the bypass list.(b) Dynamic bypass entries are lost when ProxySG is restarted (c) If request made to a site in a forwardingpolicy is in the bypass list, the site is inaccessible (d) Dynamic bypass parameters can be configured onManagement Console and CLI.

A. All of the aboveB. a, b & c onlyC. b, c & d onlyD. a, c & d only

Correct Answer: BSection: (none)Explanation


QUESTION 6You can NOT use a self-signed certificate when intercepting SSL traffic.

A. TrueB. False



QUESTION 7Which method of controlling downloads of certain file types works fastest on ProxySG?

A. Apparent Data TypeB. MIME TypeC. File extension



QUESTION 8A cookie without an expire value will___

A. last until the client cleats cookies from the browserB. last until the client closes the browser sessionC. last until the client logs off



QUESTION 9The Content-encoding header is used to declare the MIME type and compression method used in a HTTPresponse.

A. TrueB. False



QUESTION 10Which of the following are obvious advantages of having a ProxySG deployed in a Reverse Proxyenvironment? (Choose all that apply)(a)The ProxySG has built in DOS protection to guard the actual web server from denial-ofservice attacks(b) Increased performance with caching provides an improved Web Experience (c) Consistent defaultbehavior of cache expiration and validation directives (d) SSL termination on ProxySG allow SSLoffloading, therefore eliminating bottleneck on the web server side.

A. All of the aboveB. a, b & c onlyC. a, b & d onlyD. b, c & d only



QUESTION 11

Which client deployment methods support the 407 Proxy Authentication Required response code? (Chooseall that apply)(a) Proxy Auto Configuration files(b) WCCP(c) Proxy settings in browser(d) Inline Bridging

A. a & b onlyB. b & c onlyC. c & d onlyD. a & c onlyE. All of the above



QUESTION 12After creating CPL in the local policy file, the policy is imported into the VPM CPL file so that it can beviewed through the Visual Policy Manager.

A. TrueB. False



QUESTION 13ProxySG is configured to permit error but guest authentication is not configured. What will happen to a userwho initiates a connection to the Internet?

A. The user will receive an error notifying unsuccessful authentication.B. The user will be allowed to proceed as a guest user.C. The user will be allowed to proceed as unauthenticated.D. The user will receive an error notifying Access Denied.



QUESTION 14What are the two functions of configuring forwarding in ProxySG? (Choose all that apply)

A. To accelerate applicationB. Reverse ProxyC. To support Proxy ChainingD. To intercept SSl

Correct Answer: CDSection: (none)

Explanation


QUESTION 15When a ProxyClient setup file is manually on a client's computer, what data transfer takes place beforeProxyClient is installed?

A. ProxyClient setup program is self-contained; there is no data transfer necessary in order to completethe installation of the ProxyCinent

B. ProxyCilent setup program cause download of the most recent updates from a public download sitehttps://hypersonic.bluecoat.com/.

C. ProxyClient setup program transfers data form Client Manager ProxySG appliance before it can installsuccessfully.

D. ProxyClient setup program transfers data form the AND manager (or backup AND manager) ProxySGappliance before it can install successfully.



QUESTION 16Health checks are automatically created under which scenarios? (Choose all that apply) (a) When aforwarding host is created.(b) When a failover group is created.(c) When the DRTR is enabled.(d) When a SOCKS gateway is created.

A. a, b & c onlyB. a, c & d onlyC. b, c & d onlyD. All of the above



QUESTION 17At which checkpoint does the rewrite () perform the TWURL modification?

A. Client InB. Client OutC. Server InD. Server Out



QUESTION 18

In regards to authentication the ProxySG does not support origin-redirects with CONNECT method.

A. TrueB. False



QUESTION 19Which statement is correct about WWW-Authenticate header?

A. It is request header used only with Basic Authentication to send username and password to a proxy ora Web server

B. It is a request header used to send credentialsC. It is a response header used with HTTP 401 status code to negotiate method of authentication and

send NTLM challenge to the client.



QUESTION 20The authentication mode origin-ip-redirect allows an administrator to assign a Time To Live (TTL) for thesurrogate credentials. Meanwhile the authentication mode origin-cookie-redirect does not provide thisfeature.

A. TrueB. False



QUESTION 21When configuring forwarding in PoxySG, what are the possible load balancing methods? (Choose all thatapply)(a) Round Robin(b) Fastest ICMP Reply(c) Least Connections(d) Least Delay

A. a & c onlyB. b & d onlyC. a & d onlyD. b & c only



QUESTION 22ICAP responses may be cached on a ProxySG, i.e, for some Web requests ICAP processing may becompleted without involving ProxyAV

A. TrueB. False



QUESTION 23When implementing failover with ProxySG appliances, configurations and policies on the master areautomatically replicated to members of the failover group.

A. TrueB. False



QUESTION 24ProxySG can cache videos played by Adobe Flash based video player (e.g. on YouTube) as HTTP objects.

A. TrueB. False



QUESTION 25What is the meaning of the metacharacter * (asterisk) in regular expressions?

A. escape characterB. any character except newlineC. zero or characterD. zero or more characters



QUESTION 26Which of the following authentication mode will allow you to visibly challenge the user upon inactivitytimeout? (Choose all that apply)

(a) Form based authentication(b) Cookie Surrogate(c) IP surrogate(d) Session based surrogate a & b only

A. a & b onlyB. b & c onlyC. c & d onlyD. d & a onlyE. All of the above



QUESTION 27Which of the following are the benefits of using Bandwidth Management with the ProxySG (Choose all thatapply)(a) Ensuring mission critical application receives minimum amount of bandwidth (b) Compressing certaintype of traffic classes before transmitting it over the WAN (c) Prioritizing certain traffic classes(d) Rate limiting application to prevent "hogging" of network bandwidth.

A. a, b & c onlyB. a, b & d onlyC. a, c & d onlyD. All of the above



QUESTION 28At which checkpoint does the rewrite_url_prefix perform the TWURL modification?

A. Client InB. Client OutC. Server InD. Server Out



QUESTION 29Which of the following options are configured when implementing failover on ProxySG appliances?(Choose all that apply)(a) Multicast address for advertisements(b) Relative Priority(c) Virtual MAC address(d) Group Secret to hash information sent in multicast announcements

A. a, b & c onlyB. b, c & d onlyC. a, b & d onlyD. All of the above



QUESTION 30Hostname of the BCAAA= serverlDNS suffix =bluecoat.comHostname of the Bluecoat SG = sgo1Referring to the above information, what is the correct syntax for the SPN command in the DomainController?

A. setspn-A HTTP/serverl.bluecoat.com sg01B. setspn-L HTTP/serverl.bluecoat.com sg01C. setspn-A HTTP/sg01.bluecoat.com server1D. setspn-D HTTP/serverl.bluecoat.com sg01



QUESTION 31In ProxyAV anti-virus scanners are____

A. multiple parallel threads sharing the same code and the same address spaceB. multiple parallel processes not sharing the same address spaceC. asynchronous calls to remote scanner hardwareD. synchronous procedure calls within ProxyAV



QUESTION 32Which of the following options are configured when implementing failover on ProxySG appliances?(Choose all that apply)(a) Multicast address for advertisements(b) Relative Priority(c) Virtual MAC address(d) Group Secret to hash information sent in multicast announcements

A. All of the aboveB. a, b & c onlyC. a, b & d onlyD. b, c & d only

Correct Answer: C

Section: (none)Explanation


QUESTION 33The ProxySG ICAP implementation is fully compatible with which of the following applications?(Choose all that apply)(a) Finjan SurfinGate(b) Webwasher(c) AntiVirus Scan Engine (SAVSE)(d) Trend Micro InterScan

A. a & b onlyB. b & c onlyC. c & d onlyD. All of the above



QUESTION 34Which statement is correct about Proxy-Authorization header?

A. It is a response header used by a proxy to negotiate parameters of the credential exchange and to sendchallenge to the client

B. It is a request header used to pass client's credentials to a proxy serverC. It is a response header used by an upstream proxy to ask for credentials from a downstream proxy or

user agent



QUESTION 35While configuring Blue Coat directory, what is an Overlay?

A. A few selected setting used to replace some of the configuration in ProxySG.B. A snapshot of all the configuration in ProxySG.



QUESTION 36CPL is required when creating which types of policy?

A. Two-Way URL rewritesB. Policy that utilizes layer guards

C. Policy that involves local users and groups



QUESTION 37Which of the following statements are true about Bandwidth Management Hierarchies and Priorities?(Choose all that apply)(a) Child classes can have children of their own.(b) If no limit is set, packets are sent as soon as they arrive. (c) Priorities are set to a class to giveprecedence over other classes. (d) If there is excess bandwidth, the child class will always get the firstopportunity to use it.

A. a, b & c onlyB. a, b & d onlyC. b, c & d onlyD. All of the above



QUESTION 38Which method of controlling downloads of certain file types has the LOWEST efficiency in terms ofresponse time, bandwidth use and execution time on ProxySG

A. Apparent Data TypeB. MIME TypeC. File extension



QUESTION 39Bandwidth minimum does not work in an explicit deployment model.

A. TrueB. False



QUESTION 40Which authentication realm is NOT supported for authenticating administrators to the managementconsole?

A. IWAB. RadiusC. LocalD. SequenceE. All the above are supported

Correct Answer: ESection: (none)Explanation


QUESTION 41If a user can not be derived through the Window SSO realm, then the client will .

A. be prompted with an authentication dialog box to provide credentials.B. receive an authentication error from the proxy.C. proceed as an unauthenticated user.D. receive an authentication form from the proxy to provide credentials.



QUESTION 42In which of the following ways can Access Logging be enabled? (Choose all that apply.) (a) By a CLIcommand(b) In the Management Console under Access Logging (C) By adding another layer to VPM policy

A. a & b onlyB. a & c onlyC. b & c onlyD. All of the above



QUESTION 43Which of the following cashing techniques utilize retrieval workers to keep the contents of the cache fresh?(Choose all that apply.)(a) Cost-based Deletion(b) Asynchronous Adaptive Refresh(c) Popularity Contest

A. a & b onlyB. b & c onlyC. All of the aboveD. b only

Correct Answer: DSection: (none)

Explanation


QUESTION 44Which server certificate validation errors can be ignored within ProxySG policy? (Choose all that apply)(a) Untrusted issuer(b) Host name mismatch(c) Expiration

A. a & b onlyB. b & c onlyC. a & c onlyD. All of the above



QUESTION 45When configuring Blue Coat Director, how can an administrator be authenticated? (Choose all that apply.)(a) Local configured accounts and password(b) RADIUS(c) IWA(d) TACACS+

A. All of the aboveB. a, b & c onlyC. a, c & d onlyD. a, b & d only



QUESTION 46Log format variable rs(Content-Type) always refers to Content-type header value sent from the proxySG tothe client.

A. TrueB. False



QUESTION 47Which of the following Health Checks can be defined for a forwarding host? (Choose all that apply)(a) ICMP(b) TCP(C) HTTP

(d) HTTPS

A. a & b onlyB. b & c onlyC. c & d onlyD. a & d onlyE. All of the above



QUESTION 48Which of the following is NOT true about global and per-rule policy tracing?

A. Each object processed by the ProxySG generates an entry in the global policy trace and appears in arule-based trace if the object triggers a rule.

B. Global policy tracing may severely affect the performance of a production ProxySG.C. You can enable global tracing through the Management Console or CLI.D. You can enable per-rule tracing through the Management Console.



QUESTION 49The ProxySG policy engine allows an administrator to create policy based on any MIME type, FileExtension or File Signature (first bytes in the response body).

A. TrueB. False



QUESTION 50Which of the following access log formats are supported by the ProxySG? (Choose all that apply)(a) ELFF(b) SQUID(c) Websense(d) NCSA

A. a, b & c onlyB. a, b & d onlyC. a, c & d onlyD. b, c & d onlyE. All of the above

Correct Answer: E



QUESTION 51By default, what type of authentication challenge will the user-agent receive if the authentication node is setto AUTO?

A. proxy-ip for explicit and transparent clientsB. proxy for explicit and origin-cookie-redirect for transparent clientsC. proxy for explicit and transparent clientsD. proxy-ip for explicit and origin-ip-redirect for transparent clientsE. proxy for explicit and proxy-ip for transparent



QUESTION 52Which types of requests are likely to be served the fastest?

A. TCP_MISSB. TCP_NC_MISSC. TCP_HITD. TCP_MEM_HITE. TCP_RESCAN_HIT



QUESTION 53When a TCP health check responds as "healthy" then, .

A. the SG is able to successfully establish a TCP handshake to the upstream device.B. the SG is able to successfully resolve the hostname of the upstream device.C. the SG is able to successfully connect to the upstream device on port 80.D. the SG is able to successfully ping the upstream device.



QUESTION 54What are the possible ways of creating bandwidth classes? (a) Using Management Console(b) Defining them in a JavaScript file and uploading it to ProxySG (c) Using CLI

A. a & b only

B. a & c onlyC. b & c onlyD. All of the above



QUESTION 55What are the two main functions of configuring forwarding in ProxySG? (Choose all that apply) (a) Toaccelerate application(b) Reverse Proxy(c) To support Proxy Chaining(d) To intercept SSL

A. a & b onlyB. b & c onlyC. c & d onlyD. d & a only



QUESTION 56Which authentication modes would result in a user-agent receiving a HTTP 401-Unauthorized status codesfrom the proxy? (Choose all that apply) (a) origin-ip-redirect(b) proxy-ip(c) origin-cookie(d) form-cookie-redirect

A. a & b onlyB. a & c onlyC. b & c onlyD. c & d onlyE. None of the above



QUESTION 57What is the meaning of the metacharacter? (question mark) in regular expressions?

A. escape characterB. any character except newlineC. zero or one characterD. zero or more characters

Correct Answer: CSection: (none)

Explanation


QUESTION 58Which of the following steps are not required when configuring a transparently deployed ProxySG tointercept HTTPS traffic?

A. Create a SSL intercept layer in the VPM.B. Enable a SSL service on port 443.C. Assign a key ring to the SSL proxy.D. Create a SSL access layer in the VPM.



QUESTION 59Apparent Data Type objects can be created in the VPM for which of the following file types? (Choose allthat apply)(a) Windows DLL(b) Windows Exe(c) Windows Ocx(d) Windows Cab

A. a, b & c onlyB. b, c & d onlyC. a, c & d onlyD. All of the above



QUESTION 60What type of authentication challenge is issued when using the Policy Substitution Realm?

A. 407 proxy Authentication RequiredB. 401 UnauthorizedC. No challenge will be issuedD. Not enough information to determine the answer



QUESTION 61A service can be configured to listen in explicit and transparent mode simultaneously.

A. True

B. False



QUESTION 62When configuring reverse proxy with SSL, what are the 3 possible options of ensuring host affinity?(Choose all that apply)(a) client-ip(b) ssl-session-id(c) accelerator-cookie(d) server-ip

A. All of the aboveB. b, c & d onlyC. a, c & d onlyD. a, b & c only



QUESTION 63Which header cannot be sent together with an HTTP 407 status code from the ProxySG?

A. Proxy-Authenticate: Basic="MyRealm"B. Proxy-Authenticate: NTLM="MyRealm"C. Proxy- Authenticate: Kerberos="MyRealm"D. proxy-Authenticate: Negotiate="MyRealm"E. All the above headers can be sent with 407 status code



QUESTION 64The bcreportermain_v1 access log format has a configurable ordering of fields, and this custom order isreflected in a log file header.

A. TrueB. False



QUESTION 65

When a client receives an HTTP 302 response from a server, the client will form a new request based onthe header.

A. ForwardB. CookieC. LocationD. Redirect



QUESTION 66In a transparent proxy that is intercepting HTTP, how can an administrator allow instant messaging overHTTP to pass through ProxySG if they do not have IM license on the ProxySG?

A. By disabling Detect ProtocolB. By disabling Protocol Handoff in IMC. By configuring the proxy services to bypass AOL IM, MSN IM and Yahoo IM servicesD. By disabling early intercept



QUESTION 67In explicit proxy, what will happen to a connection that is made when there is no such service running in theProxySG?

A. Connection will be intercepted.B. Connection will be rejected.C. Connection will by be bypassed.D. Connection will be forwarded.



QUESTION 68Which of the following methods can the Windows SSO utilize to derive a user name? (Choose all thatapply)(a) Domain Controller Querying(b) Direct Client Querying(c) Direct Client Querying, if unsuccessful then Domain Controller Querying (d) Domain ControllerQuerying, if unsuccessful then Direct Client Querying

A. a & b onlyB. a & c onlyC. b & c onlyD. b & d only

E. All of the above



QUESTION 69Which statement is correct about Proxy-Authenticate header

A. It is sent by the proxy every time when a HTTP 407 status code is sentB. It is used by a browser to pass credentials to a proxyC. It is used by both client and proxy to negotiate the method of credential exchange



QUESTION 70Who plays the role of the trusted third party, when client and server communicate via Kerberos?

A. NTLM (NT LAN Manager)B. KDC (Key Distribution Center)C. PKI (Public Key Infrastructure)D. SSL Certificate Authority



QUESTION 71Log format variable s-ip always refers to

A. IP address of the HTTP request clientB. IP address of the original content serverC. IP address of the ProxySG to which client has established a connection



QUESTION 72What is a precondition for using L2 MAC rewrite with WCCP?

A. The LAN where WCCP router and ProxySG are located should use IPv6B. No forwarding should be defined for ProxySGC. ProxySG and router should be in the same broadcast domain

Correct Answer: C



QUESTION 73A policy trace can be enabled for any layer type.

A. TrueB. False



QUESTION 74Which regular expression should you test against a URL to match both http and https schemes?

A. 2https?B. [http][https]C. ^https?D. http[s]



QUESTION 75The ProxySG is intercepting Flash traffic. Client A requests an on-demand 100MB Flash video andwatches the first 50MB of it before terminating the media player. Client B requests the same on-demandFlash video, starts at the 25MB mark, and plays the remainder of the video. In normal conditions withoutany policy specifically controlling caching, how is the video served to Client B?

A. The portion from 25MB to 50MB is served from the ProxySG cache, and the remainder is retrievedfrom the content server and is cached on the ProxySG.

B. The entire video is retrieved from the content server and is cached on the ProxySG.C. The portion from 25MB to 100MB is retrieved from the content server and is cached on the ProxySG.


Explanation/Reference:Explanation:

QUESTION 76Is it possible to run more than one version of a BCAAA processor on a Windows computer ?

A. YesB. No

Correct Answer: ASection: (none)

Explanation

Explanation/Reference:References:

QUESTION 77Where can you get the SNMP MIBs for the version of SGOS running on your ProxySG?

A. BlueTouch Online.B. At https://proxyIPaddr:8082/mibs, where proxyIPaddr is the IP address of your ProxySG.C. From the vendor of your network management software.

https://kb.bluecoat.com/index?page=content&id=FAQ718&actp=RSS



QUESTION 78In an SSL transaction in which the server's certificate is not from a trusted authority, which entity generatesthe warning that is displayed in a web browser?

A. The web browser.B. The server.C. The ProxySG.D. The answer depends on how the ProxySG has been configured.



QUESTION 79When Blue Coat Director is used to manage a ProxySG, which one of these methods can Director use toprevent unexpected changes from being made directly on the ProxySG?

A. Director changes the administrative passwords on the ProxySG to secret, random values.B. Director disables the serial port interface to the ProxySG.C. Director disables the Management Console on the ProxySG.



QUESTION 80When authenticating a guest user in an LDAP realm, which of these CPL properties would best be used tospecify that the guest user should be part of the pre-defined LDAP group MobileUsers?

A. authorize.guest(group=MobileUsers)B. authorize.add_group(MobileUsers)C. authorize.guest(MobileUsers)D. authorize.add_group(guest:MobileUsers)



QUESTION 81http://www.bluecoat.com/index.html?user=bobkentFor the above URL, will the trigger url.regex=!\.html$ match or miss?

A. MatchB. Miss



QUESTION 82When creating policy in the VPM, where can you instruct the ProxySG to enable or disable pipelining ofreferenced objects?

A. In a Web Content layer.B. In a Cache Control layer.C. In a Web Access layer.D. You cannot do this in the VPM.



QUESTION 83In a CPL back reference of the form $(n), are references numbered from right to left or from left to right?

A. Left to rightB. Right to left



QUESTION 84Which one of these statements best describes how policy checkpoints evaluate the installed policy on aProxySG?

A. The Client In checkpoint decides which rules will be evaluated by the other checkpoints.B. At each checkpoint, a decision is made whether to allow or deny the transaction.C. The Server In checkpoint decides which rules will be evaluated by the other checkpoints.D. Relevant rules are evaluated at each checkpoint based on the information about the transaction that is

available at that point.



QUESTION 85What are the three types of ProxySG surrogate credentials? (Select 3)

A. ConnectionB. IPC. CookieD. RedirectE. ProxyF. OriginG. Form

Correct Answer: ABCSection: (none)Explanation


QUESTION 86What are the three levels of the ProxySG authentication cache? (Select 3)

A. IPB. AuthenticationC. CredentialD. SurrogateE. ProxyF. Cookie

Correct Answer: AEFSection: (none)Explanation


QUESTION 87In CPL, rules that have similar syntax can be grouped into what?

A. ActionsB. Layer guardsC. TriggersD. Sections



QUESTION 88When SGOS processes a client HTTP request, how many server workers are associated with each client

worker?

A. Zero or one, depending on whether the request is served from the SGOS object cache.B. One.C. Two.D. The answer varies depending on current ProxySG CPU utilization.



QUESTION 89Which Blue Coat product is best suited for simultaneously administering a large number of ProxySGappliances?

A. ProxyAVB. PacketShaperC. ReporterD. Director



QUESTION 90In a typical client HTTP request, identify the four principal policy checkpoints in the order they are reached.

A. Client in, server out, client out, server in.B. Client in, server in, client out, server out.C. Client in, server out, server in, client out.D. Client in, server in, server out, client out.



QUESTION 91When creating a policy-driven trace, which CPL property specifies the name of the policy trace file intowhich matching transactions are traced?

A. trace.destination()B. trace.request()C. trace.rules()D. None of the above



References:

QUESTION 92In CPL, what is the difference between Deny and Force Deny?

A. Only one Force Deny can appear in any policy layer.B. A later Allow can override a Force Deny.C. Force Deny exists only in the VPM, not in CPL.D. A Force Deny is final and cannot be reversed by subsequent policy processing.



QUESTION 93Which policy file can be automatically updated when the ProxySG detects changes to an external source?

A. Threat protection policy file.B. Central policy file.C. Forward policy file.D. Local policy file.



QUESTION 94Without asking a user or physically inspecting their computer, how can you determine which version of webbrowser they are using to make requests that are intercepted by the ProxySG? (Select all that apply)

A. By performing packet captures on the ProxySG when that web browser is in use.B. By inspecting the ProxySG access log, if access logging is enabled.C. By using the VPM realm browser.D. You cannot do this.

Correct Answer: ABSection: (none)Explanation


QUESTION 95When one ProxySG forwards HTTP requests to another ProxySG, does the originating ProxySG send aserver-style GET request or a proxy-style GET request?

A. Server-styleB. Proxy-style



Explanation:

QUESTION 96If the ProxySG and a client cannot successfully authenticate the use of Kerberos credentials duringauthentication in a realm where use of Kerberos credentials is enabled, what happens to the authenticationrequest?

A. The request automatically downgrades and tries to use Basic credentials.B. The request automatically downgrades and tries to use NTLM credentials, and then Basic credentials.C. The request fails.



QUESTION 97An HTTP request containing which header instructs the content server to return whether the requestedobject has been modified since the last visit?

A. Pragma: no-cacheB. GET If-Modified-SinceC. Cache-control: max-ageD. None of the above



QUESTION 98SGOS is based on which other operating system?

A. VxWorksB. pSOSC. UnixD. WindowsE. None of the above



QUESTION 99What type of filesystem does SGOS use?

A. ZFSB. NTFSC. FAT32D. None of the above

Correct Answer: B



QUESTION 100When a downstream ProxySG requests an object that already is cached in an upstream ProxySG, thedownstream ProxySG checks the object's freshness with the origin content server.

A. TrueB. False



QUESTION 101If a user agent that does not support authentication tries to request content through a connection on whichthe ProxySG requires authentication, how can you best resolve the issue?

A. Identify the TCP ports used by the user agent, and create a proxy service to bypass such traffic.B. Identify an HTTP header that identifies the user agent, and then write policy to exempt matching

transactions from authentication.C. Identify the IP address of the user agent, and then write policy to exempt matching transactions from

authentication.D. You cannot do this.



QUESTION 102When writing CPL, should layers containing the most general rules usually appear near the beginning orthe end of a policy file?

A. Near the beginning.B. Near the end



QUESTION 103To create policy that tests only for the authentication error of expired_credentials, can you use the VPM,CPL, or either?

A. VPMB. CPLC. Either

Correct Answer: C



QUESTION 104http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will thetrigger url.domain=bluecoat.com match or miss?


A. MatchB. Miss



QUESTION 105If a CPL rule contains more than one trigger, how are the triggers evaluated?

A. Only the last trigger is evaluated.B. They are logically ORed together; any one of them must be true for the rule to match.C. They are logically ANDed together; all of them must be true for the rule to match.D. Only the first trigger is evaluated.E. The answer depends on the type of layer.



QUESTION 106Which of these possible problems does a nearly-full ProxySG disk indicate? (Select all that apply)

A. This ProxySG should be upgraded to a more powerful model.B. One or more additional ProxySG appliances should be deployed in this network.C. Caching parameters are improperly set in the Management Console.D. None; this is a normal condition.

Correct Answer: BCSection: (none)Explanation


QUESTION 107When the ProxySG processes installed policy as part of a client transaction, how does it handle a rule thatcontains a syntax error?

A. The ProxySG changes the transaction status to Deny and makes an entry in the event log.B. The ProxySG stops processing of the layer containing the rule and continues with the next layer, if any.C. The ProxySG skips the rule and does not change the accept or deny status of the transaction.D. This cannot happen.



QUESTION 108When the ProxySG processes a client request to a server that requires a client certificate, from where doesthe ProxySG obtain the certificate during transaction processing?

A. From the server.B. From a certificate store on the ProxySG.C. From the client.



QUESTION 109If a mobile client is using ProxyClient and sends traffic through a ProxySG, which content filtering policyhas priority?

A. The policy on the ProxyClient.B. It depends on whether any policy has been installed on the ProxySG to disable ProxyClient content

filtering on that transaction.C. The policy that is evaluated last.D. The policy on the ProxySG.E. The policy that is evaluated first.

Correct Answer: ACSection: (none)Explanation


QUESTION 110Where does ProxySG object caching usually result in the most bandwidth savings?

A. On the server side.B. On the client side.



References:

QUESTION 111When a URL-based trigger is used in CPL, the compiler analyzes the source to determine the mostefficient trigger to achieve the desired result.

A. TrueB. False



QUESTION 112A <cache>policy layer in CPL can best be implemented in which type of VPM layer?

A. Web AuthenticationB. CacheC. Web ContentD. This function cannot be performed in the VPM.



QUESTION 113After creating CPL in the local policy file, the ProxySG imports the policy into the VPM-CPL file so that itcan be viewed in the Visual Policy Manager.

A. TrueB. False



QUESTION 114If multiple users from different IP addresses have been authenticated as guest users into the sameauthentication realm, how can you distinguish among them in the Management Console display of currentlylogged-in users?

A. The ProxySG automatically appends a sequential number to each successive guest login from adifferent IP address.

B. When creating policy to authenticate guest users, use variable substitutions such as IP addresses toform part of the guest username.

C. You cannot do this.



References:

QUESTION 115Name two settings that can be configured in a forwarding group to define which hosts in the group receivetraffic. (Select all that apply)

A. RedirectionB. Host affinityC. Fail open or closedD. Load balancing

Correct Answer: ADSection: (none)Explanation


QUESTION 116What is the pre-defined username that can be used to allow guest users to access content via theProxySG?

A. guestB. guest_$ip, where $ip is the client's IP address.C. userD. user_$ip, where $ip is the client's IP address.E. There is no pre-defined guest user.



QUESTION 117http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will thetrigger url.extension=htm match or miss?

A. MatchB. Miss



QUESTION 118If a CPL rule is not part of a policy layer, when is it processed?

A. Before any layers are processed.B. After all layers are processed.C. This cannot happen. All rules must be part of a layer.



QUESTION 119How can you instruct the ProxySG to disregard the HTTP request header Pragma: no-cache?

A. By deselecting the Action object setting "Parse pragma-no-cache meta tag" in the VPM.B. By changing the HTTP proxy Acceleration Profile settings in the Management Console.C. By deselecting the HTTP proxy setting "Parse pragma-no-cache meta tag" in the Management

Console.D. You cannot do this.



QUESTION 120When a <proxy> policy layer has set one or more actions to yes, when are these actions performed?

A. At the end of policy processing, in the order they were encountered.B. In order when they are encountered during policy processing.C. Depending on the transaction, not all such actions are necessarily taken.D. At the end of policy processing, in the reverse order they were encountered.



QUESTION 121How can you test whether an authentication realm has been properly configured on the ProxySG withoutrequiring valid user credentials?

A. The Test Configuration button in the Management Console for this realm.B. The realm browser in the VPM.C. You cannot do this.



QUESTION 122In a network with three ProxySG appliances using IWA realms with BCAAA, what is the minimum numberof BCAAAs that must be deployed, independent of performance considerations?

A. OneB. ThreeC. None of the above.



QUESTION 123When SGOS processes a client HTTP request, how is a client worker started?

A. By the SGOS cache administrator process.B. By a retrieval worker.C. By a server worker.



QUESTION 124By default, are proxy transactions allowed or denied?

A. YesB. NoC. The answer depends on the default proxy policy setting.



QUESTION 125By, default is a Forwarding layer in the VPM processed before or after a Web Access layer?

A. BeforeB. After



QUESTION 126Policy that is written in CPL to control ProxySG forwarding should be placed in which policy file?

A. Forward policy file.B. Threat protection policy file.C. Local policy file.D. Central policy file.E. The answer depends on the processing order configured in the Management Console.



QUESTION 127The HTTP request header Pragma: no-cache performs the same function as what other header?

A. Cache-control: no-cacheB. Cache-control: cache=noneC. GET If-Modified-SinceD. None of the above



QUESTION 128By default, which standard keyring is used to authenticate a ProxySG to other devices?

A. authentication-keyB. defaultC. appliance-keyD. default-untrusted



QUESTION 129When analyzing an authentication error, which of these diagnostic tools provides the most detailedinformation about the protocol-level messages among the client, the ProxySG, and the authenticationserver?

A. Packet capturesB. Policy tracesC. Access logsD. Event logs



QUESTION 130What does this CPL layer do?

A. Sets the transaction status to Allow for all users who have the group attribute of Administrators.B. This policy contains a syntax error and cannot be installed.C. Nothing.D. Sets the group attribute of Administrators for all users whose transactions are allowed.



QUESTION 131Perl statements can be included into CPL code as part of policy processing.

A. TrueB. False



QUESTION 132Is SGOS a 32-bit or 64-bit operating system?

A. 32-bitB. 64-bitC. Either, depending on the model of ProxySG on which it runs



QUESTION 133The ProxySG simultaneously opens multiple server connections to retrieve objects referenced on a webpage before the client actually issues the requests for those objects. This statement best describes whichProxySG caching technique?

A. PipeliningB. Asynchronous adaptive refreshC. Popularity contestD. Cost-based deletion



QUESTION 134In CPL, using the define category construct with a list of 1,000 URLs usually produces more efficient codethan explicitly specifying each individual URL as a separate test.

A. TrueB. False



Explanation:

QUESTION 135In a hybrid configuration using the ProxySG in conjunction with the Blue Coat Cloud Service Web SecurityModule, how does the ProxySG determine when content filtering should be processed by the Cloud Serviceand not the ProxySG?

A. The administrator must delete any local policy in the VPM and CPL on the ProxySG.B. Selective forwarding must be configured on the ProxySG.C. The administrator must disable content filtering on the ProxySG.D. This cannot happen; in such a configuration, content filtering is always processed by the ProxySG.



QUESTION 136Which policy file is processed last?

A. Local policy file.B. Threat protection policy file.C. Forward policy file.D. Central policy file.E. The answer depends on the processing order configured in the Management Console.



QUESTION 137What type of SGOS software worker can be invoked to perform pipelining of HTTP requests?

A. Client worker.B. Server worker.C. Retrieval worker.D. SGOS software workers do not perform pipelining of HTTP requests.



QUESTION 138Which standard CA certificate list on the ProxySG is normally used in processing client-server SSLtransactions?

A. appliance-cclB. image-validationC. appliance-keyD. browser-trustedE. default



QUESTION 139When permitting guest authentication, what is one way that can require users to specifically state that theywish to authenticate as a guest?

A. By modifying the standard authentication_failed exception to include a link that users must click beforecontinuing.

B. By specifying a virtual URL that points to a guest authentication page.C. By using Force Authenticate in either the VPM or in CPL.D. By selecting Notify User in the Edit Authenticate Guest Object section of the VPM.



QUESTION 140Can the ProxySG initiate a transaction that does not correspond to a client action?

A. YesB. No



QUESTION 141Objects that require more server-side bandwidth and response time are less likely to be deleted from thecache. This statement best describes which ProxySG caching technique?

A. Popularity contentB. PipeliningC. Cost-based deletionD. Asynchronous adaptive refresh



QUESTION 142True or false: The ProxySG can apply policy to Flash traffic without requiring the installation of an add-onlicense.

A. TrueB. False



QUESTION 143An excessively high internal CPU temperature can be detected and reported by the ProxySG.

A. TrueB. False



QUESTION 144Is it possible to run more than one version of a BCAAA acceptor on a Windows computer?

A. YesB. No



QUESTION 145When ProxyClient is installed on a mobile workstation, from where is the ProxyClient software normallydownloaded?

A. From the Blue Coat Director serving as Client Manager.B. From the ProxySG serving as Client Manager.C. From the nearest available ProxySG.D. From BlueTouch Online.



QUESTION 146When the ProxySG processes a client request to a server that requires a client certificate, how does theProxySG determine which certificate to present to the server?

A. The administrator configures this in the Management Console at Configuration > SSL.B. The ProxySG negotiates with the client.C. The ProxySG negotiates with the server.D. The client sends its certificate to the ProxySG.E. The administrator configures this in policy.



QUESTION 147Which one of these statements is NOT true about the caching architecture of the ProxySG?

A. Objects are first stored in the RAM object cache and are swapped into the disk-based object cache asneeded.

B. Information about a single object in the cache can be viewed from the Management Console or CLI.C. If the same object is cached as a result of being accessed by two different protocols (such as HTTP

and FTP), two objects are stored in the cache.D. The object store uses a directory structure so that objects in the cache can be accessed quickly.



QUESTION 148When using a transparent proxy connection, the ProxySG detects Flash traffic using listeners for whichproxy service by default?

A. External HTTPB. None of the aboveC. RTMPD. Flash



QUESTION 149By default, what method does the ProxySG use to balance traffic load among members of a forwardinggroup?

A. Least connectionsB. Round robinC. None of the above



QUESTION 150When performing anti-virus scanning using Blue Coat appliances, how does the ProxySG determine whatspecific actions to perform for high-performance or maximum-security deployments?

A. In the Configuration > Threat Protection settings of the Management Console.

B. By reading the Threat Protection policy file.C. By querying the configuration of the anti-virus scanning appliance.



QUESTION 151When the ProxySG determines whether a user is a member of an LDAP group, is that consideredauthentication or authorization?

A. AuthenticationB. Authorization



QUESTION 152In which two of these cases must you specify a virtual URL to be used in conjunction with Kerberosauthentication? (Select 2)

A. Transparent proxy connectionB. A redirect authentication modeC. Explicit proxy connectionD. A cookie authentication modeE. An origin authentication mode

Correct Answer: DESection: (none)Explanation


QUESTION 153When performing Kerberos authentication with an explicit proxy connection, the hostname in the proxyconfiguration of the web browser must be which of the following?

A. A hostname that DNS-resolves to the IP address of the BCAAA computer.B. A hostname that DNS-resolves to the IP address of the ProxySG.C. The hostname of the domain controller.



QUESTION 154Name two settings that can be configured in a forwarding group to define which hosts in the group receivetraffic. (Select all that apply)

A. Load balancingB. Fail open or closedC. Host affinityD. Redirection

Correct Answer: ADSection: (none)Explanation


QUESTION 155If cookie surrogates are used with a user agent that does not support cookies, how does the ProxySGrespond?

A. The ProxySG repeatedly tries to authenticate until the user agent gives up, and authentication is notsuccessful.

B. The ProxySG automatically switches to an IP surrogate and retries the authentication.C. The answer depends on whether any other user agents share the same IP address.D. This cannot happen; the ProxySG prevents such policy from being installed.



QUESTION 156On the ProxySG, where can you specify whether a client is permitted to allow an untrusted servercertificate? (Select all that apply)

A. In the VPM.B. In CPL.C. In the Management Console.



QUESTION 157In which types of ProxySG realms does the ProxySG join the Active Directory domain associated with anIWA realm?

A. IWA DirectB. BCAAAC. Both IWA Direct and BCAAAD. Neither IWA Direct nor BCAAA



QUESTION 158Which of these proxy services must be enabled on the ProxySG to allow communication with an SNMPserver?

A. SNMPB. External HTTPC. FTPD. None of the above



QUESTION 159In CPL, which of the following are possible results of a policy processing transaction? (Select all that apply)

A. No match.B. One or more rules match, changing property value(s).C. One or more actions are invoked.



QUESTION 160Which policy file is processed first?

A. Central policy file.B. Forward policy file.C. Local policy file.D. Threat protection policy file.E. The answer depends on the processing order configured in the Management Console.



QUESTION 161When a ProxySG is configured to use authentication mode auto with Kerberos credentials and atransparent proxy connection, which actual mode is typically used?

A. Origin cookieB. Origin IP redirectC. Origin cookie redirectD. Origin IPE. None of the above



QUESTION 162Where do you most appropriately configure the ProxySG to decide whether to authenticate guest users?

A. In the CLI.B. In the Management Console.C. In policy.



QUESTION 163NTLM credentials or Kerberos credentials: Which credentials typically require more trips between theProxySG and the domain controller?

A. NTLM credentialsB. Kerberos credentials



QUESTION 164By default, how often is the standard SSL trust package updated?

A. Once every hour.B. Once every day.C. Once every seven days.D. Once every 30 days.



QUESTION 165Name two ways by which the ProxySG can determine that a DDOS attack is in progress. (Select2)

A. Excessive number of requests from a specific server.B. Excessive number of HTTP connections from a specific client.C. The ProxySG becomes unable to communicate with its configured DNS server(s).D. Sustained bandwidth utilization at or near 100%.



QUESTION 166How must you configure the RTMP proxy service to process Flash traffic originating at youtube.com?

A. Enable HTTP handoff on the Flash proxy on the ProxySG.B. Enable Detect Protocol on the External HTTP proxy service.C. Write policy in the VPM or CPL to direct traffic from youtube.com to the RTMP proxy service.D. You cannot do this.



QUESTION 167What information is stored in a policy trace for a transaction processed by a proxy service that is set toBypass? (Select all that apply)

A. Client IP address.B. Destination IP address.C. Proxy service name.D. All policy statements that are evaluated and match.E. All policy statements that are evaluated and miss.F. None of the above; no entry is recorded in the policy trace.

Correct Answer: ABCSection: (none)Explanation


QUESTION 168Which of these aspects of ProxySG behavior cannot be controlled by CPL? (Select all that apply)

A. Initiate a packet capture.B. Initiate a health check.C. Cache content.D. Perform user authentication.E. Perform access logging.F. Control client access to web resources.

Correct Answer: DEFSection: (none)Explanation


QUESTION 169A Web Authentication layer in the VPM can be best implemented in which type of policy layer in CPL?

A. <cache>B. <authenticate>C. <proxy>



QUESTION 170What happens when a disk is removed from a ProxySG while it is running?

A. Subsequent requests to objects that were cached on the removed disk will fail.B. The objects on the removed disk are automatically remapped to the remaining disks and are

immediately refetched from the appropriate content servers.C. The objects on the removed disk are automatically remapped to the remaining disks and are refetched

from the appropriate content servers the next time they are requested.D. All subsequent transactions to that ProxySG either fail open or fail closed, depending on configuration,

until the disk is replaced.



QUESTION 171Which one of these statements is NOT true about the ProxySG object cache?

A. It is stored as a hash table, not a traditional filesystem.B. The first chunk of any object can be retrieved in a single disk-read operation.C. Objects with similar URLs are usually located next to each other so that accessing related objects in a

sequence is faster.D. Performance does not deteriorate when the cache is 100% full.



QUESTION 172In CPL, what is the difference between Allow and OK?

A. An Allow is final and cannot be reversed by subsequent policy processing.B. An OK is final and cannot be reversed by subsequent policy processing.C. Allow changes the current state of the transaction; OK makes no change.D. There is no difference.



QUESTION 173In Kerberos authentication that uses BCAAA, which two entities negotiate the shared key that is usedduring the authentication? (Select 2)

A. BCAAAB. The domain controllerC. The clientD. The origin content serverE. The ProxySG



QUESTION 174Which of these must be specified on a ProxySG to enable its access logs to be used by Blue CoatReporter? (Select all that apply)

A. The IP address or hostname of the computer on which Reporter is running.B. An upload schedule.C. An upload client.D. An FTP server to receive the logs.



QUESTION 175Which authentication mode is generally more secure: Origin IP or Origin Cookie?

A. Origin IPB. Origin Cookie



QUESTION 176Which level(s) of global policy trace contain information about proxy transactions? (Select all that apply)

A. Trace proxy traffic policy execution.B. Trace all policy execution.C. Global policy traces do not contain information about proxy transactions.



QUESTION 177A global policy trace can be invoked from which two of these sources? (Select 2)

A. Management ConsoleB. CLIC. VPMD. CPL



QUESTION 178http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will thetrigger url.scheme=http match or miss?

A. MatchB. Miss



QUESTION 179When will a policy trace report a rule processing result of "N/A"?

A. When the layer containing the rule is disabled.B. When the rule makes no sense for the specific transaction being processed.C. When the rule is not reached during evaluation.



QUESTION 180When a user has credentials in an IWA realm and already has been authenticated into that realm, whathappens when CPL code directs that user to be authenticated as a guest?

A. Nothing; they continue to be logged in with their credentials.B. They are logged in as a guest and will show in the Management Console as being logged in twice.C. They are logged out from their previous credentials and are logged in as a guest.



QUESTION 181If you wish to use an SSL trust package other than the one that is supplied by Blue Coat, how do youconfigure the ProxySG to use the alternate package?

A. Specify a download URL at Configuration > SSL > External Certificates.

B. In the CLI with the configuration-mode command ssl edit trust.C. Specify a download URL at Configuration > SSL > Device Profiles.D. You cannot do this.



QUESTION 182Which one of these statements best describes how the ProxySG locates an object in its cache?

A. The ProxySG performs a hash against the URL of the object and uses the hash as the basis for alookup into the table of cached objects.

B. The ProxySG uses the hostname in the object's URL to determine in which cache directory the object islocated.

C. The ProxySG uses the first 32 bytes of the object's URL to determine in which cache directory theobject is located.



QUESTION 183Is it must the ProxySG use BCAAA to perform user authentication to an IWA realm?

A. Yes.B. No.C. It depends on whether that realm has been configured on the ProxySG to be an IWA Direct realm or a

BCAAA realm.



QUESTION 184The ProxySG compiles CPL code at installation time and performs optimizations that might not have beenwritten into the code.

A. TrueB. False



QUESTION 185Organize these CPL components into descending order based on how they are organized in policy.

A. Triggers, conditions, rules, layers.B. Layers, conditions, rules, triggers.C. Layers, rules, conditions, triggers.D. Layers, rules, triggers, conditions.



QUESTION 186Which one of these regular expressions will match a URL that uses either HTTP or HTTPS?

A. ^https?B. 2https?C. [http][https]D. http[s]



QUESTION 187In a cookie in the user's web browser, in a ProxySG authentication cache, or on the authentication server:Where are surrogate authentication credentials stored?

A. On the authentication server.B. In a cookie in the user's web browser.C. In a ProxySG authentication cache.



QUESTION 188http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123

For the above URL, will the trigger url.host=bluecoat.com match or miss?

A. MatchB. Miss



QUESTION 189Can you simultaneously use policy created in the VPM and written in CPL?

A. YesB. No



QUESTION 190http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will thetrigger url.path=products/proxysg match or miss?

A. MatchB. Miss



QUESTION 191Which type of SGOS worker performs most transactions with an authentication server?

A. Policy workerB. HTTP workerC. AAA worker




braindumps bccpp 191q - gratis exam - convert … · in regards to authentication the proxysg does...

Documents