BCCPA

For interactive and self-paced preparation of exam BCCPA, try our practice exams. Practice exams also include self assessment and reporting features 1

Blue Coat EXAM BCCPA Blue Coat Certified Proxy Administrator V3.03

Total Questions: 133


Question: 1

An administrator created a PIN for the ProxySG front panel, disabled the built-in administrative account and introduced policy-based admin auttiohration, and secured die serial port. After this was done, all the PINs, passwords and policy settings were lost. What options are available to regain access to the appliance? (choose all that apply) (a) Return ProxySG appliance to Blue Coat to restore a default SGCS image (b) Restore the factory settings by pressing and holding a reset button for 5 seconds, configure the appliance anew or restore its configuraoon from a backup (c) Try out all 10000 combinations of PIN for the front panel until you find the right one (d) Remove the hard disk from the ProxySG, connect it as an external SAT A disk to any Windows or Linux computer; clear the admin entry in the /etc/ pssswd file on that disk. Put the hard disk back in ProxySG, start it up and reset the admin's password. A. a only B. a & b only C. a & c only D. a & d only E. All of the above

Answer: B

Question: 2

The Connect HTTP method is reserved for use with a proxy that can dynamically switch to being a tunnel （e.g. SSL tunneling) A. True B. False

Answer: A

Question: 3

Forward proxy of SSL allows applying policies to encrypted SSL dat a. A. True B. False

Answer: B


Question: 4

The ProxySG gives you the ability to write policies through . A. the graphical visual Policy Manager and/or the command-line interface B. Visual Policy Manager only C. the graphical visual Policy Manager, the command-line interface and/or imported text file

Answer: C

Question: 5

Which is NOT a support- related site for Blue Coat products? A.http://forums.bluecoot.com B.http://services.bluecoar.com C.http://download.bluecoat.com D.http://webpulse.bluecoat.com

Answer: D

Question: 6

Which ProxySG technology uses the Gaca processing pipeline similar to the one shown in the picture?

A. Blue Coat Reporter B. MACH5 C. BCWF D. ProxySG Services

Answer: B

Question: 7

Which of the following Authentication Realms are supported by Blue Coat in SGOS 5.3? (Choose all that apply) (a) IWA (b) RADIUS


(C) LDAP (d) TACACS+ A. a, b & d only B. b, c & d only C. a, b &c only D. All of the above

Answer: C

Question: 8

What are the possible configurable options when configuring destination address in proxy services? (Choose all that apply) (a) All (b) Any (c) Explicit (d) Transparent A. a, c & d only B. a, b & c only C. b, c &d only D. All of the above

Answer: A

Question: 9

What are the types of challenges that can be authenticated by ProxySG? (choose all that apply) (a) Administrator attempts to access Management console (b) user attempts to access the internet (c) Administrator attempts to access SG via SSH (d) User attempts to access a CIFS file server A. All of the above B. b, c &d only C. a, c & d only D. a, b & c only

Answer: A

Question: 10


A ProxySG is designed to do which of rhe following? (choose all that apply) (a) Enhance security through authentication, virus scanning, and logging. (b) Increase performance through TCP optimization, HTTP caching and pipelining. (c) Control content with URL filtering, content stripping, and HTTP header analysis. A. a & b only B. b & c only C. a & c only D. All of the above

Answer: D

Question: 11

Which streaming services are supported by ProxySG? A. QuickTime, Windows Media, and Real Media B. Windows Media, Real Media, and Flash C. QuickTime, Flash, and MP4

Answer: B

Question: 12

A single ProxySG appliance can act as a Gateway Proxy and WAN Acceleration Proxy at the same time. A. True B. False

Answer: A

Question: 13

Which option is NOT available to upload logfiles from ProxySG? A. HTTP server B. FTP server C. Blue Coat Reporter server D. CIFS/SAMBA file server

Answer: C


Question: 14

What acceleration techniques are NOT part of MACHS? A. Bandwidth management (traffic shaping) B. Protocol optimization and compression C. IP layer route optimization D. Object caching E. Byte caching

Answer: C

Question: 15

Which of the following types of traffic are not scanned with ICAP REQMOD? A.HTTP PUT data B.FTP uploads C.FTP responses D.HTTP POST data

Answer: C

Question: 16

The goal of creating and using Notify User objects is (Choose all that apply) (a) to deny access to a URL (b) to deliver a splash page to the clients (c) to warn a user before allowing access to a URL A. a & b only B. b & c only C. All of the above

Answer: B

Question: 17

What can be concluded about this request processing order?


A. ProxyAV Is accessed in ICAP REOMOD mode B. ProxyAV is accessed ICAP RESPMOO mode C. ProxySG with ProxyAV is deployed as a forward proxy

Answer: A

Question: 18

Which of the following methods is NOT appropriate for the initial setup for a ProxySG 2XX series? A. Serial console Cable B. LCD Panel C. Web Wizard accessing HTTPS port 8083 D. Blue Coat Director applying a profile

Answer: D

Question: 19

The default policy for ProxySG is DENY. Network administrator creates a VPM policy allowing access to some Web host only for certain users (see picture). When installing this policy, ProxySG issues a warning that this rule will be ignored. What change can be applied in order to fix this?


A. Add another rule to the Web Access layer creating an exception for users NOT allowed to access the host. B. Add another Web Access layer and set its default action to Allow. C. Add Web Authentication layer with a rule having Force Authenticate action. D. Add Web content layer with a rule preventing serving content from ProxySG cache to unauthorized users. Answer: B

Question: 20

Which Instant Messaging proxies are available on the ProxySG? (Choose all that apply) (a) AIM (b)Jabber (c) MSN (d) Yahoo A. a, b & c only B. a, b & d only C. a. c & d only D. b. c & d only E. All of the above

Answer: C

Question: 21

In SGOS 5.3, what are the two versions that you can opt for? (choose all that apply) (a) Proxy Edition (b) Full Edition (c)WAN Opt Edition (d) MACH5 Edition A. b&c only B. a, c & d only C. c & d only D. a & d only


Answer: D

Question: 22

What ProxySG appliance has these default settings; (a) Default policy is ALLOW (b) Trust client destination IP is ON (c) Tolerate HTTP errors is ON; A. Proxy Edition B. Reverse Proxy Edition C. MACH5 Edition D. Trial Edition

Answer: C

Question: 23

Which software product provides Web content filtering for windows and Mac OS computers, is locally configurable, and can produce a barking sound, when user violates a filtering policy. A. ProxyAV B. Blue coat WebFilter C. Blue Coat k9 D. Blue Coat Director

Answer: C

Question: 24

What are "unmanaged endpoints' which make the Blue Coat RA (Remote Access) appliance useful? A. TCP connection sources or destinations, which ate outside our LAN B. Workstations, which need to be in a virtual private network, but VPN clients cannot be installed on them C. Mobile user laptops, which are used in places not protected by ProxySG D. Hosts without installed ProxyClient or with disabled ProxyClient

Answer: B


Question: 25

HTTP/1.1 supports pipelining - multiple related requests are written to a single TCP socket without waiting for the responses to come back — i.e. the requests are done asynchronously in-parallel, instead of doing them sequentially as usual (see picture). Some Web clients such as Opera and Firefox with FasterFox plugin use HTTP pipelining. Assume that ProxySG Is deployed as a forward proxy listening on port 8080.

A. If an HTTP client tries to use pipelining, the use of proxy will break the HTTP protocol. B. For those HTTP clients that use pipelining, the use of forward proxy would ensure faster response time compared to the clients that do not use pipelining.

Answer: B

Question: 26

If an error occurs during Proxy AV request or response processing, which of the following will occur? A. The connection will be allowed B. The connection will hp denied C. The response is determined by the ICAP object properties in policy D. The response is determined by die ICAP configuration properties in the management console

Answer: D

Question: 27

When the ProxySG 200's power LED indicator alternates between green and amber, it means that the system is booting.


A. True B. False

Answer: A

Question: 28

The ProxySG acts as both an ICAP client and ICAP server. A. True B. False

Answer: A

Question: 29

A parent exception can provide the default, values for a child exception. A. True B. False

Answer: A

Question: 30

What is returned to the HTTP request" GET / HTTP/ 1.1 "? A. The listing of the webroot directory of the Web server B. The file index.html C. A file that is configured as a defaulty /welcome file for that Web server

Answer: C

Question: 31

What is true immediately after the initial setup of ProxySG A. None of the content filtering databases is sot up B. Only the default Dlue Coat WebFilter database is sec up and available


C. Blue Coat WebFilter database and 3rd party databases are set up and available

Answer: B

Question: 32

Which of the following policies can be applied to Instant Messaging traffic? (Choose all that apply) (a) A policy to deny the transfer of specific file types or file sizes (b) A policy to deny a specific IM request method (c) A policy to deny a key word or words using a regular expression (d) A policy to deny a specific IM buddy or IM chat room A. a, b S c only B. b, c &d only C. a, c &d only D. All of the above

Answer: D

Question: 33

Which best describes the role of a proxy server? A. A device that inspects Layer 2 - Layer 4 traffic running through it and denies or permits based on a set of policies. B. An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. C. An intermediary program that protects the resources of a private network from users on other networks. D.A device that extracts the destination address of a packet, selects tne best path for the packet and forwards the packet the next device in the path.

Answer: B

Question: 34

After the initial boot-up. Blue Coat SGOS will automatically boot into a trial license. What is the duration of the thai period? A. 30 days, trial can be prolonged by CLI command reset-trial B. 60 days, trial can be prolonged by CU command reset-trial C. 9o days D. 120 days


Answer: B

Question: 35

What happens to ProxySG logging, it uploading them to a remote FTP server becomes impossible? A. When there is no more space for logging, ProxySG switches on dynamic bypass for TCP connections — stops intercepting traffic B. When there is no more space for logging, ProxySG will process policy, but will ignore any logging-related policies or configuration settings C. ProxySG erases old logs but continues writing the more recent ones D. Either logging stops or older log files are erased — depending on the ProxySG configuration

Answer: C

Question: 36

Which protocol and port is used by Blue Coat Reporter service to display results? A.HTTP port 8987 B.HTTP port 8443 C.FTP port 8021 D.SNMP port 161

Answer: A

Question: 37

What is the default time to cache authentication credentials in ProxySG for an authentication realm? A.15 minutes B. 30 minutes C.60 minutes D.90 minutes

Answer: A

Question: 38

What is in NTLW Type 2 Message?


A. Domain + Workstation Name B. Challenge for the Client C. Usemame and Password D. Client Response for the challenge

Answer: B

Question: 39

Which of the following console services are enabled by default? (choose all that apply) (a) HTTP port 8081 (b) HTTPS port 8082 (c) HTTPS port 8083 (d) SSH port 22 A. a & c only B. b & d only C. c & d only D. a & b only

Answer: B

Question: 40

Which HTTP error code corresponds to the ProxySG default exception identifier icap_error? A.403 B.404 C.503 D.401

Answer: C

Question: 41

To implement ProxySG as a default gateway, which of the following options has to be enabled? A. Early intercept B. Reflect Client IP C. IP Forwarding D. Detect Protocol


Answer: C

Question: 42

When the DRTR successfully categorizes a site, the site is (a) added to the static BCWF database on the ProxySG (b) added to the local database on the ProxySG (c) added to the DRTR database on the ProxySG (d) added to a DRTR cache that resides on the ProxySG A. a&b only B. b & c only C. d only D. None of the above

Answer: A

Question: 43

Which of the following is a free software based Blue Coat product for home users? A. Web Filter B. k9 C. SiteAdvisot

Answer: B

Question: 44

When virus scanning functionality is enabled, ProxySG acts as an ICAP server, and ProxyAV — as an ICAP client. A. True B. False Answer: B

Question: 45

What are the best practices using anti-virus software on a windows machine running Blue Coat Reporter?


A. Do not use anti-virus software as the log files cannot contain viruses B. Perform scans as you would for any windows server C. Perform scans only during low activity of ProxySG D. Perform scans, but bypass certain directories containing frequently changing files

Answer: D

Question: 46

Is Management Console accessible over HTTP? A. Yes, it is enabled by default, except in FIPS mode B. It can be explicitly enabled, the default port is 8081 C. It can be explicitly enabled, the default port is 8082 D. A new service has to be created with port selected by the administrator,

Answer: B

Question: 47

HTTP Access log format bcreportermain_vl includes the time of the request, URL requested, and MIME type of content, but does not include whether it is cache hit or miss. A. True B. False

Answer: A

Question: 48

Which virus-scanning engine is NOT supported by ProxyAV? A. MCAfee B. Sophos C. Norton D. Kaspersky E.Panda

Answer: C


Question: 49

Which of the following tracks client requests and server responses? A. Event logs B. Sys logs C. Report logs D. Access logs

Answer: D

Question: 50

If a proxy server is seen in the external Internet as Web server, it is a forward proxy. A. True B. False

Answer: B

Question: 51

Which HTTP error code corresponds to the ProxySG default exception identifier icap_error? A.403 B.404 C.503 D.401

Answer: C

Question: 52

What is the name of the Technical Support Web site where service requests can be reported? A. WebPulse B. BlueTouch Online C. Blue Coat Professional Services D. Services@BC


Answer: B

Question: 53

The default policy for ProxySG is DENY. Network administrator creates a VPM policy allowing access to some Web host only for certain users (see picture), when installing this policy, ProxySG issues a warning that this rule will be ignored, what change can be applied in order to fix this?

A. Add another rule to the Web Access layer creating an exception for users NOT allowed to access the host. B. Add another Web Access layer and set its default action to Allow C. Add web Authentication layer with a rule having Force Authenticate action. D. Add Web Content layer with a rule preventing serving content from ProxySG cache to unauthorized users.

Answer: C

Question: 54

What changes, when FIPS mode tor Management Console Is enabled? A. FIPS mode improves browser support B. Management Console can be accessed via TLS-based HTTPS only; some device certification options are changed C.FIPS mode makes Management Console application faster as the rich client download size decreases

Answer: B

Question: 55

Which of the following policies can be applied to Instant Messaging traffic? (Choose all that apply) (a) A policy to deny the transfer of specific file types or file sizes (b) A policy to deny a specific IM request method (c) A policy to deny a key word or words using a regular expression (d) A policy to deny a specific IM buddy or IM chat room


A. a, b & c only B. b, c & d only C. a. c a d only D. All of the above

Answer: A

Question: 56

When Proxy server settings in a browser are configured using WPAD (web Proxy Auto Discovery) protocol, what has to be specifically guaranteed to ensure security? A. JavaScript on client's browser must be enabled, otherwise it will not allow to execute proxy configuration script. B. Hosts (e.g. wpad.mydepartment.mycompany.com, wpad.mycompany.com ) should be trusted not to serve malicious wpad.dat files C. Internet Explorer browser should receive security updates more often than twice a year D. DHCP must be accessible at the time, when user starts a browser

Answer: B

Question: 57

Reporter creates reports that can be saved in the following formats (choose all that apply) (a) CSV (comma-separated-values) to be opened by Excel (b) Adobe PDF (c) HTML (d) XML A. a, b & c only B. a, b & d only C. a, c & d only D. b, c a d only E. All of the above

Answer: A

Question: 58

Which option is NOT available to upload logfiles from ProxySG? A. HTTP server


B. FTP server C. Blue Coat Reporter server D. CIFS/SAMBA file server

Answer: D

Question: 59

What are 'unmanaged endpoints" which make the ProxyRA appliance useful? A. TCP connection sources of destinations, which are outside our LAN B. Workstations, which need to be in a virtual private network, but VPN clients cannot be installed on them C. TCP and UDP ports that are unprotected by the enterprise firewall. D. Hosts without ProxyClient installed on them.

Answer: B

Question: 60

Which statements are true about the Blue Coat WebFilter? (Choose all that apply) (a) A single web site can belong to multiple categories (b) Embedded images and objects may be denied, even though the container page is allowed. (c) WebFilter on-box database can be used in conjunction with a third party content database (d) WebFilter on-box database updates are Web downloads A. a, b & c only B. a. b & d only C. a, c & d only D. b, c & d only E. All of the above

Answer: E

Question: 61

A single ProxySG appliance can act as a Gateway Proxy and WAN Acceleration Proxy at the same time. A. True B. False

Answer: A


Question: 62

If a proxy server is seen in the external Internet as Web server, it is a forward proxy. A. True B. False

Answer: B

Question: 63

Which function is NOT a characteristic feature of proxy servers? A. Making requests in the Internet, using HTTP, FTP, SOCKS on behalf of other clients B. IP Masquerading - replacing original requestor's address with it's own C. Encapsulating one protocol into another protocol D. Caching previously requested resources

Answer: B

Question: 64

Blue coat Director functions include the following (choose all that apply) (a) Provide centralized initial setup and policy management (b) Configure secure gateway and WAN acceleration (c) Monitor hardware and software metrics and events on ProxySG appliances (d) Enable proxying and filtering of multicast UDP traffic A. a, b & c only B. a, b & d only C. a, c & d only D. b,c & d only

Answer: A

Question: 65

What preconditions should be satisfied in order to do initial configuration from a client computer via the URL https://proxysg.bluecodt.com:8083? (choose all that apply) (a) Client computer should be directly connected to ProxySG with a cross-over cable


(b) ProxySG should have a pass-through card (c) ProxySG should be deployed in the bridging mode A. a & b only B. a & c only C. b & c only D. All of the above

Answer: D

Question: 66

What kind of object should be selected from button New in the New Action dialogue in the VPM that returns a coaching or splash page?

A. Return Exception B. Return Redirect C. Notify User D. Acceptable Usage Policy

Answer: C

Question: 67

What are requirements for client's browser for notification and coaching pages to work properly? A. Pop-up windows should not be blocked B. JavaScript has to be enabled C. Cookies have to be enabled


D. Both JavaScript and cookies have to be enabled

Answer: A

Question: 68

What does the Blue Coat WebFilter do to classify sites not found in the WebFilter on-box database A. Sends classification requests to WebPulse B. Runs Bayes classification algorithm on ProxySG C. Forwards categorization requests to other ProsySG D. Matches against a list of forbidden keywords

Answer: A

Question: 69

A ProxySG is designed to do which of the following? (choose all that apply) (a) Enhance security through authentication, virus scanning, and logging. (b) increase performance through TCP optimization, HTTP caching and pipelining. (c) Control content with URL filtering, content stripping, and HTTP header analysis. A. a & b only B. b & c only C. a & c only D. All of the above Answer: D

Question: 70

Which of the following statements are true? (choose all that apply) (a) Exceptions and notifications can be configured to use specific HTTP response codes. (b) Exceptions and notify user objects can be created through the VPM. (c) Exceptions and notify user objects can be utilized as action objects in the VPM. (c) Exceptions and notify user objects can include substitutions such as the IP address, username or category. A. a & b only B. a, c & d only C. b & c only D. a, b & c only

Answer: B


Question: 71

What happens, if there are multiple listeners to the same TCP port, and destination IP address belongs to multiple IP address ranges? A. Such configuration is Inherently ambiguous and wrong B. Such cases cause built-in exceptions to be thrown during policy processing C. The most specific IP address range is always used

Answer: A

Question: 72

Management Console of ProxySG (SGOS v. 5.4- or earlier) is based on the following client-side technology: A. FIPS mode improves browser support B. Java servlet application C. JVM applet embedded in the Web page D. Adobe Flex E. AJAX and JavaScript

Answer: C

Question: 73

Which of the following tracks client-server transactions going through the ProxySG? A. Event logs B. Sys logs C. Report logs D. Access logs

Answer: D

Question: 74

To implement ProxySG as a default gateway, which of the following options has to be enabled? A. Early Intercept


B. Reflect Client IP C. IP Forwarding D. Detect Protocol

Answer: C

Question: 75

When the DRTR successfully categorizes a site, the site is (Choose all that apply) (a) added to the static BCWF database on the ProxySG (b) added to the local database on the ProxySG (c) added to the DRTR database on the ProxySG (d) added to a DRTR cache that resides on the ProxySG A. a & b only B. b & c only C. d only D. None of the above

Answer: D

Question: 76

If you set a service attribute on the ProxySG to "Reflect Client IP", what must you make sure is not going to happen in the network? A. The service destination IP is set to "transparent" and Action is set to "Intercept". B. Force Authentication through policy. C. Asymmetric routing directly from client to OCS.

Answer: A

Question:77

Which layer can be used to block a particular URL? A. Authentication B. Web Access C. Forwarding D. Web Content


Answer: B

Question: 78

All of the following are software based Blue Coat solutions: Blue Coat Reporter, Blue Coat WebFilter, Blue Coat K9, ProxyClient A. True B. False

Answer: A

Question: 79

The following authentication realms will be used in a sequence realm. Which realm should go first? A. Local B. IWA C. Radius D. LDAP

Answer: A

Question: 80

The ProxySG ICAP implementation is fully compatible with which of the following applications? (choose all that apply) (a) Finjan SurfinGate (b) Webwasher (c) Antivirus Scan Engine (SAVSE) (d) Trend Micro InterScan A. a & b only B. b & c only C. c & d only D. All of the above

Answer: D

Question: 81


The ProxySG acts as both an ICAP client and ICAP server. A. True B. False

Answer: A

Question: 82

Which best describes the role of a proxy server? A. A device that inspects Layer 2 - Layer 4 traffic running through it and denies or permits based on a set of policies. B. An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. C. An intermediary program that protects the resources of a private network from users on other networks. D.A device that extracts the destination address of a packet, selects the best path for the packet and forwards the packet the next device in the path.

Answer: B

Question: 83

Which console services are NOT available on the ProxySG? A. SSH B. HTTP C. HTTPS D. Serial E. All the above are available

Answer: E

Question: 84

The ProxySG operating system is based on . A. a customized, object oriented version of FreeBSD B. a custom built operating system with integrated caching and compression C. a Linux Kernel 2.6.x with byte caching and compression


Answer: B

Question: 85

Which appliance does not need any licensing and is fully operable after deployment? A. ProxyAV B. ProxySG C. ProxyRA D. Blue Coat Director

Answer: D

Question: 86

ProxySG can provide all these services to IM clients — client authentication at a proxy, message reflection, policy enforcement and logging. A. True B. False

Answer: A

Question: 87

Can server initiate an HTTP transaction? A. It cannot B. It can for e.g. Web-based instant messaging, AJAX and similar server-push applications C. It can only for some HTTP request methods

Answer: B

Question: 88

The ProxySG can create configurable access logs for FTP, HTTP, and Telnet but not for Peer-to-Peer or RealMedia A. True B. False


Answer: B

Question: 89

Which of the following policies CANNOT be implemented on the ProxyAV? (Choose all that apply) (a) Blocking viruses, worms, spyware and trojans (b) Blocking file types using apparent data type (file signature) (c) Blocking files that exceed a size limit set by the administrator (d) Blocking password protected archive files A. a only B. b only C. c only D. d only E. All of the above can be implemented with the Proxy AV

Answer: E

Question: 90

The SSL certificate returned by the Management Console upon HTTPS access A. is birth certificate, which depends on the device serial number only; it can be cached for the whole lifetime of the ProxySG B. is generated anew automatically every time ProxySG performs initial setup C. has to be generated explicitly from the CLI

Answer: B

Question: 91

ProxySG has to be deployed inline (in bridging mode) or virtually inline (using WCCP or an L4 switch) in order to block IM traffic. A. True B. False

Answer: A


Question: 92

Which HTTP error code corresponds to the ProxySG default exception identifier policy_denied? A.403 B.404 C.503 D.401

Answer: A

Question: 93

Which of the following are true about the rules processing in the VPM? (choose all that apply) (a)Rules are processed in a top down sequence. (b)Layers are processed from left to right regardless of type. (c)Layers are processed according to layer type. (d)Layers of the same type are processed from left to right. A. None of the above B. b. c & d only C .a, b & c only D. a, c & d only

Answer: D

Question: 94

Which capabilities are limited in Blue coat Reporter standard edition compared to Enterprise edition? (choose all that apply) (a)Data profile number is limited to five (b)Reports can be displayed, but cannot be saved as PDF or CSV (c)Only single processor is supported (d)Report customization is limited A. a, b & c only B. a, b & d only C. a, c & d only D. b, c & d only E. All of the above Answer: C


Question: 95

Find the configuration or management activity that is NOT among the functions of the Blue Coat Director CANNOT be used? A. Configuration of a large number of ProxySG appliances B. Policy updates on ProxySG appliances C. Virus definition updates for AV scanning D. Setup and licensing E. All the above actions can be done by a Director

Answer: D

Question: 96

In the VPM, source triggers can be used in conjunction with the ICAP RESPMOD action. A. True B. False

Answer: A

Question: 97

What can be concluded about this request processing order?

A. ProxyAV is accessed in ICAP REQMOD mode


B. ProxyAV is accessed ICAP RESPMOD mode C. ProxySG with ProxyAV is deployed as a forward proxy D. Proxy SG with ProxyAV is deployed as a reverse proxy

Answer: A

Question: 98

What are the best practices using anti-virus software on a Windows machine running Blue Coat Reporter? A. Do not use anti-virus software as the log files cannot contain viruses B. Perform scans as you would for any Windows server C. Perform scans only during low activity of ProxySG D. Perform scans, but bypass certain directories containing frequently changing files

Answer: D

Question: 99

Forward proxy of SSL allows applying policies to encrypted SSL dat a. A. True B. False

Answer: A

Question: 100

Coaching or splash pages have to be configured through CPL rather than VPM. A. True B. False

Answer: B

Question: 101

Which HTTP error code corresponds to the ProxySG default


exception identifier authentication_failed ? A. 403 B. 404 C. 503 D. 401

Answer: D

Question: 102

How many different anti-virus scanning engines can you run simultaneously on a ProxyAV? A. 1 B. 2 C. 3 D. 4

Answer: A

Question: 103

Which WAN Optimization feature can accelerate the transfer of several similar, uncompressed files between two locations? (Two files are called similar, if their editing distance is small, compared to the size of the files. For example, if one file can be obtained from another one by inserting or deleting a small fragment.) A. Protocol Optimization B. Object Caching C. Byte Caching D. Bandwidth Management

Answer: C

Question: 104

Which HTTP error code corresponds to the ProxySG default exception identifier dns_unresolved_hostname ? A. 403 B. 404 C. 503 D. 401


Answer: B

Question: 105

Which statement is true about a ProxySG with factory settings: A. To get network access, initial setup is necessary — ProxySG does not have an IP address until then B. Unconfigured ProxySG responds to some of the pre-built IP addresses, which are contained in the private IP address ranges 10.0.0.0/2S5.0.0.0 and 172.16.0.0/255.240.0.0 and 192.168.0.0/255.255.0.0 . C. Unconfigured ProxySG tries to obtain IP address from a DHCP server D. Unconfigured ProxySG sends RARP request to look up its IP address from the MAC address of its network interface card. If it cannot get a valid IP address, initial setup is required.

Answer: B

Question: 106

If Proxy SG acts as a Web proxy, does the Origin Content Server (OCS) see the client's IP address or the proxy server's IP address A. Content Server always sees client's IP address B. Content Server always sees Proxy Server's IP address C. Content Server sees client's IP address, if the proxy is configured as transparent proxy D. The IP address seen by the Content Server depends on the Proxy SG configuration parameter reflect-client-ip

Answer: B

Question: 107

HTTP response typically contains headers and the body (data). Does HTTP request contain body (data)? A. HTTP requests contain headers (including cookie data) only B. HTTP requests contain body only if the request is file upload C. HTTP requests contain body only if it is a POST (rather than GET) request D. HTTP requests contain body, if they are HTML form submissions

Answer: A


Question: 108

Since which version the HTTP protocol has persistent TCP connections and Keep-alive headers? A. HTTP/0.9 B. HTTP/1.0 C. HTTP/1.1

Answer: C

Question: 109

Which WAN Optimization features require at least two ProxySG appliances to work? (Check all that apply) (a) Protocol Optimization (b) Object Caching (c) Byte Caching (d) Application Delivery Network (ADN) A. a & b only B. b & c only C. c & d only D. All of the above

Answer: C

Question: 110

When the Blue Coat Web Filter is enabled, the DRTR A. is disabled by default B. is enabled only through VPM policy C. is enabled to work in the background by default D. is enabled to work in real-time by default

Answer: C

Question: 111


Assume explicit proxy deployment where LDAP authentication realm is used. Authentication mode value is auto. What is the first response code that a client receives as it attempt to connect to the Internet for the first time? A. 200 B. 302 C. 401 D. 407

Answer: C

Question: 112

Client makes a Web request to a Web Server, and ProxySG is using ProxyAV in RESPMOD mode. Which devices are involved before the request reaches the original destination Web server? A. Client, (2) ProxySG, (3) ProxyAV, (4) ProxySG, (S) Web server B. Client, (2) ProxySG, (3) ProxyAV, (4) Web server C. client, (2) ProxySG, (3) Web server D. (l) Client, (2) ProxyAV, (3) ProxySG, (4) Web server

Answer: B

Question: 113

Which of the following tasks could be performed from the Blue Coat Management Console? (Choose all that apply) (a) SG Initial Setup (b) Authentication Realm Configuration (c) Bandwidth Class Configuration (d) Resetting Trial Period A. a & b only B. b & c only C. c & d only D. All of the above

Answer: B

Question: 114


The HTTP request from a client to a proxy uses addresses as shown in the picture. It follows that the ProxySG serves as transparent proxy. A. True B. False

Answer: B

Question: 115

What ICAP refers to? A. It is a protocol for Web-based AV appliances to communicate with scanning engines of various providers B. It is a standard developed by Blue Coat to communicate between ProxySG and other Blue Coat appliances C. It is a TCP-based protocol for HTTP request and response modification D. It is an approach used by media servers for Digital Rights Management

Answer: A

Question: 116

If the DRTR is enabled in real time, but does not have categorization value for the requested URL, A. the URL will be assigned to the category none B. the URL will be assigned to the category pending C. the URL will be assigned to the category unavailable D. the URL will assigned to the category uncategorized

Answer: D

Question: 117


You need to have an open service request (SR) with Technical Support to upload your ProxySG configuration information to Blue Coat directly from the Management Console. A. True B. False

Answer: A

Question: 118

A policy configured in VPM contains several Web Access layers, each contains several rules. Where a policy rule should be placed to ensure that it is always invoked and its action (e.g. ALLOW or DENY) is not overridden by any other rule? A. First in the first layer B. First in the last layer C. Last in the first layer D. Last in the last layer

Answer: A

Question: 119

ICAP responses may be cached on a ProxySG, i.e. for some Web requests ICAP processing may be completed without involving ProxyAV A. True B. False Answer: B

Question: 120

You can obtain support information without contacting anyone from Blue Coat support via Blue Coat's online tool, Instant Support. A. True B. False

Answer: B


Question: 121

Which of the following is true about enabling access logging? (Choose all that apply) (a) Access logging is disabled by default on newly configured systems. (b) You can enable access logging through the Management Console only. (c) You must configure the ProxySG to intercept protocols you wish to log. A. a & b only B. a & c only C. b & c only D. All of the above

Answer: B

Question: 122

What is sent over HTTP, if user enters non-ASCII characters into the address window of a Web browser (e.g. the URL address shown in the image)? A. The UTF-16 representation of these characters is being sent, since HTTP supports Unicode B. The special characters are Base64 encoded before sending C. URL address contains sequence of the form %HH%HH%HH, where "HH" is a hex-encoding of bytes representing the non-ASCII characters D. Special characters are sent as bytes, using the current encoding of the Web page

Answer: C

Question: 123

Which of the following are trigger objects in the Visual Policy Management? (Choose all that apply) (a) Source Address (b) Destination Address (c) Time (d) Tracking A. All of the above B. b, c & d only


C. a, b & c only D. a, c a d only

Answer: C

Question: 124

Notify user objects utilize cookies and http redirection to deliver error messages to clients. A. True B. False

Answer: B

Question: 125

How can a user restore ProxySG back to its default, factory settings, so that its IP address etc. needs to be configured anew? (Choose all that apply) (a) Press a button on ProxySG back panel (left arrow on front panel for some models) and hold it for about S seconds (b) Enter a CLI command ( restore-defaults factory-defaults ) and confirm it with y(yes) . (c) Press a button in Management Console that drops the network configuration, and confirm the warning dialog. A. a & b only B. a & c only C. b & c only D. All of the above

Answer: C

Question: 126

What categories are included in Blue Coat WebFilter on-box database and recognized by the WebPulse dynamic categorization A. There is a simple list of 23 categories B. There is a hierarchy of 36 first level categories, and several hundred second level categories C. There is a simple list of 69 categories

Answer: C


Question: 127

What is the behavior of content filtering policies, when the Blue Coat WebFilter license expires A. All content is blocked B. All content is allowed C. Content is allowed or blocked depending on policy for System/unlicensed D. Content is allowed or blocked depending on fail open or fail closed setting in Management Console.

Answer: C

Question: 128

Which of the following types of traffic are scanned with ICAP RESPMOD? A. HTTP responses B. FTP uploads C. HTTP PUT data D. HTTP POST data E. All of the above

Answer: A

Question: 129

ProxySG uses a licensed Blue Coat Web Filter (BCWF), and has configured policies for URL categories. ProxySG uses a DNS server, which for some reason cannot resolve the domain name sp.cwfservice.net anymore. What happens to the content filtering policy evaluation in this case? A. Any time when policy evaluation needs to categorize an URL, access to that page is denied. B. ProxySG always uses whatever action is configured for the System/unavailable category C. Policy evaluation is not affected, because ProxySG uses the default IP address of a WebPulse Service Point D. Policy evaluation is not affected for URLs categorized in the BCWF database, and is evaluated as System/unavailable for any other URLS.

Answer: B

Question: 130


In a TCP connection, what will a listener service attempt to match before deciding to intercept or to bypass the connection? (Choose all that apply) (a) Source IP (b) Destination IP (c) Destination Port (d) Source Port A. a & b only B. b & c only C. c & d only D. All of the above

Answer: D

Question: 131

Name two different ways to create a transparent proxy environment. A. Using the PAC File or configuring WCCP B. Configuring a Layer 4 switch or configuring the appliance in bridging mode C. Configuring WCCP or using an automatic configuration script

Answer: B

Question: 132

How many content filtering databases can be used in a policy for SGOS 5.3 at the same time (apart from the local database and IWF restricted categories)? A. Only one content filtering database B. Any two content filtering databases C. Two content filtering databases — BCWF and one other D. Any number of content filtering databases from the list supported by ProxySG

Answer: D


Question: 133

Which is NOT a good reason why to configure user authentication when deploying ProxySG as an Internet gateway proxy? A. To allow creation of granular polices by user or group B. To allow more detailed logging and reports C. To enable more convincing coaching pages for AUP violations D. To ensure that cache content is not expired E. To protect against unauthorized access of Web objects found in cache

Answer: D

BCCPA

Documents

specific im

blue coat

blue coat

blue coat

frequently

http header

instant messaging

drtr successfully