Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 2: Blue Coat Certified ProxySG Professional

Full screen (f)
exit full mode
Question
Which of the following statements are true? (Choose all that apply) (a) The SGOS object store utilizes a directory structure so that objects in cache can be accessed rapidly (b) Information about a single object in cache be retrieved from the Management console or the CLI (c) There are two object caches, the object cache which resides on disk and the object cache which resides in RAM (d) The SGOS object store is separated by protocol (HTTP cache, FTP cache, etc.)

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
Use Space or
up arrow
down arrow
to flip the card.
Question
What criterion is NOT used to determine location awareness of a ProxyClient

A) IP address range
B) Virtual NICs IP address range
C) The IP address of the closest AND concentrator
D) DNS server IP address
Question
Which of the following steps have to be performed to support Kerberos Authentication? (Choose all that apply) (a) A virtual URL that resolves to the IP of the ProxySG. (b) Registering the BCAAA as a Service Principal Name. (c) Configuring IWA Realm. (d) Configuring Explicit Proxy.

A) All of the above
B) None of the above
C) a, b & c only
D) b, c & d only
Question
Which of the following hostnames are NOT matched by the regular expression "www (0 9) (0-9)? \ .foo\ .com")

A) www.foo.com
B) www01.foo.com
C) www1.foo.com
D) www11.foo.com
Question
Which of these are the features of a Blue Coat Director? (Choose all that apply) (a) Install and update configurations of a group of ProxySG (b) Distribute and control content of a group of ProxySG (c) Managing SSL VPN configuration (d) Monitoring ProxySG Performance

A) a, b & c only
B) a, b & d only
C) b, c & d only
D) a, c & d only
Question
url.regex=!\.html$ d\ DENY What is the effect of the above CPL code?

A) Deny any URL that ends with html
B) Deny any URL that does not end with html
C) Deny any URL that ends with htm or html
D) Deny any URL that does not end with htm or html
Question
Which of the following are obvious advantages of having a ProxySG deployed in a Reverse Proxy environment? (Choose all that apply) (a)The ProxySG has built in DOS protection to guard the actual web server from denial-ofservice attacks (b) Increased performance with caching provides an improved Web Experience (c) Consistent default behavior of cache expiration and validation directives (d) SSL termination on ProxySG allow SSL offloading, therefore eliminating bottleneck on the web server side.

A) All of the above
B) a, b & c only
C) a, b & d only
D) b, c & d only
Question
Which of the following are true when attempting to deny access to file types?

A) MIME type objects are matched against the Content-type request header; File Extension objects are matched against the GET response header; Apparent Data Type objects are matched against request data.
B) MIME type objects are matched against the Content-type response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against response data.
C) MIME type objects are matched against the Content-encoding response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against response data.
D) MIME type objects are matched against the Content-type response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against request data.
Question
With ProxySG failover, the failover Virtual IP address can be the same as the IP address assigned to the master.
Question
What is the protocol used for Blue Coat Director to communicate with ProxySG?

A) SSL
B) Telnet
C) SSH v2
D) HTTPS
Question
The Content-encoding header is used to declare the MIME type and compression method used in a HTTP response.
Question
Which of the following statements are true about dynamic bypass list? (Choose all that apply) (a) Configured polices will not be enforced on client request if the request matches an entry in the bypass list. (b) Dynamic bypass entries are lost when ProxySG is restarted (c) If request made to a site in a forwarding policy is in the bypass list, the site is inaccessible (d) Dynamic bypass parameters can be configured on Management Console and CLI.

A) All of the above
B) a, b & c only
C) b, c & d only
D) a, c & d only
Question
Which of the following statements are true about ProxySG Protocol Detection feature? (Choose all that apply) (a) Protocol detection is performed on the server's response. (b) Protocol detection is performed on the client's request. (c) Enabling Detect Protocol option will automatically enable early intercept attribute in proxy services. (d) Protocol detection is performed by looking at the TCP port number.

A) a & b only
B) b & c only
C) c & d only
D) All of the above
Question
A cookie without an expire value will ___

A) last until the client cleats cookies from the browser
B) last until the client closes the browser session
C) last until the client logs off
Question
Which of the following statements are true about Reverse Proxy deployment? (Choose all that apply) (a) Forwarding hosts in the forwarding file must be defined as "server" style (b) Default-scheme in forwarding file is supported (c) Protocol conversion between HTTPS <- ->HTTP are automatic (d) ProxySG should be set with default DENY policy

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
Question
Which method of controlling downloads of certain file types works fastest on ProxySG?

A) Apparent Data Type
B) MIME Type
C) File extension
Question
You can NOT use a self-signed certificate when intercepting SSL traffic.
Question
After creating CPL in the local policy file, the policy is imported into the VPM CPL file so that it can be viewed through the Visual Policy Manager.
Question
Which client deployment methods support the 407 Proxy Authentication Required response code? (Choose all that apply) (a) Proxy Auto Configuration files (b) WCCP (c) Proxy settings in browser (d) Inline Bridging

A) a & b only
B) b & c only
C) c & d only
D) a & c only
E) All of the above
Question
ProxySG is configured to permit error but guest authentication is not configured. What will happen to a user who initiates a connection to the Internet?

A) The user will receive an error notifying unsuccessful authentication.
B) The user will be allowed to proceed as a guest user.
C) The user will be allowed to proceed as unauthenticated.
D) The user will receive an error notifying Access Denied.
Question
What is the meaning of the metacharacter * (asterisk) in regular expressions?

A) escape character
B) any character except newline
C) zero or character
D) zero or more characters
Question
At which checkpoint does the rewrite () perform the TWURL modification?

A) Client In
B) Client Out
C) Server In
D) Server Out
Question
Which of the following are true when enabling the early intercept attribute for a proxy service? (Choose all that apply) (a) It is automatically enabled when the detect protocol attribute is enabled. (b) The ProxySG completes the three-way TCP handshake with the client before establishing a connection to the upstream server. (c) It can be used with any protocol.

A) a & c only
B) a & b only
C) c only
D) All of the above
Question
Which statement is correct about WWW-Authenticate header?

A) It is request header used only with Basic Authentication to send username and password to a proxy or a Web server
B) It is a request header used to send credentials
C) It is a response header used with HTTP 401 status code to negotiate method of authentication and send NTLM challenge to the client.
Question
When a ProxyClient setup file is manually on a client's computer, what data transfer takes place before ProxyClient is installed?

A) ProxyClient setup program is self-contained; there is no data transfer necessary in order to complete the installation of the ProxyCinent
B) ProxyCilent setup program cause download of the most recent updates from a public download site https://hypersonic.bluecoat.com/.
C) ProxyClient setup program transfers data form Client Manager ProxySG appliance before it can install successfully.
D) ProxyClient setup program transfers data form the AND manager (or backup AND manager) ProxySG appliance before it can install successfully.
Question
What is the meaning of the metacharacter \ (backslash) in regular expressions?

A) escape character
B) any character except newline
C) zero or character
D) zero or more character
Question
ProxySG can cache videos played by Adobe Flash based video player (e.g. on YouTube) as HTTP objects.
Question
Steaming traffic is better managed by using ProxySG's admission control features.
Question
When a backup ProxySG takes over because the master fails, which of the following will occur?

A) Policy from the master is replicated on the backup.
B) A failover event is logged in the event log.
C) An email notification is sent to the ProxySG administrator.
D) The backup begins replying to ARPS for the Virtual MAC address.
Question
When creating a TCP tunnel service in explicit mode, you must also configure a forwarding host?
Question
What are the two functions of configuring forwarding in ProxySG? (Choose all that apply)

A) To accelerate application
B) Reverse Proxy
C) To support Proxy Chaining
D) To intercept SSl
Question
Health checks are automatically created under which scenarios? (Choose all that apply) (a) When a forwarding host is created. (b) When a failover group is created. (c) When the DRTR is enabled. (d) When a SOCKS gateway is created.

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
Question
The authentication mode origin-ip-redirect allows an administrator to assign a Time To Live (TTL) for the surrogate credentials. Meanwhile the authentication mode origin-cookie-redirect does not provide this feature.
Question
When configuring forwarding in PoxySG, what are the possible load balancing methods? (Choose all that apply) (a) Round Robin (b) Fastest ICMP Reply (c) Least Connections (d) Least Delay

A) a & c only
B) b & d only
C) a & d only
D) b & c only
Question
Which of the following authentication mode will allow you to visibly challenge the user upon inactivity timeout? (Choose all that apply) (a) Form based authentication (b) Cookie Surrogate (c) IP surrogate (d) Session based surrogate a & b only

A) a & b only
B) b & c only
C) c & d only
D) d & a only
E) All of the above
Question
In regards to authentication the ProxySG does not support origin-redirects with CONNECT method.
Question
Which of the following are some of the general requirements for using Kerberos Authentication? (Choose all that apply) (a) SGOS 4.2x or higher (b) Internet Explorer 5 (c) Transparent Proxy Deployment (d) Windows 2000 and above

A) a, b & c only
B) b, c & d only
C) a, c & d only
D) All of the above
Question
When implementing failover with ProxySG appliances, configurations and policies on the master are automatically replicated to members of the failover group.
Question
What are the available actions for any given category, when defining ProxyClient content filtering configuration? (Choose all that apply) (a) Allow (b) Deny (c) Temporanily Allow (d) Warm

A) a & b only
B) a, b & c only
C) a, b & d only
D) All of the above
Question
What are the advantages that you may get in deploying ProxySG with WCCP? (Choose all the apply) (a) Scalability (b) Redundancy (c) Load Balancing (d) Security

A) All of the above
B) a, b & c only
C) b, c & d only
D) a, b & d only
Question
Which statement is correct about Proxy-Authorization header?

A) It is a response header used by a proxy to negotiate parameters of the credential exchange and to send challenge to the client
B) It is a request header used to pass client's credentials to a proxy server
C) It is a response header used by an upstream proxy to ask for credentials from a downstream proxy or user agent
Question
The Access Control List (ACL) option in the management console (configured by the menu item Configuration >Authentication >Console access) will be enforced for which types of administrative accounts? (Choose all that apply) (a) LDAP realm account (b) Local realm account (c) Built-in account (d) IWA realm account

A) All of the above
B) a & b only
C) c only
D) c & d only
E) None of the above
Question
Which of the following cashing techniques utilize retrieval workers to keep the contents of the cache fresh? (Choose all that apply.) (a) Cost-based Deletion (b) Asynchronous Adaptive Refresh (c) Popularity Contest

A) a & b only
B) b & c only
C) All of the above
D) b only
Question
Bandwidth minimum does not work in an explicit deployment model.
Question
CPL is required when creating which types of policy?

A) Two-Way URL rewrites
B) Policy that utilizes layer guards
C) Policy that involves local users and groups
Question
Which of the following are the benefits of using Bandwidth Management with the ProxySG? (Choose all that apply) (a) Ensuring mission critical application receives minimum amount of bandwidth (b) Compressing certain type of traffic classes before transmitting it over the WAN (c) Prioritizing certain traffic classes (d) Rate limiting application to prevent "hogging" of network bandwidth.

A) a, b & c only
B) a, b & d only
C) a, c & d only
D) All of the above
Question
In which of the following ways can Access Logging be enabled? (Choose all that apply.) (a) By a CLI command (b) In the Management Console under Access Logging (C) By adding another layer to VPM policy

A) a & b only
B) a & c only
C) b & c only
D) All of the above
Question
There is a hard coded limit to the number of concurrent connections allowed through the ProxySG.
Question
Which statement best describes the payload that is encapsulated by GRE (Generic RoutingEncapsulation) protocol and what layer GRE uses for delivery

A) GRE sends IP payload over IP
B) GRE sends either TCP or UDP payload over IPSec
C) GRE sends IP payload over data link layer
Question
Hostname of the BCAAA= serverl DNS suffix =bluecoat.com Hostname of the Bluecoat SG = sgo1 Referring to the above information, what is the correct syntax for the SPN command in the Domain Controller?

A) setspn-A HTTP/serverl.bluecoat.com sg01
B) setspn-L HTTP/serverl.bluecoat.com sg01
C) setspn-A HTTP/sg01.bluecoat.com server1
D) setspn-D HTTP/serverl.bluecoat.com sg01
Question
Which of the following format can be used in troubleshooting authortization and authorization related problems in ProxySG? (Choose all that apply) (a) x-sc-authentication-error (b) x-sc-authentication-timeout (c) x-sc-authorlzation-error (d) x-sc-authorization-timeout

A) a & b only
B) b, & c only
C) a & c only
D) c & d only
E) b & d only
Question
While configuring Blue Coat directory, what is an Overlay?

A) A few selected setting used to replace some of the configuration in ProxySG.
B) A snapshot of all the configuration in ProxySG.
Question
At which checkpoint does the rewrite_url_prefix perform the TWURL modification?

A) Client In
B) Client Out
C) Server In
D) Server Out
Question
Which method of controlling downloads of certain file types has the LOWEST efficiency in terms of response time, bandwidth use and execution time on ProxySG?

A) Apparent Data Type
B) MIME Type
C) File extension
Question
Which of the following statements are true about Bandwidth Management Hierarchies and Priorities? (Choose all that apply) (a) Child classes can have children of their own. (b) If no limit is set, packets are sent as soon as they arrive. (c) Priorities are set to a class to give precedence over other classes. (d) If there is excess bandwidth, the child class will always get the first opportunity to use it.

A) a, b & c only
B) a, b & d only
C) b, c & d only
D) All of the above
Question
If a user cannot be derived through the Window SSO realm, then the client will .

A) be prompted with an authentication dialog box to provide credentials.
B) receive an authentication error from the proxy.
C) proceed as an unauthenticated user.
D) receive an authentication form from the proxy to provide credentials.
Question
Which authentication realm is NOT supported for authenticating administrators to the management console?

A) IWA
B) Radius
C) Local
D) Sequence
E) All the above are supported
Question
Which of the following options are configured when implementing failover on ProxySG appliances? (Choose all that apply) (a) Multicast address for advertisements (b) Relative Priority (c) Virtual MAC address (d) Group Secret to hash information sent in multicast announcements

A) All of the above
B) a, b & c only
C) a, b & d only
D) b, c & d only
Question
In ProxyAV anti-virus scanners are ____

A) multiple parallel threads sharing the same code and the same address space
B) multiple parallel processes not sharing the same address space
C) asynchronous calls to remote scanner hardware
D) synchronous procedure calls within ProxyAV
Question
Which of the following options are configured when implementing failover on ProxySG appliances? (Choose all that apply) (a) Multicast address for advertisements (b) Relative Priority (c) Virtual MAC address (d) Group Secret to hash information sent in multicast announcements

A) a, b & c only
B) b, c & d only
C) a, b & d only
D) All of the above
Question
Which of the following access log formats are supported by the ProxySG? (Choose all that apply) (a) ELFF (b) SQUID (c) Websense (d) NCSA

A) a, b & c only
B) a, b & d only
C) a, c & d only
D) b, c & d only
E) All of the above
Question
What is the meaning of the metacharacter (question mark) in regular expressions?

A) escape character
B) any character except newline
C) zero or one character
D) zero or more characters
Question
What are the two main functions of configuring forwarding in ProxySG? (Choose all that apply) (a) To accelerate application (b) Reverse Proxy (c) To support Proxy Chaining (d) To intercept SSL

A) a & b only
B) b & c only
C) c & d only
D) d & a only
Question
What type of authentication challenge is issued when using the Policy Substitution Realm?

A) 407 proxy Authentication Required
B) 401 Unauthorized
C) No challenge will be issued
D) Not enough information to determine the answer
Question
Log format variable rs(Content-Type) always refers to Content-type header value sent from the proxySG to the client.
Question
Which server certificate validation errors can be ignored within ProxySG policy? (Choose all that apply) (a) Untrusted issuer (b) Host name mismatch (c) Expiration

A) a & b only
B) b & c only
C) a & c only
D) All of the above
Question
When configuring reverse proxy with SSL, what are the 3 possible options of ensuring host affinity? (Choose all that apply) (a) client-ip (b) ssl-session-id (c) accelerator-cookie (d) server-ip

A) All of the above
B) b, c & d only
C) a, c & d only
D) a, b & c only
Question
Which authentication modes would result in a user-agent receiving a HTTP 401-Unauthorized status codes from the proxy? (Choose all that apply) (a) origin-ip-redirect (b) proxy-ip (c) origin-cookie (d) form-cookie-redirect

A) a & b only
B) a & c only
C) b & c only
D) c & d only
E) None of the above
Question
Which of the following steps are not required when configuring a transparently deployed ProxySG to intercept HTTPS traffic?

A) Create a SSL intercept layer in the VPM.
B) Enable a SSL service on port 443.
C) Assign a key ring to the SSL proxy.
D) Create a SSL access layer in the VPM.
Question
Which of the following is NOT true about global and per-rule policy tracing?

A) Each object processed by the ProxySG generates an entry in the global policy trace and appears in a rule-based trace if the object triggers a rule.
B) Global policy tracing may severely affect the performance of a production ProxySG.
C) You can enable global tracing through the Management Console or CLI.
D) You can enable per-rule tracing through the Management Console.
Question
Which types of requests are likely to be served the fastest?

A) TCP_MISS
B) TCP_NC_MISS
C) TCP_HIT
D) TCP_MEM_HIT
E) TCP_RESCAN_HIT
Question
When configuring Blue Coat Director, how can an administrator be authenticated? (Choose all that apply.) (a) Local configured accounts and password (b) RADIUS (c) IWA (d) TACACS+

A) All of the above
B) a, b & c only
C) a, c & d only
D) a, b & d only
Question
Apparent Data Type objects can be created in the VPM for which of the following file types? (Choose all that apply) (a) Windows DLL (b) Windows Exe (c) Windows Ocx (d) Windows Cab

A) a, b & c only
B) b, c & d only
C) a, c & d only
D) All of the above
Question
What are the possible ways of creating bandwidth classes? (a) Using Management Console (b) Defining them in a JavaScript file and uploading it to ProxySG (c) Using CLI

A) a & b only
B) a & c only
C) b & c only
D) All of the above
Question
By default, what type of authentication challenge will the user-agent receive if the authentication node is set to AUTO?

A) proxy-ip for explicit and transparent clients
B) proxy for explicit and origin-cookie-redirect for transparent clients
C) proxy for explicit and transparent clients
D) proxy-ip for explicit and origin-ip-redirect for transparent clients
E) proxy for explicit and proxy-ip for transparent
Question
The ProxySG policy engine allows an administrator to create policy based on any MIME type, File Extension or File Signature (first bytes in the response body).
Question
A service can be configured to listen in explicit and transparent mode simultaneously.
Question
Which header cannot be sent together with an HTTP 407 status code from the ProxySG?

A) Proxy-Authenticate: Basic="MyRealm"
B) Proxy-Authenticate: NTLM="MyRealm"
C) Proxy- Authenticate: Kerberos="MyRealm"
D) proxy-Authenticate: Negotiate="MyRealm"
E) All the above headers can be sent with 407 status code
Question
When a TCP health check responds as "healthy" then

A) the SG is able to successfully establish a TCP handshake to the upstream device.
B) the SG is able to successfully resolve the hostname of the upstream device.
C) the SG is able to successfully connect to the upstream device on port 80.
D) the SG is able to successfully ping the upstream device.
Question
Which of the following Health Checks can be defined for a forwarding host? (Choose all that apply) (a) ICMP (b) TCP (C) HTTP (d) HTTPS

A) a & b only
B) b & c only
C) c & d only
D) a & d only
E) All of the above
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/123
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Blue Coat Certified ProxySG Professional
1
Which of the following statements are true? (Choose all that apply) (a) The SGOS object store utilizes a directory structure so that objects in cache can be accessed rapidly (b) Information about a single object in cache be retrieved from the Management console or the CLI (c) There are two object caches, the object cache which resides on disk and the object cache which resides in RAM (d) The SGOS object store is separated by protocol (HTTP cache, FTP cache, etc.)

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
A
2
What criterion is NOT used to determine location awareness of a ProxyClient

A) IP address range
B) Virtual NICs IP address range
C) The IP address of the closest AND concentrator
D) DNS server IP address
C
3
Which of the following steps have to be performed to support Kerberos Authentication? (Choose all that apply) (a) A virtual URL that resolves to the IP of the ProxySG. (b) Registering the BCAAA as a Service Principal Name. (c) Configuring IWA Realm. (d) Configuring Explicit Proxy.

A) All of the above
B) None of the above
C) a, b & c only
D) b, c & d only
D
4
Which of the following hostnames are NOT matched by the regular expression "www (0 9) (0-9)? \ .foo\ .com")

A) www.foo.com
B) www01.foo.com
C) www1.foo.com
D) www11.foo.com
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
5
Which of these are the features of a Blue Coat Director? (Choose all that apply) (a) Install and update configurations of a group of ProxySG (b) Distribute and control content of a group of ProxySG (c) Managing SSL VPN configuration (d) Monitoring ProxySG Performance

A) a, b & c only
B) a, b & d only
C) b, c & d only
D) a, c & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
6
url.regex=!\.html$ d\ DENY What is the effect of the above CPL code?

A) Deny any URL that ends with html
B) Deny any URL that does not end with html
C) Deny any URL that ends with htm or html
D) Deny any URL that does not end with htm or html
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following are obvious advantages of having a ProxySG deployed in a Reverse Proxy environment? (Choose all that apply) (a)The ProxySG has built in DOS protection to guard the actual web server from denial-ofservice attacks (b) Increased performance with caching provides an improved Web Experience (c) Consistent default behavior of cache expiration and validation directives (d) SSL termination on ProxySG allow SSL offloading, therefore eliminating bottleneck on the web server side.

A) All of the above
B) a, b & c only
C) a, b & d only
D) b, c & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following are true when attempting to deny access to file types?

A) MIME type objects are matched against the Content-type request header; File Extension objects are matched against the GET response header; Apparent Data Type objects are matched against request data.
B) MIME type objects are matched against the Content-type response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against response data.
C) MIME type objects are matched against the Content-encoding response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against response data.
D) MIME type objects are matched against the Content-type response header; File Extension objects are matched against the GET request header; Apparent Data Type objects are matched against request data.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
9
With ProxySG failover, the failover Virtual IP address can be the same as the IP address assigned to the master.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
10
What is the protocol used for Blue Coat Director to communicate with ProxySG?

A) SSL
B) Telnet
C) SSH v2
D) HTTPS
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
11
The Content-encoding header is used to declare the MIME type and compression method used in a HTTP response.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following statements are true about dynamic bypass list? (Choose all that apply) (a) Configured polices will not be enforced on client request if the request matches an entry in the bypass list. (b) Dynamic bypass entries are lost when ProxySG is restarted (c) If request made to a site in a forwarding policy is in the bypass list, the site is inaccessible (d) Dynamic bypass parameters can be configured on Management Console and CLI.

A) All of the above
B) a, b & c only
C) b, c & d only
D) a, c & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following statements are true about ProxySG Protocol Detection feature? (Choose all that apply) (a) Protocol detection is performed on the server's response. (b) Protocol detection is performed on the client's request. (c) Enabling Detect Protocol option will automatically enable early intercept attribute in proxy services. (d) Protocol detection is performed by looking at the TCP port number.

A) a & b only
B) b & c only
C) c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
14
A cookie without an expire value will ___

A) last until the client cleats cookies from the browser
B) last until the client closes the browser session
C) last until the client logs off
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following statements are true about Reverse Proxy deployment? (Choose all that apply) (a) Forwarding hosts in the forwarding file must be defined as "server" style (b) Default-scheme in forwarding file is supported (c) Protocol conversion between HTTPS <- ->HTTP are automatic (d) ProxySG should be set with default DENY policy

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
16
Which method of controlling downloads of certain file types works fastest on ProxySG?

A) Apparent Data Type
B) MIME Type
C) File extension
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
17
You can NOT use a self-signed certificate when intercepting SSL traffic.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
18
After creating CPL in the local policy file, the policy is imported into the VPM CPL file so that it can be viewed through the Visual Policy Manager.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
19
Which client deployment methods support the 407 Proxy Authentication Required response code? (Choose all that apply) (a) Proxy Auto Configuration files (b) WCCP (c) Proxy settings in browser (d) Inline Bridging

A) a & b only
B) b & c only
C) c & d only
D) a & c only
E) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
20
ProxySG is configured to permit error but guest authentication is not configured. What will happen to a user who initiates a connection to the Internet?

A) The user will receive an error notifying unsuccessful authentication.
B) The user will be allowed to proceed as a guest user.
C) The user will be allowed to proceed as unauthenticated.
D) The user will receive an error notifying Access Denied.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
21
What is the meaning of the metacharacter * (asterisk) in regular expressions?

A) escape character
B) any character except newline
C) zero or character
D) zero or more characters
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
22
At which checkpoint does the rewrite () perform the TWURL modification?

A) Client In
B) Client Out
C) Server In
D) Server Out
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
23
Which of the following are true when enabling the early intercept attribute for a proxy service? (Choose all that apply) (a) It is automatically enabled when the detect protocol attribute is enabled. (b) The ProxySG completes the three-way TCP handshake with the client before establishing a connection to the upstream server. (c) It can be used with any protocol.

A) a & c only
B) a & b only
C) c only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
24
Which statement is correct about WWW-Authenticate header?

A) It is request header used only with Basic Authentication to send username and password to a proxy or a Web server
B) It is a request header used to send credentials
C) It is a response header used with HTTP 401 status code to negotiate method of authentication and send NTLM challenge to the client.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
25
When a ProxyClient setup file is manually on a client's computer, what data transfer takes place before ProxyClient is installed?

A) ProxyClient setup program is self-contained; there is no data transfer necessary in order to complete the installation of the ProxyCinent
B) ProxyCilent setup program cause download of the most recent updates from a public download site https://hypersonic.bluecoat.com/.
C) ProxyClient setup program transfers data form Client Manager ProxySG appliance before it can install successfully.
D) ProxyClient setup program transfers data form the AND manager (or backup AND manager) ProxySG appliance before it can install successfully.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
26
What is the meaning of the metacharacter \ (backslash) in regular expressions?

A) escape character
B) any character except newline
C) zero or character
D) zero or more character
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
27
ProxySG can cache videos played by Adobe Flash based video player (e.g. on YouTube) as HTTP objects.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
28
Steaming traffic is better managed by using ProxySG's admission control features.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
29
When a backup ProxySG takes over because the master fails, which of the following will occur?

A) Policy from the master is replicated on the backup.
B) A failover event is logged in the event log.
C) An email notification is sent to the ProxySG administrator.
D) The backup begins replying to ARPS for the Virtual MAC address.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
30
When creating a TCP tunnel service in explicit mode, you must also configure a forwarding host?
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
31
What are the two functions of configuring forwarding in ProxySG? (Choose all that apply)

A) To accelerate application
B) Reverse Proxy
C) To support Proxy Chaining
D) To intercept SSl
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
32
Health checks are automatically created under which scenarios? (Choose all that apply) (a) When a forwarding host is created. (b) When a failover group is created. (c) When the DRTR is enabled. (d) When a SOCKS gateway is created.

A) a, b & c only
B) a, c & d only
C) b, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
33
The authentication mode origin-ip-redirect allows an administrator to assign a Time To Live (TTL) for the surrogate credentials. Meanwhile the authentication mode origin-cookie-redirect does not provide this feature.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
34
When configuring forwarding in PoxySG, what are the possible load balancing methods? (Choose all that apply) (a) Round Robin (b) Fastest ICMP Reply (c) Least Connections (d) Least Delay

A) a & c only
B) b & d only
C) a & d only
D) b & c only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following authentication mode will allow you to visibly challenge the user upon inactivity timeout? (Choose all that apply) (a) Form based authentication (b) Cookie Surrogate (c) IP surrogate (d) Session based surrogate a & b only

A) a & b only
B) b & c only
C) c & d only
D) d & a only
E) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
36
In regards to authentication the ProxySG does not support origin-redirects with CONNECT method.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following are some of the general requirements for using Kerberos Authentication? (Choose all that apply) (a) SGOS 4.2x or higher (b) Internet Explorer 5 (c) Transparent Proxy Deployment (d) Windows 2000 and above

A) a, b & c only
B) b, c & d only
C) a, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
38
When implementing failover with ProxySG appliances, configurations and policies on the master are automatically replicated to members of the failover group.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
39
What are the available actions for any given category, when defining ProxyClient content filtering configuration? (Choose all that apply) (a) Allow (b) Deny (c) Temporanily Allow (d) Warm

A) a & b only
B) a, b & c only
C) a, b & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
40
What are the advantages that you may get in deploying ProxySG with WCCP? (Choose all the apply) (a) Scalability (b) Redundancy (c) Load Balancing (d) Security

A) All of the above
B) a, b & c only
C) b, c & d only
D) a, b & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
41
Which statement is correct about Proxy-Authorization header?

A) It is a response header used by a proxy to negotiate parameters of the credential exchange and to send challenge to the client
B) It is a request header used to pass client's credentials to a proxy server
C) It is a response header used by an upstream proxy to ask for credentials from a downstream proxy or user agent
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
42
The Access Control List (ACL) option in the management console (configured by the menu item Configuration >Authentication >Console access) will be enforced for which types of administrative accounts? (Choose all that apply) (a) LDAP realm account (b) Local realm account (c) Built-in account (d) IWA realm account

A) All of the above
B) a & b only
C) c only
D) c & d only
E) None of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
43
Which of the following cashing techniques utilize retrieval workers to keep the contents of the cache fresh? (Choose all that apply.) (a) Cost-based Deletion (b) Asynchronous Adaptive Refresh (c) Popularity Contest

A) a & b only
B) b & c only
C) All of the above
D) b only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
44
Bandwidth minimum does not work in an explicit deployment model.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
45
CPL is required when creating which types of policy?

A) Two-Way URL rewrites
B) Policy that utilizes layer guards
C) Policy that involves local users and groups
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
46
Which of the following are the benefits of using Bandwidth Management with the ProxySG? (Choose all that apply) (a) Ensuring mission critical application receives minimum amount of bandwidth (b) Compressing certain type of traffic classes before transmitting it over the WAN (c) Prioritizing certain traffic classes (d) Rate limiting application to prevent "hogging" of network bandwidth.

A) a, b & c only
B) a, b & d only
C) a, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
47
In which of the following ways can Access Logging be enabled? (Choose all that apply.) (a) By a CLI command (b) In the Management Console under Access Logging (C) By adding another layer to VPM policy

A) a & b only
B) a & c only
C) b & c only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
48
There is a hard coded limit to the number of concurrent connections allowed through the ProxySG.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
49
Which statement best describes the payload that is encapsulated by GRE (Generic RoutingEncapsulation) protocol and what layer GRE uses for delivery

A) GRE sends IP payload over IP
B) GRE sends either TCP or UDP payload over IPSec
C) GRE sends IP payload over data link layer
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
50
Hostname of the BCAAA= serverl DNS suffix =bluecoat.com Hostname of the Bluecoat SG = sgo1 Referring to the above information, what is the correct syntax for the SPN command in the Domain Controller?

A) setspn-A HTTP/serverl.bluecoat.com sg01
B) setspn-L HTTP/serverl.bluecoat.com sg01
C) setspn-A HTTP/sg01.bluecoat.com server1
D) setspn-D HTTP/serverl.bluecoat.com sg01
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
51
Which of the following format can be used in troubleshooting authortization and authorization related problems in ProxySG? (Choose all that apply) (a) x-sc-authentication-error (b) x-sc-authentication-timeout (c) x-sc-authorlzation-error (d) x-sc-authorization-timeout

A) a & b only
B) b, & c only
C) a & c only
D) c & d only
E) b & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
52
While configuring Blue Coat directory, what is an Overlay?

A) A few selected setting used to replace some of the configuration in ProxySG.
B) A snapshot of all the configuration in ProxySG.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
53
At which checkpoint does the rewrite_url_prefix perform the TWURL modification?

A) Client In
B) Client Out
C) Server In
D) Server Out
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
54
Which method of controlling downloads of certain file types has the LOWEST efficiency in terms of response time, bandwidth use and execution time on ProxySG?

A) Apparent Data Type
B) MIME Type
C) File extension
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following statements are true about Bandwidth Management Hierarchies and Priorities? (Choose all that apply) (a) Child classes can have children of their own. (b) If no limit is set, packets are sent as soon as they arrive. (c) Priorities are set to a class to give precedence over other classes. (d) If there is excess bandwidth, the child class will always get the first opportunity to use it.

A) a, b & c only
B) a, b & d only
C) b, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
56
If a user cannot be derived through the Window SSO realm, then the client will .

A) be prompted with an authentication dialog box to provide credentials.
B) receive an authentication error from the proxy.
C) proceed as an unauthenticated user.
D) receive an authentication form from the proxy to provide credentials.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
57
Which authentication realm is NOT supported for authenticating administrators to the management console?

A) IWA
B) Radius
C) Local
D) Sequence
E) All the above are supported
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following options are configured when implementing failover on ProxySG appliances? (Choose all that apply) (a) Multicast address for advertisements (b) Relative Priority (c) Virtual MAC address (d) Group Secret to hash information sent in multicast announcements

A) All of the above
B) a, b & c only
C) a, b & d only
D) b, c & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
59
In ProxyAV anti-virus scanners are ____

A) multiple parallel threads sharing the same code and the same address space
B) multiple parallel processes not sharing the same address space
C) asynchronous calls to remote scanner hardware
D) synchronous procedure calls within ProxyAV
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
60
Which of the following options are configured when implementing failover on ProxySG appliances? (Choose all that apply) (a) Multicast address for advertisements (b) Relative Priority (c) Virtual MAC address (d) Group Secret to hash information sent in multicast announcements

A) a, b & c only
B) b, c & d only
C) a, b & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
61
Which of the following access log formats are supported by the ProxySG? (Choose all that apply) (a) ELFF (b) SQUID (c) Websense (d) NCSA

A) a, b & c only
B) a, b & d only
C) a, c & d only
D) b, c & d only
E) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
62
What is the meaning of the metacharacter (question mark) in regular expressions?

A) escape character
B) any character except newline
C) zero or one character
D) zero or more characters
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
63
What are the two main functions of configuring forwarding in ProxySG? (Choose all that apply) (a) To accelerate application (b) Reverse Proxy (c) To support Proxy Chaining (d) To intercept SSL

A) a & b only
B) b & c only
C) c & d only
D) d & a only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
64
What type of authentication challenge is issued when using the Policy Substitution Realm?

A) 407 proxy Authentication Required
B) 401 Unauthorized
C) No challenge will be issued
D) Not enough information to determine the answer
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
65
Log format variable rs(Content-Type) always refers to Content-type header value sent from the proxySG to the client.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
66
Which server certificate validation errors can be ignored within ProxySG policy? (Choose all that apply) (a) Untrusted issuer (b) Host name mismatch (c) Expiration

A) a & b only
B) b & c only
C) a & c only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
67
When configuring reverse proxy with SSL, what are the 3 possible options of ensuring host affinity? (Choose all that apply) (a) client-ip (b) ssl-session-id (c) accelerator-cookie (d) server-ip

A) All of the above
B) b, c & d only
C) a, c & d only
D) a, b & c only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
68
Which authentication modes would result in a user-agent receiving a HTTP 401-Unauthorized status codes from the proxy? (Choose all that apply) (a) origin-ip-redirect (b) proxy-ip (c) origin-cookie (d) form-cookie-redirect

A) a & b only
B) a & c only
C) b & c only
D) c & d only
E) None of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
69
Which of the following steps are not required when configuring a transparently deployed ProxySG to intercept HTTPS traffic?

A) Create a SSL intercept layer in the VPM.
B) Enable a SSL service on port 443.
C) Assign a key ring to the SSL proxy.
D) Create a SSL access layer in the VPM.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
70
Which of the following is NOT true about global and per-rule policy tracing?

A) Each object processed by the ProxySG generates an entry in the global policy trace and appears in a rule-based trace if the object triggers a rule.
B) Global policy tracing may severely affect the performance of a production ProxySG.
C) You can enable global tracing through the Management Console or CLI.
D) You can enable per-rule tracing through the Management Console.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
71
Which types of requests are likely to be served the fastest?

A) TCP_MISS
B) TCP_NC_MISS
C) TCP_HIT
D) TCP_MEM_HIT
E) TCP_RESCAN_HIT
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
72
When configuring Blue Coat Director, how can an administrator be authenticated? (Choose all that apply.) (a) Local configured accounts and password (b) RADIUS (c) IWA (d) TACACS+

A) All of the above
B) a, b & c only
C) a, c & d only
D) a, b & d only
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
73
Apparent Data Type objects can be created in the VPM for which of the following file types? (Choose all that apply) (a) Windows DLL (b) Windows Exe (c) Windows Ocx (d) Windows Cab

A) a, b & c only
B) b, c & d only
C) a, c & d only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
74
What are the possible ways of creating bandwidth classes? (a) Using Management Console (b) Defining them in a JavaScript file and uploading it to ProxySG (c) Using CLI

A) a & b only
B) a & c only
C) b & c only
D) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
75
By default, what type of authentication challenge will the user-agent receive if the authentication node is set to AUTO?

A) proxy-ip for explicit and transparent clients
B) proxy for explicit and origin-cookie-redirect for transparent clients
C) proxy for explicit and transparent clients
D) proxy-ip for explicit and origin-ip-redirect for transparent clients
E) proxy for explicit and proxy-ip for transparent
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
76
The ProxySG policy engine allows an administrator to create policy based on any MIME type, File Extension or File Signature (first bytes in the response body).
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
77
A service can be configured to listen in explicit and transparent mode simultaneously.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
78
Which header cannot be sent together with an HTTP 407 status code from the ProxySG?

A) Proxy-Authenticate: Basic="MyRealm"
B) Proxy-Authenticate: NTLM="MyRealm"
C) Proxy- Authenticate: Kerberos="MyRealm"
D) proxy-Authenticate: Negotiate="MyRealm"
E) All the above headers can be sent with 407 status code
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
79
When a TCP health check responds as "healthy" then

A) the SG is able to successfully establish a TCP handshake to the upstream device.
B) the SG is able to successfully resolve the hostname of the upstream device.
C) the SG is able to successfully connect to the upstream device on port 80.
D) the SG is able to successfully ping the upstream device.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
80
Which of the following Health Checks can be defined for a forwarding host? (Choose all that apply) (a) ICMP (b) TCP (C) HTTP (d) HTTPS

A) a & b only
B) b & c only
C) c & d only
D) a & d only
E) All of the above
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree