Aindumps BCCPP v2015!03!19 by Arvid 191q

Braindumps BCCPP 191q
Number: BCCPP
Passing Score: 800
Time Limit: 120 min
File Version: 22.5
http://www.gratisexam.com/
BCCPP
Blue Coat Certified Proxy Professional, V4.2
This is my first share of braindumps questions. Very helpful study center it is. Best Testing VCE it is.
Exam A
QUESTION 1
Which of the following are true when attempting to deny access to file types?
A. MIME type objects are matched against the Content-type request header; File Extension objects are
matched against the GET response header; Apparent Data Type objects are matched against request
data.
B. MIME type objects are matched against the Content-type response header; File Extension objects are
matched against the GET request header; Apparent Data Type objects are matched against response
data.
C. MIME type objects are matched against the Content-encoding response header; FileExtension objects
are matched against the GET request header; Apparent Data Type objects are matched against
response data.
D. MIME type objects are matched against the Content-type response header; File Extension objects are
matched against the GET request header; Apparent Data Type objects are matched against request
data.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which of the following steps have to be performed to support Kerberos Authentication? (Choose all that
apply)
(a) A virtual URL that resolves to the IP of the ProxySG. (b) Registering the BCAAA as a Service Principal
Name.
(c) Configuring IWA Realm.
(d) Configuring Explicit Proxy.
A.
B.
C.
D.
All of the above

None of the above
a, b & c only
b, c & d only
Correct Answer: D
Section: (none)
Explanation
QUESTION 3
The ProxySG acts as both an ICAP client and ICAP server.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 4
Which of the following statements are true about ProxySG Protocol Detection feature? (Choose all that
apply)
(a) Protocol detection is performed on the server's response. (b) Protocol detection is performed on the
client's request. (c) Enabling Detect Protocol option will automatically enable early intercept attribute in
proxy services.
(d) Protocol detection is performed by looking at the TCP port number.
A.
B.
C.
D.
a & b only
b & c only
c & d only
ALL of the above
Correct Answer: D
Section: (none)
Explanation
QUESTION 5
Which of the following statements are true about dynamic bypass list? (Choose all that apply) (a)
Configured polices will not be enforced on client request if the request matches an entry in the bypass list.
(b) Dynamic bypass entries are lost when ProxySG is restarted (c) If request made to a site in a forwarding
policy is in the bypass list, the site is inaccessible (d) Dynamic bypass parameters can be configured on
Management Console and CLI.
A.
B.
C.
D.
All of the above

a, b & c only
b, c & d only
a, c & d only
Correct Answer: B
Section: (none)
Explanation
QUESTION 6
You can NOT use a self-signed certificate when intercepting SSL traffic.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 7
Which method of controlling downloads of certain file types works fastest on ProxySG?
A. Apparent Data Type

B. MIME Type
C. File extension
Correct Answer: C
Section: (none)
Explanation
QUESTION 8
A cookie without an expire value will___
A. last until the client cleats cookies from the browser
B. last until the client closes the browser session
C. last until the client logs off
Correct Answer: B
Section: (none)
Explanation
QUESTION 9
The Content-encoding header is used to declare the MIME type and compression method used in a HTTP
response.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 10
Which of the following are obvious advantages of having a ProxySG deployed in a Reverse Proxy
environment? (Choose all that apply)
(a)The ProxySG has built in DOS protection to guard the actual web server from denial-ofservice attacks
(b) Increased performance with caching provides an improved Web Experience (c) Consistent default
behavior of cache expiration and validation directives (d) SSL termination on ProxySG allow SSL
offloading, therefore eliminating bottleneck on the web server side.
A.
B.
C.
D.
All of the above

a, b & c only
a, b & d only
b, c & d only
Correct Answer: C
Section: (none)
Explanation
QUESTION 11
Which client deployment methods support the 407 Proxy Authentication Required response code? (Choose
all that apply)
(a) Proxy Auto Configuration files
(b) WCCP
(c) Proxy settings in browser
(d) Inline Bridging
A.
B.
C.
D.
E.
a & b only
b & c only
c & d only
a & c only
All of the above
Correct Answer: D
Section: (none)
Explanation
QUESTION 12
After creating CPL in the local policy file, the policy is imported into the VPM CPL file so that it can be
viewed through the Visual Policy Manager.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 13
ProxySG is configured to permit error but guest authentication is not configured. What will happen to a user
who initiates a connection to the Internet?
A.
B.
C.
D.
The user will receive an error notifying unsuccessful authentication.

The user will be allowed to proceed as a guest user.
The user will be allowed to proceed as unauthenticated.
The user will receive an error notifying Access Denied.
Correct Answer: A
Section: (none)
Explanation
QUESTION 14
What are the two functions of configuring forwarding in ProxySG? (Choose all that apply)
A.
B.
C.
D.
To accelerate application
Reverse Proxy
To support Proxy Chaining
To intercept SSl
Correct Answer: CD
Section: (none)
Explanation
QUESTION 15
When a ProxyClient setup file is manually on a client's computer, what data transfer takes place before
ProxyClient is installed?
A. ProxyClient setup program is self-contained; there is no data transfer necessary in order to complete
the installation of the ProxyCinent
B. ProxyCilent setup program cause download of the most recent updates from a public download site
https://hypersonic.bluecoat.com/.
C. ProxyClient setup program transfers data form Client Manager ProxySG appliance before it can install
successfully.
D. ProxyClient setup program transfers data form the AND manager (or backup AND manager) ProxySG
appliance before it can install successfully.
Correct Answer: C
Section: (none)
Explanation
QUESTION 16
Health checks are automatically created under which scenarios? (Choose all that apply) (a) When a
forwarding host is created.
(b) When a failover group is created.
(c) When the DRTR is enabled.
(d) When a SOCKS gateway is created.
A.
B.
C.
D.
a, b & c only
a, c & d only
b, c & d only
All of the above
Correct Answer: B
Section: (none)
Explanation
QUESTION 17
At which checkpoint does the rewrite () perform the TWURL modification?
A.
B.
C.
D.
Client In
Client Out
Server In
Server Out
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
In regards to authentication the ProxySG does not support origin-redirects with CONNECT method.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 19
Which statement is correct about WWW-Authenticate header?
A. It is request header used only with Basic Authentication to send username and password to a proxy or
a Web server
B. It is a request header used to send credentials
C. It is a response header used with HTTP 401 status code to negotiate method of authentication and
send NTLM challenge to the client.
Correct Answer: B
Section: (none)
Explanation
QUESTION 20
The authentication mode origin-ip-redirect allows an administrator to assign a Time To Live (TTL) for the
surrogate credentials. Meanwhile the authentication mode origin-cookie-redirect does not provide this
feature.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 21
When configuring forwarding in PoxySG, what are the possible load balancing methods? (Choose all that
apply)
(a) Round Robin
(b) Fastest ICMP Reply
(c) Least Connections
(d) Least Delay
A.
B.
C.
D.
a & c only
b & d only
a & d only
b & c only
Correct Answer: A
Section: (none)
Explanation
QUESTION 22
ICAP responses may be cached on a ProxySG, i.e, for some Web requests ICAP processing may be
completed without involving ProxyAV
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 23
When implementing failover with ProxySG appliances, configurations and policies on the master are
automatically replicated to members of the failover group.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 24
ProxySG can cache videos played by Adobe Flash based video player (e.g. on YouTube) as HTTP objects.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 25
What is the meaning of the metacharacter * (asterisk) in regular expressions?
A.
B.
C.
D.
escape character
any character except newline
zero or character
zero or more characters
Correct Answer: D
Section: (none)
Explanation
QUESTION 26
Which of the following authentication mode will allow you to visibly challenge the user upon inactivity
timeout? (Choose all that apply)
(a) Form based authentication

(b) Cookie Surrogate
(c) IP surrogate
(d) Session based surrogate a & b only
A.
B.
C.
D.
E.
a & b only
b & c only
c & d only
d & a only
All of the above
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
Which of the following are the benefits of using Bandwidth Management with the ProxySG (Choose all that
apply)
(a) Ensuring mission critical application receives minimum amount of bandwidth (b) Compressing certain
type of traffic classes before transmitting it over the WAN (c) Prioritizing certain traffic classes
(d) Rate limiting application to prevent "hogging" of network bandwidth.
A.
B.
C.
D.
a, b & c only
a, b & d only
a, c & d only
All of the above
Correct Answer: C
Section: (none)
Explanation
QUESTION 28
At which checkpoint does the rewrite_url_prefix perform the TWURL modification?
A.
B.
C.
D.
Client In
Client Out
Server In
Server Out
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
Which of the following options are configured when implementing failover on ProxySG appliances?
(Choose all that apply)
(a) Multicast address for advertisements
(b) Relative Priority
(c) Virtual MAC address
(d) Group Secret to hash information sent in multicast announcements
A.
B.
C.
D.
a, b & c only
b, c & d only
a, b & d only
All of the above
Correct Answer: C
Section: (none)
Explanation
QUESTION 30
Hostname of the BCAAA= serverl
DNS suffix =bluecoat.com
Hostname of the Bluecoat SG = sgo1
Referring to the above information, what is the correct syntax for the SPN command in the Domain
Controller?
A.
B.
C.
D.
setspn-A HTTP/serverl.bluecoat.com sg01

setspn-L HTTP/serverl.bluecoat.com sg01
setspn-A HTTP/sg01.bluecoat.com server1
setspn-D HTTP/serverl.bluecoat.com sg01
Correct Answer: C
Section: (none)
Explanation
QUESTION 31
In ProxyAV anti-virus scanners are____
A.
B.
C.
D.
multiple parallel threads sharing the same code and the same address space
multiple parallel processes not sharing the same address space
asynchronous calls to remote scanner hardware
synchronous procedure calls within ProxyAV
Correct Answer: B
Section: (none)
Explanation
QUESTION 32
Which of the following options are configured when implementing failover on ProxySG appliances?
(a) Multicast address for advertisements
(b) Relative Priority
(c) Virtual MAC address
(d) Group Secret to hash information sent in multicast announcements
A.
B.
C.
D.
All of the above

a, b & c only
a, b & d only
b, c & d only
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
The ProxySG ICAP implementation is fully compatible with which of the following applications?
(a) Finjan SurfinGate
(b) Webwasher
(c) AntiVirus Scan Engine (SAVSE)
(d) Trend Micro InterScan
A.
B.
C.
D.
a & b only
b & c only
c & d only
All of the above
Correct Answer: D
Section: (none)
Explanation
QUESTION 34
Which statement is correct about Proxy-Authorization header?
A. It is a response header used by a proxy to negotiate parameters of the credential exchange and to send
challenge to the client
B. It is a request header used to pass client's credentials to a proxy server
C. It is a response header used by an upstream proxy to ask for credentials from a downstream proxy or
user agent
Correct Answer: B
Section: (none)
Explanation
QUESTION 35
While configuring Blue Coat directory, what is an Overlay?
A. A few selected setting used to replace some of the configuration in ProxySG.
B. A snapshot of all the configuration in ProxySG.
Correct Answer: A
Section: (none)
Explanation
QUESTION 36
CPL is required when creating which types of policy?
A. Two-Way URL rewrites
B. Policy that utilizes layer guards
C. Policy that involves local users and groups

Correct Answer: C
Section: (none)
Explanation
QUESTION 37
Which of the following statements are true about Bandwidth Management Hierarchies and Priorities?
(a) Child classes can have children of their own.
(b) If no limit is set, packets are sent as soon as they arrive. (c) Priorities are set to a class to give
precedence over other classes. (d) If there is excess bandwidth, the child class will always get the first
opportunity to use it.
A.
B.
C.
D.
a, b & c only
a, b & d only
b, c & d only
All of the above
Correct Answer: A
Section: (none)
Explanation
QUESTION 38
Which method of controlling downloads of certain file types has the LOWEST efficiency in terms of
response time, bandwidth use and execution time on ProxySG
A. Apparent Data Type
B. MIME Type
C. File extension
Correct Answer: A
Section: (none)
Explanation
QUESTION 39
Bandwidth minimum does not work in an explicit deployment model.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
Which authentication realm is NOT supported for authenticating administrators to the management
console?
A.
B.
C.
D.
E.
IWA
Radius
Local
Sequence
All the above are supported
Correct Answer: E
Section: (none)
Explanation
QUESTION 41
If a user can not be derived through the Window SSO realm, then the client will .
A.
B.
C.
D.
be prompted with an authentication dialog box to provide credentials.

receive an authentication error from the proxy.
proceed as an unauthenticated user.
receive an authentication form from the proxy to provide credentials.
Correct Answer: C
Section: (none)
Explanation
QUESTION 42
In which of the following ways can Access Logging be enabled? (Choose all that apply.) (a) By a CLI
command
(b) In the Management Console under Access Logging (C) By adding another layer to VPM policy
A.
B.
C.
D.
a & b only
a & c only
b & c only
All of the above
Correct Answer: C
Section: (none)
Explanation
QUESTION 43
Which of the following cashing techniques utilize retrieval workers to keep the contents of the cache fresh?
(Choose all that apply.)
(a) Cost-based Deletion
(b) Asynchronous Adaptive Refresh
(c) Popularity Contest
A.
B.
C.
D.
a & b only
b & c only
All of the above
b only
Correct Answer: D
Section: (none)
Explanation
QUESTION 44
Which server certificate validation errors can be ignored within ProxySG policy? (Choose all that apply)
(a) Untrusted issuer
(b) Host name mismatch
(c) Expiration
A.
B.
C.
D.
a & b only
b & c only
a & c only
All of the above
Correct Answer: D
Section: (none)
Explanation
QUESTION 45
When configuring Blue Coat Director, how can an administrator be authenticated? (Choose all that apply.)
(a) Local configured accounts and password
(b) RADIUS
(c) IWA
(d) TACACS+
A.
B.
C.
D.
All of the above

a, b & c only
a, c & d only
a, b & d only
Correct Answer: D
Section: (none)
Explanation
QUESTION 46
Log format variable rs(Content-Type) always refers to Content-type header value sent from the proxySG to
the client.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 47
Which of the following Health Checks can be defined for a forwarding host? (Choose all that apply)
(a) ICMP
(b) TCP
(C) HTTP
(d) HTTPS
A.
B.
C.
D.
E.
a & b only
b & c only
c & d only
a & d only
All of the above
Correct Answer: E
Section: (none)
Explanation
QUESTION 48
Which of the following is NOT true about global and per-rule policy tracing?
A. Each object processed by the ProxySG generates an entry in the global policy trace and appears in a
rule-based trace if the object triggers a rule.
B. Global policy tracing may severely affect the performance of a production ProxySG.
C. You can enable global tracing through the Management Console or CLI.
D. You can enable per-rule tracing through the Management Console.
Correct Answer: D
Section: (none)
Explanation
QUESTION 49
The ProxySG policy engine allows an administrator to create policy based on any MIME type, File
Extension or File Signature (first bytes in the response body).
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 50
Which of the following access log formats are supported by the ProxySG? (Choose all that apply)
(a) ELFF
(b) SQUID
(c) Websense
(d) NCSA
A.
B.
C.
D.
E.
a, b & c only
a, b & d only
a, c & d only
b, c & d only
All of the above
Correct Answer: E
Section: (none)
Explanation
QUESTION 51
By default, what type of authentication challenge will the user-agent receive if the authentication node is set
to AUTO?
A.
B.
C.
D.
E.
proxy-ip for explicit and transparent clients

proxy for explicit and origin-cookie-redirect for transparent clients
proxy for explicit and transparent clients
proxy-ip for explicit and origin-ip-redirect for transparent clients
proxy for explicit and proxy-ip for transparent
Correct Answer: E
Section: (none)
Explanation
QUESTION 52
Which types of requests are likely to be served the fastest?
A.
B.
C.
D.
E.
TCP_MISS
TCP_NC_MISS
TCP_HIT
TCP_MEM_HIT
TCP_RESCAN_HIT
Correct Answer: E
Section: (none)
Explanation
QUESTION 53
When a TCP health check responds as "healthy" then, .
A.
B.
C.
D.
the SG is able to successfully establish a TCP handshake to the upstream device.

the SG is able to successfully resolve the hostname of the upstream device.
the SG is able to successfully connect to the upstream device on port 80.
the SG is able to successfully ping the upstream device.
Correct Answer: B
Section: (none)
Explanation
QUESTION 54
What are the possible ways of creating bandwidth classes? (a) Using Management Console
(b) Defining them in a JavaScript file and uploading it to ProxySG (c) Using CLI
A. a & b only
B. a & c only
C. b & c only
D. All of the above
Correct Answer: B
Section: (none)
Explanation
QUESTION 55
What are the two main functions of configuring forwarding in ProxySG? (Choose all that apply) (a) To
accelerate application
(b) Reverse Proxy
(c) To support Proxy Chaining
(d) To intercept SSL
A.
B.
C.
D.
a & b only
b & c only
c & d only
d & a only
Correct Answer: B
Section: (none)
Explanation
QUESTION 56
Which authentication modes would result in a user-agent receiving a HTTP 401-Unauthorized status codes
from the proxy? (Choose all that apply) (a) origin-ip-redirect
(b) proxy-ip
(c) origin-cookie
(d) form-cookie-redirect
A.
B.
C.
D.
E.
a & b only
a & c only
b & c only
c & d only
None of the above
Correct Answer: B
Section: (none)
Explanation
QUESTION 57
What is the meaning of the metacharacter? (question mark) in regular expressions?
A.
B.
C.
D.
escape character
any character except newline
zero or one character
zero or more characters
Correct Answer: C
Section: (none)
Explanation
QUESTION 58
Which of the following steps are not required when configuring a transparently deployed ProxySG to
intercept HTTPS traffic?
A.
B.
C.
D.
Create a SSL intercept layer in the VPM.

Enable a SSL service on port 443.
Assign a key ring to the SSL proxy.
Create a SSL access layer in the VPM.
Correct Answer: B
Section: (none)
Explanation
QUESTION 59
Apparent Data Type objects can be created in the VPM for which of the following file types? (Choose all
that apply)
(a) Windows DLL
(b) Windows Exe
(c) Windows Ocx
(d) Windows Cab
A.
B.
C.
D.
a, b & c only
b, c & d only
a, c & d only
All of the above
Correct Answer: D
Section: (none)
Explanation
QUESTION 60
What type of authentication challenge is issued when using the Policy Substitution Realm?
A.
B.
C.
D.
407 proxy Authentication Required

401 Unauthorized
No challenge will be issued
Not enough information to determine the answer
Correct Answer: C
Section: (none)
Explanation
QUESTION 61
A service can be configured to listen in explicit and transparent mode simultaneously.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 62
When configuring reverse proxy with SSL, what are the 3 possible options of ensuring host affinity?
(a) client-ip
(b) ssl-session-id
(c) accelerator-cookie
(d) server-ip
A.
B.
C.
D.
All of the above

b, c & d only
a, c & d only
a, b & c only
Correct Answer: B
Section: (none)
Explanation
QUESTION 63
Which header cannot be sent together with an HTTP 407 status code from the ProxySG?
A.
B.
C.
D.
E.
Proxy-Authenticate: Basic="MyRealm"
Proxy-Authenticate: NTLM="MyRealm"
Proxy- Authenticate: Kerberos="MyRealm"
proxy-Authenticate: Negotiate="MyRealm"
All the above headers can be sent with 407 status code
Correct Answer: D
Section: (none)
Explanation
QUESTION 64
The bcreportermain_v1 access log format has a configurable ordering of fields, and this custom order is
reflected in a log file header.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 65
When a client receives an HTTP 302 response from a server, the client will form a new request based on
the header.
A.
B.
C.
D.
Forward
Cookie
Location
Redirect
Correct Answer: C
Section: (none)
Explanation
QUESTION 66
In a transparent proxy that is intercepting HTTP, how can an administrator allow instant messaging over
HTTP to pass through ProxySG if they do not have IM license on the ProxySG?
A.
B.
C.
D.
By disabling Detect Protocol

By disabling Protocol Handoff in IM
By configuring the proxy services to bypass AOL IM, MSN IM and Yahoo IM services
By disabling early intercept
Correct Answer: B
Section: (none)
Explanation
QUESTION 67
In explicit proxy, what will happen to a connection that is made when there is no such service running in the
ProxySG?
A.
B.
C.
D.
Connection will be intercepted.

Connection will be rejected.
Connection will by be bypassed.
Connection will be forwarded.
Correct Answer: C
Section: (none)
Explanation
QUESTION 68
Which of the following methods can the Windows SSO utilize to derive a user name? (Choose all that
apply)
(a) Domain Controller Querying
(b) Direct Client Querying
(c) Direct Client Querying, if unsuccessful then Domain Controller Querying (d) Domain Controller
Querying, if unsuccessful then Direct Client Querying
A.
B.
C.
D.
a & b only
a & c only
b & c only
b & d only
E. All of the above

Correct Answer: D
Section: (none)
Explanation
QUESTION 69
Which statement is correct about Proxy-Authenticate header
A. It is sent by the proxy every time when a HTTP 407 status code is sent
B. It is used by a browser to pass credentials to a proxy
C. It is used by both client and proxy to negotiate the method of credential exchange
Correct Answer: A
Section: (none)
Explanation
QUESTION 70
Who plays the role of the trusted third party, when client and server communicate via Kerberos?
A.
B.
C.
D.
NTLM (NT LAN Manager)

KDC (Key Distribution Center)
PKI (Public Key Infrastructure)
SSL Certificate Authority
Correct Answer: B
Section: (none)
Explanation
QUESTION 71
Log format variable s-ip always refers to
A. IP address of the HTTP request client
B. IP address of the original content server
C. IP address of the ProxySG to which client has established a connection
Correct Answer: C
Section: (none)
Explanation
QUESTION 72
What is a precondition for using L2 MAC rewrite with WCCP?
A. The LAN where WCCP router and ProxySG are located should use IPv6
B. No forwarding should be defined for ProxySG
C. ProxySG and router should be in the same broadcast domain
Correct Answer: C
Section: (none)
Explanation
QUESTION 73
A policy trace can be enabled for any layer type.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 74
Which regular expression should you test against a URL to match both http and https schemes?
A.
B.
C.
D.
2https?
[http][https]
^https?
http[s]
Correct Answer: C
Section: (none)
Explanation
QUESTION 75
The ProxySG is intercepting Flash traffic. Client A requests an on-demand 100MB Flash video and
watches the first 50MB of it before terminating the media player. Client B requests the same on-demand
Flash video, starts at the 25MB mark, and plays the remainder of the video. In normal conditions without
any policy specifically controlling caching, how is the video served to Client B?
A. The portion from 25MB to 50MB is served from the ProxySG cache, and the remainder is retrieved
from the content server and is cached on the ProxySG.
B. The entire video is retrieved from the content server and is cached on the ProxySG.
C. The portion from 25MB to 100MB is retrieved from the content server and is cached on the ProxySG.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 76
Is it possible to run more than one version of a BCAAA processor on a Windows computer ?
A. Yes
B. No
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 77
Where can you get the SNMP MIBs for the version of SGOS running on your ProxySG?
A. BlueTouch Online.
B. At https://proxyIPaddr:8082/mibs, where proxyIPaddr is the IP address of your ProxySG.
C. From the vendor of your network management software.
https://kb.bluecoat.com/index?page=content&id=FAQ718&actp=RSS
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 78
In an SSL transaction in which the server's certificate is not from a trusted authority, which entity generates
the warning that is displayed in a web browser?
A.
B.
C.
D.
The web browser.

The server.
The ProxySG.
The answer depends on how the ProxySG has been configured.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 79
When Blue Coat Director is used to manage a ProxySG, which one of these methods can Director use to
prevent unexpected changes from being made directly on the ProxySG?
A. Director changes the administrative passwords on the ProxySG to secret, random values.
B. Director disables the serial port interface to the ProxySG.
C. Director disables the Management Console on the ProxySG.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 80
When authenticating a guest user in an LDAP realm, which of these CPL properties would best be used to
specify that the guest user should be part of the pre-defined LDAP group MobileUsers?
A.
B.
C.
D.
authorize.guest(group=MobileUsers)
authorize.add_group(MobileUsers)
authorize.guest(MobileUsers)
authorize.add_group(guest:MobileUsers)
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 81
http://www.bluecoat.com/index.html?user=bobkent
For the above URL, will the trigger url.regex=!\.html$ match or miss?
A. Match
B. Miss
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 82
When creating policy in the VPM, where can you instruct the ProxySG to enable or disable pipelining of
referenced objects?
A.
B.
C.
D.
In a Web Content layer.

In a Cache Control layer.
In a Web Access layer.
You cannot do this in the VPM.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 83
In a CPL back reference of the form $(n), are references numbered from right to left or from left to right?
A. Left to right
B. Right to left
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 84
Which one of these statements best describes how policy checkpoints evaluate the installed policy on a
ProxySG?
A.
B.
C.
D.
The Client In checkpoint decides which rules will be evaluated by the other checkpoints.
At each checkpoint, a decision is made whether to allow or deny the transaction.
The Server In checkpoint decides which rules will be evaluated by the other checkpoints.
Relevant rules are evaluated at each checkpoint based on the information about the transaction that is
available at that point.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 85
What are the three types of ProxySG surrogate credentials? (Select 3)
A.
B.
C.
D.
E.
F.
G.
Connection
IP
Cookie
Redirect
Proxy
Origin
Form
Correct Answer: ABC

Section: (none)
Explanation
References:
QUESTION 86
What are the three levels of the ProxySG authentication cache? (Select 3)
A.
B.
C.
D.
E.
F.
IP
Authentication
Credential
Surrogate
Proxy
Cookie
Correct Answer: AEF

Section: (none)
Explanation
Explanation:
QUESTION 87
In CPL, rules that have similar syntax can be grouped into what?
A.
B.
C.
D.
Actions
Layer guards
Triggers
Sections
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 88
When SGOS processes a client HTTP request, how many server workers are associated with each client
worker?
A.
B.
C.
D.
Zero or one, depending on whether the request is served from the SGOS object cache.
One.
Two.
The answer varies depending on current ProxySG CPU utilization.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 89
Which Blue Coat product is best suited for simultaneously administering a large number of ProxySG
appliances?
A.
B.
C.
D.
ProxyAV
PacketShaper
Reporter
Director
Correct Answer: D
Section: (none)
Explanation
References:
QUESTION 90
In a typical client HTTP request, identify the four principal policy checkpoints in the order they are reached.
A.
B.
C.
D.
Client in, server out, client out, server in.

Client in, server in, client out, server out.
Client in, server out, server in, client out.
Client in, server in, server out, client out.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 91
When creating a policy-driven trace, which CPL property specifies the name of the policy trace file into
which matching transactions are traced?
A.
B.
C.
D.
trace.destination()
trace.request()
trace.rules()
None of the above
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 92
In CPL, what is the difference between Deny and Force Deny?
A.
B.
C.
D.
Only one Force Deny can appear in any policy layer.

A later Allow can override a Force Deny.
Force Deny exists only in the VPM, not in CPL.
A Force Deny is final and cannot be reversed by subsequent policy processing.
Correct Answer: D
Section: (none)
Explanation
References:
QUESTION 93
Which policy file can be automatically updated when the ProxySG detects changes to an external source?
A.
B.
C.
D.
Threat protection policy file.

Central policy file.
Forward policy file.
Local policy file.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 94
Without asking a user or physically inspecting their computer, how can you determine which version of web
browser they are using to make requests that are intercepted by the ProxySG? (Select all that apply)
A.
B.
C.
D.
By performing packet captures on the ProxySG when that web browser is in use.
By inspecting the ProxySG access log, if access logging is enabled.
By using the VPM realm browser.
You cannot do this.
Correct Answer: AB
Section: (none)
Explanation
References:
QUESTION 95
When one ProxySG forwards HTTP requests to another ProxySG, does the originating ProxySG send a
server-style GET request or a proxy-style GET request?
A. Server-style
B. Proxy-style
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 96
If the ProxySG and a client cannot successfully authenticate the use of Kerberos credentials during
authentication in a realm where use of Kerberos credentials is enabled, what happens to the authentication
request?
A. The request automatically downgrades and tries to use Basic credentials.
B. The request automatically downgrades and tries to use NTLM credentials, and then Basic credentials.
C. The request fails.
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 97
An HTTP request containing which header instructs the content server to return whether the requested
object has been modified since the last visit?
A.
B.
C.
D.
Pragma: no-cache
GET If-Modified-Since
Cache-control: max-age
None of the above
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 98
SGOS is based on which other operating system?
A.
B.
C.
D.
E.
VxWorks
pSOS
Unix
Windows
None of the above
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 99
What type of filesystem does SGOS use?
A.
B.
C.
D.
ZFS
NTFS
FAT32
None of the above
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 100
When a downstream ProxySG requests an object that already is cached in an upstream ProxySG, the
downstream ProxySG checks the object's freshness with the origin content server.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 101
If a user agent that does not support authentication tries to request content through a connection on which
the ProxySG requires authentication, how can you best resolve the issue?
A. Identify the TCP ports used by the user agent, and create a proxy service to bypass such traffic.
B. Identify an HTTP header that identifies the user agent, and then write policy to exempt matching
transactions from authentication.
C. Identify the IP address of the user agent, and then write policy to exempt matching transactions from
authentication.
D. You cannot do this.
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 102
When writing CPL, should layers containing the most general rules usually appear near the beginning or
the end of a policy file?
A. Near the beginning.
B. Near the end
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 103
To create policy that tests only for the authentication error of expired_credentials, can you use the VPM,
CPL, or either?
A. VPM
B. CPL
C. Either
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 104
http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123 For the above URL, will the
trigger url.domain=bluecoat.com match or miss?
A. Match
B. Miss
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 105
If a CPL rule contains more than one trigger, how are the triggers evaluated?
A.
B.
C.
D.
E.
Only the last trigger is evaluated.

They are logically ORed together; any one of them must be true for the rule to match.
They are logically ANDed together; all of them must be true for the rule to match.
Only the first trigger is evaluated.
The answer depends on the type of layer.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 106
Which of these possible problems does a nearly-full ProxySG disk indicate? (Select all that apply)
A.
B.
C.
D.
This ProxySG should be upgraded to a more powerful model.

One or more additional ProxySG appliances should be deployed in this network.
Caching parameters are improperly set in the Management Console.
None; this is a normal condition.
Correct Answer: BC
Section: (none)
Explanation
Explanation:
QUESTION 107
When the ProxySG processes installed policy as part of a client transaction, how does it handle a rule that
contains a syntax error?
A.
B.
C.
D.
The ProxySG changes the transaction status to Deny and makes an entry in the event log.
The ProxySG stops processing of the layer containing the rule and continues with the next layer, if any.
The ProxySG skips the rule and does not change the accept or deny status of the transaction.
This cannot happen.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 108
When the ProxySG processes a client request to a server that requires a client certificate, from where does
the ProxySG obtain the certificate during transaction processing?
A. From the server.
B. From a certificate store on the ProxySG.
C. From the client.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 109
If a mobile client is using ProxyClient and sends traffic through a ProxySG, which content filtering policy
has priority?
A. The policy on the ProxyClient.
B. It depends on whether any policy has been installed on the ProxySG to disable ProxyClient content
filtering on that transaction.
C. The policy that is evaluated last.
D. The policy on the ProxySG.
E. The policy that is evaluated first.
Correct Answer: AC
Section: (none)
Explanation
Explanation:
QUESTION 110
Where does ProxySG object caching usually result in the most bandwidth savings?
A. On the server side.
B. On the client side.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 111
When a URL-based trigger is used in CPL, the compiler analyzes the source to determine the most
efficient trigger to achieve the desired result.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 112
A <cache>policy layer in CPL can best be implemented in which type of VPM layer?
A.
B.
C.
D.
Web Authentication
Cache
Web Content
This function cannot be performed in the VPM.
Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 113
After creating CPL in the local policy file, the ProxySG imports the policy into the VPM-CPL file so that it
can be viewed in the Visual Policy Manager.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 114
If multiple users from different IP addresses have been authenticated as guest users into the same
authentication realm, how can you distinguish among them in the Management Console display of currently
logged-in users?
A. The ProxySG automatically appends a sequential number to each successive guest login from a
different IP address.
B. When creating policy to authenticate guest users, use variable substitutions such as IP addresses to
form part of the guest username.
C. You cannot do this.
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 115
Name two settings that can be configured in a forwarding group to define which hosts in the group receive
traffic. (Select all that apply)
A.
B.
C.
D.
Redirection
Host affinity
Fail open or closed
Load balancing
Correct Answer: AD
Section: (none)
Explanation
Explanation:
QUESTION 116
What is the pre-defined username that can be used to allow guest users to access content via the
ProxySG?
A.
B.
C.
D.
E.
guest
guest_$ip, where $ip is the client's IP address.
user
user_$ip, where $ip is the client's IP address.
There is no pre-defined guest user.
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 117
trigger url.extension=htm match or miss?
A. Match
B. Miss
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 118
If a CPL rule is not part of a policy layer, when is it processed?
A. Before any layers are processed.
B. After all layers are processed.
C. This cannot happen. All rules must be part of a layer.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 119
How can you instruct the ProxySG to disregard the HTTP request header Pragma: no-cache?
A. By deselecting the Action object setting "Parse pragma-no-cache meta tag" in the VPM.
B. By changing the HTTP proxy Acceleration Profile settings in the Management Console.
C. By deselecting the HTTP proxy setting "Parse pragma-no-cache meta tag" in the Management
Console.
Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 120
When a <proxy> policy layer has set one or more actions to yes, when are these actions performed?
A.
B.
C.
D.
At the end of policy processing, in the order they were encountered.

In order when they are encountered during policy processing.
Depending on the transaction, not all such actions are necessarily taken.
At the end of policy processing, in the reverse order they were encountered.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 121
How can you test whether an authentication realm has been properly configured on the ProxySG without
requiring valid user credentials?
A. The Test Configuration button in the Management Console for this realm.
B. The realm browser in the VPM.
C. You cannot do this.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 122
In a network with three ProxySG appliances using IWA realms with BCAAA, what is the minimum number
of BCAAAs that must be deployed, independent of performance considerations?
A. One
B. Three
C. None of the above.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 123
When SGOS processes a client HTTP request, how is a client worker started?
A. By the SGOS cache administrator process.
B. By a retrieval worker.
C. By a server worker.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 124
By default, are proxy transactions allowed or denied?
A. Yes
B. No
C. The answer depends on the default proxy policy setting.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 125
By, default is a Forwarding layer in the VPM processed before or after a Web Access layer?
A. Before
B. After
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 126
Policy that is written in CPL to control ProxySG forwarding should be placed in which policy file?
A.
B.
C.
D.
E.

Local policy file.
The answer depends on the processing order configured in the Management Console.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 127
The HTTP request header Pragma: no-cache performs the same function as what other header?
A.
B.
C.
D.
Cache-control: no-cache
Cache-control: cache=none
GET If-Modified-Since
None of the above
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 128
By default, which standard keyring is used to authenticate a ProxySG to other devices?
A.
B.
C.
D.
authentication-key
default
appliance-key
default-untrusted
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 129
When analyzing an authentication error, which of these diagnostic tools provides the most detailed
information about the protocol-level messages among the client, the ProxySG, and the authentication
server?
A.
B.
C.
D.
Packet captures
Policy traces
Access logs
Event logs
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 130
What does this CPL layer do?
A.
B.
C.
D.
Sets the transaction status to Allow for all users who have the group attribute of Administrators.
This policy contains a syntax error and cannot be installed.
Nothing.
Sets the group attribute of Administrators for all users whose transactions are allowed.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 131
Perl statements can be included into CPL code as part of policy processing.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 132
Is SGOS a 32-bit or 64-bit operating system?
A. 32-bit
B. 64-bit
C. Either, depending on the model of ProxySG on which it runs
Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 133
The ProxySG simultaneously opens multiple server connections to retrieve objects referenced on a web
page before the client actually issues the requests for those objects. This statement best describes which
ProxySG caching technique?
A.
B.
C.
D.
Pipelining
Asynchronous adaptive refresh
Popularity contest
Cost-based deletion
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 134
In CPL, using the define category construct with a list of 1,000 URLs usually produces more efficient code
than explicitly specifying each individual URL as a separate test.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 135
In a hybrid configuration using the ProxySG in conjunction with the Blue Coat Cloud Service Web Security
Module, how does the ProxySG determine when content filtering should be processed by the Cloud Service
and not the ProxySG?
A.
B.
C.
D.
The administrator must delete any local policy in the VPM and CPL on the ProxySG.
Selective forwarding must be configured on the ProxySG.
The administrator must disable content filtering on the ProxySG.
This cannot happen; in such a configuration, content filtering is always processed by the ProxySG.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 136
Which policy file is processed last?
A.
B.
C.
D.
E.
Local policy file.

Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 137
What type of SGOS software worker can be invoked to perform pipelining of HTTP requests?
A.
B.
C.
D.
Client worker.
Server worker.
Retrieval worker.
SGOS software workers do not perform pipelining of HTTP requests.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 138
Which standard CA certificate list on the ProxySG is normally used in processing client-server SSL
transactions?
A.
B.
C.
D.
E.
appliance-ccl
image-validation
appliance-key
browser-trusted
default
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 139
When permitting guest authentication, what is one way that can require users to specifically state that they
wish to authenticate as a guest?
A. By modifying the standard authentication_failed exception to include a link that users must click before
continuing.
B. By specifying a virtual URL that points to a guest authentication page.
C. By using Force Authenticate in either the VPM or in CPL.
D. By selecting Notify User in the Edit Authenticate Guest Object section of the VPM.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 140
Can the ProxySG initiate a transaction that does not correspond to a client action?
A. Yes
B. No
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 141
Objects that require more server-side bandwidth and response time are less likely to be deleted from the
cache. This statement best describes which ProxySG caching technique?
A.
B.
C.
D.
Popularity content
Pipelining
Cost-based deletion
Asynchronous adaptive refresh
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 142
True or false: The ProxySG can apply policy to Flash traffic without requiring the installation of an add-on
license.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 143
An excessively high internal CPU temperature can be detected and reported by the ProxySG.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 144
Is it possible to run more than one version of a BCAAA acceptor on a Windows computer?
A. Yes
B. No
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 145
When ProxyClient is installed on a mobile workstation, from where is the ProxyClient software normally
downloaded?
A.
B.
C.
D.
From
From
From
From
the Blue Coat Director serving as Client Manager.

the ProxySG serving as Client Manager.
the nearest available ProxySG.
BlueTouch Online.
Correct Answer: D
Section: (none)
Explanation
References:
QUESTION 146
When the ProxySG processes a client request to a server that requires a client certificate, how does the
ProxySG determine which certificate to present to the server?
A.
B.
C.
D.
E.
The administrator configures this in the Management Console at Configuration > SSL.
The ProxySG negotiates with the client.
The ProxySG negotiates with the server.
The client sends its certificate to the ProxySG.
The administrator configures this in policy.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 147
Which one of these statements is NOT true about the caching architecture of the ProxySG?
A. Objects are first stored in the RAM object cache and are swapped into the disk-based object cache as
needed.
B. Information about a single object in the cache can be viewed from the Management Console or CLI.
C. If the same object is cached as a result of being accessed by two different protocols (such as HTTP
and FTP), two objects are stored in the cache.
D. The object store uses a directory structure so that objects in the cache can be accessed quickly.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 148
When using a transparent proxy connection, the ProxySG detects Flash traffic using listeners for which
proxy service by default?
A.
B.
C.
D.
External HTTP
None of the above
RTMP
Flash
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 149
By default, what method does the ProxySG use to balance traffic load among members of a forwarding
group?
A. Least connections
B. Round robin
C. None of the above
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 150
When performing anti-virus scanning using Blue Coat appliances, how does the ProxySG determine what
specific actions to perform for high-performance or maximum-security deployments?
A. In the Configuration > Threat Protection settings of the Management Console.
B. By reading the Threat Protection policy file.

C. By querying the configuration of the anti-virus scanning appliance.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 151
When the ProxySG determines whether a user is a member of an LDAP group, is that considered
authentication or authorization?
A. Authentication
B. Authorization
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 152
In which two of these cases must you specify a virtual URL to be used in conjunction with Kerberos
authentication? (Select 2)
A.
B.
C.
D.
E.
Transparent proxy connection

A redirect authentication mode
Explicit proxy connection
A cookie authentication mode
An origin authentication mode
Correct Answer: DE
Section: (none)
Explanation
Explanation:
QUESTION 153
When performing Kerberos authentication with an explicit proxy connection, the hostname in the proxy
configuration of the web browser must be which of the following?
A. A hostname that DNS-resolves to the IP address of the BCAAA computer.
B. A hostname that DNS-resolves to the IP address of the ProxySG.
C. The hostname of the domain controller.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 154
Name two settings that can be configured in a forwarding group to define which hosts in the group receive
traffic. (Select all that apply)
A.
B.
C.
D.
Load balancing
Fail open or closed
Host affinity
Redirection
Correct Answer: AD
Section: (none)
Explanation
Explanation:
QUESTION 155
If cookie surrogates are used with a user agent that does not support cookies, how does the ProxySG
respond?
A. The ProxySG repeatedly tries to authenticate until the user agent gives up, and authentication is not
successful.
B. The ProxySG automatically switches to an IP surrogate and retries the authentication.
C. The answer depends on whether any other user agents share the same IP address.
D. This cannot happen; the ProxySG prevents such policy from being installed.
Correct Answer: B
Section: (none)
Explanation
References:
QUESTION 156
On the ProxySG, where can you specify whether a client is permitted to allow an untrusted server
certificate? (Select all that apply)
A. In the VPM.
B. In CPL.
C. In the Management Console.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 157
In which types of ProxySG realms does the ProxySG join the Active Directory domain associated with an
IWA realm?
A.
B.
C.
D.
IWA Direct
BCAAA
Both IWA Direct and BCAAA
Neither IWA Direct nor BCAAA
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 158
Which of these proxy services must be enabled on the ProxySG to allow communication with an SNMP
server?
A.
B.
C.
D.
SNMP
External HTTP
FTP
None of the above
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 159
In CPL, which of the following are possible results of a policy processing transaction? (Select all that apply)
A. No match.
B. One or more rules match, changing property value(s).
C. One or more actions are invoked.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 160
Which policy file is processed first?
A.
B.
C.
D.
E.

Local policy file.
Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 161
When a ProxySG is configured to use authentication mode auto with Kerberos credentials and a
transparent proxy connection, which actual mode is typically used?
A.
B.
C.
D.
E.
Origin cookie
Origin IP redirect
Origin cookie redirect
Origin IP
None of the above
Correct Answer: C
Section: (none)
Explanation
References:
QUESTION 162
Where do you most appropriately configure the ProxySG to decide whether to authenticate guest users?
A. In the CLI.
B. In the Management Console.
C. In policy.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 163
NTLM credentials or Kerberos credentials: Which credentials typically require more trips between the
ProxySG and the domain controller?
A. NTLM credentials
B. Kerberos credentials
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 164
By default, how often is the standard SSL trust package updated?
A.
B.
C.
D.
Once every hour.

Once every day.
Once every seven days.
Once every 30 days.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 165
Name two ways by which the ProxySG can determine that a DDOS attack is in progress. (Select
2)
A.
B.
C.
D.
Excessive number of requests from a specific server.

Excessive number of HTTP connections from a specific client.
The ProxySG becomes unable to communicate with its configured DNS server(s).
Sustained bandwidth utilization at or near 100%.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 166
How must you configure the RTMP proxy service to process Flash traffic originating at youtube.com?
A.
B.
C.
D.
Enable HTTP handoff on the Flash proxy on the ProxySG.

Enable Detect Protocol on the External HTTP proxy service.
Write policy in the VPM or CPL to direct traffic from youtube.com to the RTMP proxy service.
You cannot do this.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 167
What information is stored in a policy trace for a transaction processed by a proxy service that is set to
Bypass? (Select all that apply)
A.
B.
C.
D.
E.
F.
Client IP address.
Destination IP address.
Proxy service name.
All policy statements that are evaluated and match.
All policy statements that are evaluated and miss.
None of the above; no entry is recorded in the policy trace.
Correct Answer: ABC

Section: (none)
Explanation
Explanation:
QUESTION 168
Which of these aspects of ProxySG behavior cannot be controlled by CPL? (Select all that apply)
A.
B.
C.
D.
E.
F.
Initiate a packet capture.

Initiate a health check.
Cache content.
Perform user authentication.
Perform access logging.
Control client access to web resources.
Correct Answer: DEF

Section: (none)
Explanation
Explanation:
QUESTION 169
A Web Authentication layer in the VPM can be best implemented in which type of policy layer in CPL?
A. <cache>
B. <authenticate>
C. <proxy>
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 170
What happens when a disk is removed from a ProxySG while it is running?
A. Subsequent requests to objects that were cached on the removed disk will fail.
B. The objects on the removed disk are automatically remapped to the remaining disks and are
immediately refetched from the appropriate content servers.
C. The objects on the removed disk are automatically remapped to the remaining disks and are refetched
from the appropriate content servers the next time they are requested.
D. All subsequent transactions to that ProxySG either fail open or fail closed, depending on configuration,
until the disk is replaced.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 171
Which one of these statements is NOT true about the ProxySG object cache?
A. It is stored as a hash table, not a traditional filesystem.
B. The first chunk of any object can be retrieved in a single disk-read operation.
C. Objects with similar URLs are usually located next to each other so that accessing related objects in a
sequence is faster.
D. Performance does not deteriorate when the cache is 100% full.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 172
In CPL, what is the difference between Allow and OK?
A.
B.
C.
D.
An Allow is final and cannot be reversed by subsequent policy processing.

An OK is final and cannot be reversed by subsequent policy processing.
Allow changes the current state of the transaction; OK makes no change.
There is no difference.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 173
In Kerberos authentication that uses BCAAA, which two entities negotiate the shared key that is used
during the authentication? (Select 2)
A.
B.
C.
D.
E.
BCAAA
The domain controller
The client
The origin content server
The ProxySG
Correct Answer: AB
Section: (none)
Explanation
Explanation:
QUESTION 174
Which of these must be specified on a ProxySG to enable its access logs to be used by Blue Coat
Reporter? (Select all that apply)
A.
B.
C.
D.
The IP address or hostname of the computer on which Reporter is running.

An upload schedule.
An upload client.
An FTP server to receive the logs.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
QUESTION 175
Which authentication mode is generally more secure: Origin IP or Origin Cookie?
A. Origin IP
B. Origin Cookie
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 176
Which level(s) of global policy trace contain information about proxy transactions? (Select all that apply)
A. Trace proxy traffic policy execution.
B. Trace all policy execution.
C. Global policy traces do not contain information about proxy transactions.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 177
A global policy trace can be invoked from which two of these sources? (Select 2)
A.
B.
C.
D.
Management Console
CLI
VPM
CPL
Correct Answer: AB
Section: (none)
Explanation
References:
QUESTION 178
trigger url.scheme=http match or miss?
A. Match
B. Miss
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 179
When will a policy trace report a rule processing result of "N/A"?
A. When the layer containing the rule is disabled.
B. When the rule makes no sense for the specific transaction being processed.
C. When the rule is not reached during evaluation.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 180
When a user has credentials in an IWA realm and already has been authenticated into that realm, what
happens when CPL code directs that user to be authenticated as a guest?
A. Nothing; they continue to be logged in with their credentials.
B. They are logged in as a guest and will show in the Management Console as being logged in twice.
C. They are logged out from their previous credentials and are logged in as a guest.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 181
If you wish to use an SSL trust package other than the one that is supplied by Blue Coat, how do you
configure the ProxySG to use the alternate package?
A. Specify a download URL at Configuration > SSL > External Certificates.
B. In the CLI with the configuration-mode command ssl edit trust.

C. Specify a download URL at Configuration > SSL > Device Profiles.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 182
Which one of these statements best describes how the ProxySG locates an object in its cache?
A. The ProxySG performs a hash against the URL of the object and uses the hash as the basis for a
lookup into the table of cached objects.
B. The ProxySG uses the hostname in the object's URL to determine in which cache directory the object is
located.
C. The ProxySG uses the first 32 bytes of the object's URL to determine in which cache directory the
object is located.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 183
Is it must the ProxySG use BCAAA to perform user authentication to an IWA realm?
A. Yes.
B. No.
C. It depends on whether that realm has been configured on the ProxySG to be an IWA Direct realm or a
BCAAA realm.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 184
The ProxySG compiles CPL code at installation time and performs optimizations that might not have been
written into the code.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 185
Organize these CPL components into descending order based on how they are organized in policy.
A.
B.
C.
D.
Triggers, conditions, rules, layers.

Layers, conditions, rules, triggers.
Layers, rules, conditions, triggers.
Layers, rules, triggers, conditions.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 186
Which one of these regular expressions will match a URL that uses either HTTP or HTTPS?
A.
B.
C.
D.
^https?
2https?
[http][https]
http[s]
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 187
In a cookie in the user's web browser, in a ProxySG authentication cache, or on the authentication server:
Where are surrogate authentication credentials stored?
A. On the authentication server.
B. In a cookie in the user's web browser.
C. In a ProxySG authentication cache.
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 188
http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123
For the above URL, will the trigger url.host=bluecoat.com match or miss?
A. Match
B. Miss
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 189
Can you simultaneously use policy created in the VPM and written in CPL?
A. Yes
B. No
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 190
trigger url.path=products/proxysg match or miss?
A. Match
B. Miss
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 191
Which type of SGOS worker performs most transactions with an authentication server?
A. Policy worker
B. HTTP worker
C. AAA worker
Correct Answer: C
Section: (none)
Explanation
Explanation:

Aindumps BCCPP v2015!03!19 by Arvid 191q

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Aindumps BCCPP v2015!03!19 by Arvid 191q

Transféré par

Droits d'auteur :

Formats disponibles

Braindumps BCCPP 191q

All of the above

All of the above

A. Apparent Data Type

All of the above

The user will receive an error notifying unsuccessful authentication.

(a) Form based authentication

setspn-A HTTP/serverl.bluecoat.com sg01

All of the above

C. Policy that involves local users and groups

be prompted with an authentication dialog box to provide credentials.

All of the above

proxy-ip for explicit and transparent clients

the SG is able to successfully establish a TCP handshake to the upstream device.

Create a SSL intercept layer in the VPM.

407 proxy Authentication Required

All of the above

By disabling Detect Protocol

Connection will be intercepted.

E. All of the above

NTLM (NT LAN Manager)

The web browser.

In a Web Content layer.

Correct Answer: ABC

Correct Answer: AEF

Client in, server out, client out, server in.

Only one Force Deny can appear in any policy layer.

Threat protection policy file.

Only the last trigger is evaluated.

This ProxySG should be upgraded to a more powerful model.

At the end of policy processing, in the order they were encountered.

Forward policy file.

Local policy file.

the Blue Coat Director serving as Client Manager.

B. By reading the Threat Protection policy file.

Transparent proxy connection

Central policy file.

Once every hour.

Excessive number of requests from a specific server.

Enable HTTP handoff on the Flash proxy on the ProxySG.

Correct Answer: ABC

Initiate a packet capture.

Correct Answer: DEF

An Allow is final and cannot be reversed by subsequent policy processing.

The IP address or hostname of the computer on which Reporter is running.

B. In the CLI with the configuration-mode command ssl edit trust.

Triggers, conditions, rules, layers.

Vous aimerez peut-être aussi