BCCPP Online Practice Questions and Answers

A cookie without an expire value will___

A. last until the client cleats cookies from the browser

B. last until the client closes the browser session

C. last until the client logs off

Which of the following are true when enabling the early intercept attribute for a proxy service? (Choose all that apply)

(a)

It is automatically enabled when the detect protocol attribute is enabled.

(b)

The ProxySG completes the three-way TCP handshake with the client before establishing a connection to the upstream server.

(c)

It can be used with any protocol.

A.

a and c only

B.

a and b only

C.

c only

D.

All of the above

The Access Control List (ACL) option in the management console (configured by the menu item Configuration >Authentication >Console access) will be enforced for which types of administrative accounts? (Choose all that apply)

(a)

LDAP realm account

(b)

Local realm account

(c)

Built-in account

(d)

IWA realm account

A.

All of the above

B.

a and b only

C.

c only

D.

c and d only

E.

None of the above

There is a hard coded limit to the number of concurrent connections allowed through the ProxySG..

A. True

B. False

In a transparent proxy that is intercepting HTTP, how can an administrator allow instant messaging over HTTP to pass through ProxySG if they do not have IM license on the ProxySG?

A. By disabling Detect Protocol

B. By disabling Protocol Handoff in IM

C. By configuring the proxy services to bypass AOL IM, MSN IM and Yahoo IM services

D. By disabling early intercept

Which statement is correct about Proxy-Authenticate header

A. It is sent by the proxy every time when a HTTP 407 status code is sent

B. It is used by a browser to pass credentials to a proxy

C. It is used by both client and proxy to negotiate the method of credential exchange

When creating a policy-driven trace, which CPL property specifies the name of the policy trace file into which matching transactions are traced?

A. trace.destination()

B. trace.request()

C. trace.rules()

D. None of the above

If the ProxySG and a client cannot successfully authenticate the use of Kerberos credentials during authen- tication in a realm where use of Kerberos credentials is enabled, what happens to the authentication re- quest?

A. The request automatically downgrades and tries to use Basic credentials.

B. The request automatically downgrades and tries to use NTLM credentials, and then Basic creden- tials.

C. The request fails.

If a user agent that does not support authentication tries to request content through a connection on which the ProxySG requires authentication, how can you best resolve the issue?

A. Identify the TCP ports used by the user agent, and create a proxy service to bypass such traffic.

B. Identify an HTTP header that identifies the user agent, and then write policy to exempt matching transactions from authentication.

C. Identify the IP address of the user agent, and then write policy to exempt matching transactions from authentication.

D. You cannot do this.

When a URL-based trigger is used in CPL, the compiler analyzes the source to determine the most efficient trigger to achieve the desired result.

A. True

B. False

If a CPL rule is not part of a policy layer, when is it processed?

A. Before any layers are processed.

B. After all layers are processed.

C. This cannot happen. All rules must be part of a layer.

By default, are proxy transactions allowed or denied?

A. Yes

B. No

C. The answer depends on the default proxy policy setting.

Which policy file is processed last?

A. Local policy file.

B. Threat protection policy file.

C. Forward policy file.

D. Central policy file.

E. The answer depends on the processing order configured in the Management Console.

When permitting guest authentication, what is one way that can require users to specifically state that they wish to authenticate as a guest?

A. By modifying the standard authentication_failed exception to include a link that users must click be- fore continuing.

B. By specifying a virtual URL that points to a guest authentication page.

C. By using Force Authenticate in either the VPM or in CPL.

D. By selecting Notify User in the Edit Authenticate Guest Object section of the VPM.

Which policy file is processed first?

A. Central policy file.

B. Forward policy file.

C. Local policy file.

D. Threat protection policy file.

E. The answer depends on the processing order configured in the Management Console.