Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SNCF 300-710 2022 > Chapter 13. Domain Name System (DNS) Policy > Flashcards

Chapter 13. Domain Name System (DNS) Policy Flashcards

1
Q
  1. Which of the following actions can detect a harmful domain without interrupting traffic flow?

A. Domain Not Found

B. Do-Not-Block List

C. Block List

D. Monitor

A

D. The monitor action allows a packet to go through a threat defense; however, it can log the packet transfer as an event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following actions sends an address of a spoofed DNS server?

A. Domain Not Found

B. Sinkhole

C. Monitor

D. Drop

A

B. A sinkhole is configured to respond with a spoofed DNS server address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following statements is incorrect?

A. Sinkhole configuration requires a unique type of sinkhole object.

B. A DNS policy requires a threat license.

C. A threat defense downloads the latest Cisco intelligence feed directly from the Cisco cloud.

D. The management center supports the blocking of custom domain lists.

A

C. A threat defense does not download the intelligence feed; the management center downloads the feed and deploys it to its managed threat defense devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following options can expedite the enforcement of a new DNS policy?

A. Clearing the DNS cache of the client and server manually.

B. Disabling the DNS caching on the local workstations by the system administrator.

C. Positioning a threat defense between the local-area network (LAN) and the DNS server.

D. All of these answers are correct.

A

D. All of these answers are correct. These options can help expedite the enforcement of a new DNS policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which license is necessary to configure and deploy a DNS policy on Secure Firewall?

A. Threat license

B. Malware license

C. DNS license

D. No additional license is necessary. This is a basic firewall functionality; you can enable a DNS policy out of the box.

A

A. A threat license is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following statements is true about a DNS policy?

A. A new DNS policy comes with two built-in rules: Global Do-Not-Block List for DNS and Global Block List for DNS.

B. The default DNS policy is modifiable but not removable.

C. A DNS policy needs to be invoked within an access control policy to activate it on a threat defense.

D. All of these answers are correct.

A

D. All of these answers are correct. They are true for a DNS policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following directories stores the files related to a DNS policy?

A. /var/sf/sidns_intelligence

B. /var/sf/sidns_download

C. /var/log/sidns_policy

D. /var/log/sidns_list

A

B. The DNS policy-related configurations are stored at /var/sf/sidns_download.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SNCF 300-710 2022 (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions