250-430

Administration of Blue Coat ProxySG 6.6

Exam: 250-430
Edition: 2.0

1 http://www.examarea.com
 250-430

QUESTION: 1
By default, HTTP traffic that is logged is recorded to which log facility?

A. bcreportermain_v1
B. main
C. elf
D. http

Answer: B

Reference:
https://wikileaks.org/spyfiles/files/0/241_BLUECOAT-SGOS_CMG_5.1.4_9.pdf
(p.7)

QUESTION: 2
Which Symantec product is best suited for simultaneously administering a large
number of ProxySG appliances?

A. Reporter
B. PacketShaper
C. Content Analysis
D. Management Center

Answer: A

QUESTION: 3
What stops further rule processing in a layer?

A. When the final rule on the layer is reached

B. When two rules match
C. When a later rule contradicts an earlier rule
D. The first rule in the layer that matches

Answer: D

Reference:
https://www.dumpsschool.com/
https://origin-
symwisedownload.symantec.com/resources/webguides/sgos/policy/Learn/

2 http://www.examarea.com
 250-430

aboutlayerandruleeval/layerguards.htm

QUESTION: 4
When the ProxySG uses a virtual URL for user authentication, what must the virtual
URL point to?

A. The IP address of the origin content server

B. A hostname that the user agent can DNS-resolve to an IP address
C. None of these answers
D. The IP address of the ProxySG

Answer: D

Reference:
https://support.symantec.com/en_US/article.TECH243088.html

QUESTION: 5
Why is Kerberos performance better than NTLM?

A. It uses less encryption

B. None of these answers
C. Only two round trips are required between the browser and an authentication
server
D. It works with later versions of Microsoft Windows

Answer: B

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/proxysg/certification/
authentication_webguide/Content/Topics/Authentication/Concepts/IWA_auth_proto
cols_co.htm

QUESTION: 6
Where is the WebFilter database stored? (Select two)

A. On clients’ mobile devices

B. On a properly licensed ProxySG
C. At several data centers around the world

3 http://www.examarea.com
 250-430

D. At third-party data centers

Answer: B, C

QUESTION: 7
What does the authentication mode specify?

A. The time-to-live for credentials

B. The protocol used to communicate with the authentication service
C. The challenge type and the accepted surrogate
D. Whether the credentials will be encrypted

Answer: B

QUESTION: 8
Which services are included in the Intelligence Services Advanced Bundle?

A. Content categories
B. Threat risk levels
C. All of these
D. Geolocation

Answer: C

Reference:
https://www.symantec.com/products/webfilter-intelligent-services

QUESTION: 9
When does the ProxySG establish anSchannel?

A. When a client request is first received

B. When the client sends an NTLM type 2 message to ProxySG
C. When IWA authentication fails
D. When the client sends an NTLM type 3 message to the ProxySG

Answer: B

4 http://www.examarea.com
 250-430

QUESTION: 10
Which of the following is not a VPM trigger object?

A. Time
B. Source
C. Destination
D. Service
E. Action

Answer: E

QUESTION: 11
Name three methods by which client configuration can be performed in an explicit
ProxySG deployment.

A. Configure the user agent to point to the IP address or hostname of the ProxySG
B. Configure the user agent to point to the location of a PAC file
C. Configure the user agent to use WPAD
D. Use Symantec Management Center to configure the user agent
E. Configure forwarding hosts on the ProxySG

Answer: A, B, C

QUESTION: 12
If you have configured continuous uploading of access logs and the ProxySG is
unable to reach the upload destination, what happens to the log entries?

A. They are uploaded in real time to the backup upload destination configured in the
Management Console
B. None of these answers
C. They are stored locally until the connection is re-established, and then they are
uploaded
D. They are discarded

Answer: C

5 http://www.examarea.com
 250-430

QUESTION: 13
Which built-in tool would you use to monitor external resources?

A. Sysinfo
B. Health checks
C. Event log
D. SNMP

Answer: D

QUESTION: 14
SGOS is based on which other operating system?

A. Unix
B. VxWorks
C. pSOS
D. None of these answers
E. Windows

Answer: A

QUESTION: 15
What is one drawback to using apparent data type to detect the file type?

A. Presents a security risk

B. Less accurate than HTTP content type detection
C. None of these answers
D. Most resource-intensive

Answer: D

QUESTION: 16
Why is authentication using Basic credentials typically used over HTTPS?

A. Username and password are base-64 encoded

B. No session identifier is required
C. No cookies are required

6 http://www.examarea.com
 250-430

D. No other credentials are compatible with HTTPS

Answer: A

QUESTION: 17
What does each proxy service define? (Choose two.)

A. ProxySG SGOS version

B. Proxy type to use to process traffic
C. Attributes
D. Policy

Answer: B, C

QUESTION: 18
What rules in a VPM layer are being evaluated, what causes evaluation to stop and
proceed to the next layer?

A. A miss against the trigger in that rule

B. Neither a miss nor a match
C. A default policy of Deny
D. A match against the trigger in that rule

Answer: C

QUESTION: 19
How do you create a new built-in exception of the ProxySG?

A. In the Visual Policy Manager

B. You cannot do this
C. In the Management Console
D. In Content Policy Language

Answer: A

7 http://www.examarea.com
 250-430

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/proxysg/security_first_steps/
Content/PDFs/Exception_Pages_Solution.pdf

QUESTION: 20
Which SGOS edition is designed for Secure Web Gateway deployments?

A. Premium Edition
B. MACH5 edition
C. SWG Edition
D. Proxy Edition

Answer: C

Reference:
https://www.symantec.com/products/virtual-secure-web-gateway

QUESTION: 21
Which of the following are always included in both the request and response
headers?

A. Information relevant to the connection between the client and the server
B. DNS query
C. ICAP version number
D. Cipher suite

Answer: A

QUESTION: 22
Does the policy trace flag malfunctioning policy?

A. Yes
B. No

Answer: B

8 http://www.examarea.com
 250-430

QUESTION: 23
When policy created in the VPM is installed, what two files does the VPM update on
the ProxySG? (Choose two.)

A. Local policy file

B. Central policy file
C. VPM-XML file
D. VPM-CPL file

Answer: C, D

QUESTION: 24
What needs to be selected for the Explicit HTTP service to be able to hand off SSL
traffic?

A. Port 443
B. Enable ADN
C. Early Intercept
D. Detect Protocol

Answer: D

Reference:
https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjtw_
3pyvPbAhUHUhQK HVfIC8s
QFggmMAA&url=https%3A%2F%2F2.zoppoz.workers.dev%3A443%2Fhttps%2Forigin-
symwisedownload.symantec.com%2Fresources%2Fwebguides%
2Fproxysg%2Fsecurity_first_steps%2FContent%2FPDFs%
2FControl_HTTPS.pdf&usg=AOvVaw2SbHIePGOpEC8szeb-pNqx

QUESTION: 25
Which of the following is NOT a component of a proxy service listener?

A. Source IP address
B. Port range
C. Destination IP address
D. Proxy type

9 http://www.examarea.com
 250-430

Answer: C

QUESTION: 26
In which client connection type are user agents aware that a proxy has been
deployed?

A. Explicit proxy
B. In every connection type
C. Inline
D. Transparent

Answer: A

QUESTION: 27
The ProxySG simultaneously opens multiple server connections to retrieve objects
referenced on a web page before the client actually issues the requests for those
objects. This statement best describes which ProxySG caching technique?

A. Asynchronous adaptive refresh

B. Popularity contest
C. Pipelining
D. Cost-based deletion

Answer: C

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/proxysg/security_first_steps/
Content/Solutions/Caching/about_cache.htm

QUESTION: 28
Of the methods that the ProxySG uses to detect file type, which one is usually the
most accurate?

A. Checking the HTTP content type (or MIME type)

B. Performing an anti-virus scan
C. Detecting apparent data type
D. Checking the file extension

10 http://www.examarea.com
 250-430

Answer: A

QUESTION: 29
Which deployment method represents a single point of failure?

A. None of these answers

B. Inline XXX
C. Explicit
D. Transparent

Answer: B

Reference:
https://www.symantec.com/content/dam/symantec/docs/white-papers/swg-
deploymentmethodologies-en.pdf

QUESTION: 30
If you lose the password to the setup console, which of these methods can be used to
regain access to the setup console? (Choose three.)

A. Open a serial connection, and use the CLI command restore-defaults factory-
defaults
B. Use the appliance reset button, if available on this model
C. Use the front panel buttons and screen, if available on this model, to reset the
password
D. Press Control + ALT + DEL

Answer: A, B, C

Reference:
https://wikileaks.org/spyfiles/files/0/213_BLUECOAT-
810_install_guide_4.x_5.x.pdf

QUESTION: 31
What would happen if the ProxySG did not use surrogate credentials to authenticate
users who use transparent proxy connections?

A. They would not be able to authenticate to the ProxySG

B. TheProxySG does not need to use surrogate credentials to authenticate users who

11 http://www.examarea.com
 250-430

use transparent proxy connections

C. They would have to reauthenticate for each domain that they access

Answer: C

Reference:
https://origin-symwisedownload.symantec.com/resources/webguides/proxysg/6.6/
reverse_proxy_webguide/Content/Topics/Tasks/Authentication/surrogate_credential
s_co.htm

QUESTION: 32
In the Management Console, how can you determine the serial number of the
ProxySG?

A. Go to Configuration > Network

B. This information is not visible from the Management Console
C. The serial number is contained in the Management Console home link at top.
D. Go to Statistics > Advanced

Answer: C

Reference:
https://support.symantec.com/en_US/article.TECH243302.html

QUESTION: 33
Which of the following are recommended to improve CPU performance? (Choose
two.)

A. Edit the size of emulated certificates

B. Deny wildcard certificates
C. Enable DHE
D. Reduce the number of emulated certificates

Answer: A, D

QUESTION: 34
Where in the Management Console would you look to find all sessions that are being
intercepted by the services framework of the ProxySG?

12 http://www.examarea.com
 250-430

A. Heartbeats
B. Maintenance > System Tools
C. Statistics > Sessions > Active Sessions
D. Advanced statistics

Answer: C

QUESTION: 35
When must BCAAA be used?

A. When you need to establish more than one Schannel to increase performance
B. When the ProxySG cannot directly use APIs that require traditional operating
systems
C. When more than one ProxySG are deployed
D. When Basic credentials are used

Answer: B

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/packetguide/11.5/Content/
Topics/overviews/bcaaa-overview.htm

QUESTION: 36
Where does ProxySG object caching usually result in the most bandwidth savings?

A. On the server side

B. On the client side

Answer: B

Reference:
https://wikileaks.org/spyfiles/document/bluecoat/259_blue-coat-systems-proxysg-
applianceconfiguration-and/259_blue-coat-systems-proxysg-appliance-
configuration-and.pdf (46)

QUESTION: 37
Where are surrogate credentials stored?

13 http://www.examarea.com
 250-430

A. On the authentication server

B. In the ProxySG authentication cache
C. In a cookie in the user’s web browser

Answer: C

QUESTION: 38
A primary difference between a proxy server and a firewall is that proxy is not
fundamentally what?

A. An edge device
B. A man-in-the-middle
C. A Layer 3 switch
D. A router

Answer: D

QUESTION: 39
What happens when the ProxySG bypasses traffic?

A. No policy can be applied

B. Only the default policy can be applied
C. The traffic is blocked
D. An exception message is displayed to the user

Answer: D

QUESTION: 40
Which two (2) services are provided by the ProxySG? (Select two)

A. Strong authentication
B. Visibility into encrypted traffic
C. Edge routing
D. Sandboxing
E. Virus scanning

Answer: A, B

14 http://www.examarea.com
 250-430

QUESTION: 41
What is the advantage of an inline deployment?

A. Ease of deployment
B. More easily implement redundancy
C. Narrowing the amount of traffic to the ProxySG
D. Eliminates single point of failure

Answer: A

QUESTION: 42
Where do ProxySG administrators issue web requests from?

A. From the Management Console

B. From a browser
C. From a Java applet
D. From the Visual Policy Manager

Answer: B

QUESTION: 43
What defines the ports on which the ProxySG listens for incoming requests?

A. Policies
B. SGOS version
C. Services
D. Subscription licenses

Answer: C

QUESTION: 44
What two (2) options allow an administrator to create policy? (Select two)

A. Visual Policy Manager

B. Directly in Content Policy Language
C. Proxy services
D. In the CLI

15 http://www.examarea.com
 250-430

E. In the initial configuration

Answer: A

QUESTION: 45
What two (2) components are necessary to filter web content? (Select two)

A. Content filtering database

B. SSL Proxy services
C. Configured policy
D. Local database
E. A third-party filtering application

Answer: A, C

QUESTION: 46
What allows Symantec to dynamically analyze and categorize new web content?

A. Geolocation
B. Threat risk levels
C. Application filtering
D. Global Intelligence Network

Answer: D

QUESTION: 47
What two (2) protocols can you use to upload access logs? (Select two)

A. HTTP
B. ICAP
C. FTP
D. WCCP
E. IMAP

Answer: A, C

16 http://www.examarea.com
 250-430

QUESTION: 48
What provides visibility into who is going where on the network?

A. Authorization on the ProxySG

B. Authentication on the ProxySG
C. Certificate validation
D. The event log

Answer: B

QUESTION: 49
What provides an encrypted tunnel through which other protocols can pass?

A. HTTP
B. Certificate authorities
C. Secure Socket Layer
D. PKI

Answer: C

QUESTION: 50
Which built-in tool would you use to monitor external resources?

A. Sysinfo
B. Health checks
C. Event log
D. SNMP

Answer: D

QUESTION: 51
SGOS is based on which other operating system?

A. Unix
B. VxWorks
C. pSOS
D. None of these answers

17 http://www.examarea.com
 250-430

E. Windows

Answer: A

QUESTION: 52
What is one drawback to using apparent data type to detect the file type?

A. Presents a security risk

B. Less accurate than HTTP content type detection
C. None of these answers
D. Most resource-intensive

Answer: D

QUESTION: 53
Why is authentication using Basic credentials typically used over HTTPS?

A. Username and password are base-64 encoded

B. No session identifier is required
C. No cookies are required
D. No other credentials are compatible with HTTPS

Answer: A

QUESTION: 54
What does each proxy service define? (Choose two.)

A. ProxySG SGOS version

B. Proxy type to use to process traffic
C. Attributes
D. Policy

Answer: B, C

QUESTION: 55
Which deployment method represents a single point of failure?

18 http://www.examarea.com
 250-430

A. None of these answers

B. Inline XXX
C. Explicit
D. Transparent

Answer: B

Reference:
https://www.symantec.com/content/dam/symantec/docs/white-papers/swg-
deploymentmethodologies-en.pdf

QUESTION: 56
If you lose the password to the setup console, which of these methods can be used to
regain access to the setup console? (Choose three.)

A. Open a serial connection, and use the CLI command restore-defaults factory-
defaults
B. Use the appliance reset button, if available on this model
C. Use the front panel buttons and screen, if available on this model, to reset the
password
D. Press Control + ALT + DEL

Answer: A, B, C

Reference:
https://wikileaks.org/spyfiles/files/0/213_BLUECOAT-
810_install_guide_4.x_5.x.pdf

QUESTION: 57
What would happen if the ProxySG did not use surrogate credentials to authenticate
users who use transparent proxy connections?

A. They would not be able to authenticate to the ProxySG

B. TheProxySG does not need to use surrogate credentials to authenticate users who
use transparent proxy connections
C. They would have to reauthenticate for each domain that they access

Answer: C

19 http://www.examarea.com
 250-430

Reference:
https://origin-symwisedownload.symantec.com/resources/webguides/proxysg/6.6/
reverse_proxy_webguide/Content/Topics/Tasks/Authentication/surrogate_credential
s_co.htm

QUESTION: 58
In the Management Console, how can you determine the serial number of the
ProxySG?

A. Go to Configuration > Network

B. This information is not visible from the Management Console
C. The serial number is contained in the Management home link at top.
D. Go to Statistics > Advanced

Answer: C

Reference:
https://support.symantec.com/en_US/article.TECH243302.html

QUESTION: 59
Which of the following are recommended to improve CPU performance? (Choose
two.)

A. Edit the size of emulated certificates

B. Deny wildcard certificates
C. Enable DHE
D. Reduce the number of emulated certificates

Answer: A, D

QUESTION: 60
Where in the Management Console would you look to find all sessions that are being
intercepted by the services framework of the ProxySG?

A. Heartbeats
B. Maintenance > System Tools
C. Statistics > Sessions > Active Sessions
D. Advanced statistics

20 http://www.examarea.com
 250-430

Answer: C

QUESTION: 61
What rules in a VPM layer are being evaluated, what causes evaluation to stop and
proceed to the next layer?

A. A miss against the trigger in that rule

B. Neither a miss nor a match
C. A default policy of Deny
D. A match against the trigger in that rule

Answer: C

QUESTION: 62
How do you create a new built-in exception of the ProxySG?

A. In the Visual Policy Manager

B. You cannot do this
C. In the Management Console
D. In Content Policy Language

Answer: A

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/proxysg/security_first_steps/
Content/PDFs/Exception_Pages_Solution.pdf

QUESTION: 63
Which SGOS edition is designed for Secure Web Gateway deployments?

A. Premium Edition
B. MACH5 edition
C. SWG Edition
D. Proxy Edition

Answer: C

21 http://www.examarea.com
 250-430

Reference:
https://www.symantec.com/products/virtual-secure-web-gateway

QUESTION: 64
Which of the following are always included in both the request and response
headers?

A. Information relevant to the connection between the client and the server
B. DNS query
C. ICAP version number
D. Cipher suite

Answer: A

QUESTION: 65
Does the policy trace flag malfunctioning policy?

A. Yes
B. No

Answer: B

QUESTION: 66
When policy created in the VPM is installed, what two files does the VPM update on
the ProxySG? (Choose two.)

A. Local policy file

B. Central policy file
C. VPM-XML file
D. VPM-CPL file

Answer: C, D

QUESTION: 67
What needs to be selected for the Explicit HTTP service to be able to hand off SSL
traffic?

22 http://www.examarea.com
 250-430

A. Port 443
B. Enable ADN
C. Early
D. Detect Protocol

Answer: D

QUESTION: 68
Which of the following are recommended to improve CPU performance? (Choose
two.)

A. Edit the size of emulated certificates

B. Deny wildcard certificates
C. Enable DHE
D. Reduce the number of emulated certificates

Answer: A, D

QUESTION: 69
Where in the Management Console would you look to find all sessions that are being
intercepted by the services framework of the ProxySG?

A. Heartbeats
B. Maintenance > System Tools
C. Statistics > Sessions > Active Sessions
D. Advanced statistics

Answer: C

QUESTION: 70
When must BCAAA be used?

A. When you need to establish more than one Schannel to increase performance
B. When the ProxySG cannot directly use APIs that require traditional operating
systems
C. When more than one ProxySG are deployed
D. When Basic credentials are used

23 http://www.examarea.com
 250-430

Answer: B

Reference:
https://origin-
symwisedownload.symantec.com/resources/webguides/packetguide/11.5/Content/
Topics/overviews/bcaaa-overview.htm

24 http://www.examarea.com