Blue Coat Certified Proxy Professional BCCPP Set 3

Which statement is correct about Proxy-Authenticate header


Options are :

  • It is sent by the proxy every time when a HTTP 407 status code is sent
  • It is used by a browser to pass credentials to a proxy
  • It is used by both client and proxy to negotiate the method of credential exchange

Answer : It is sent by the proxy every time when a HTTP 407 status code is sent

Who plays the role of the trusted third party, when client and server communicate via Kerberos?


Options are :

  • NTLM (NT LAN Manager)
  • KDC (Key Distribution Center)
  • PKI (Public Key Infrastructure)
  • SSL Certificate Authority

Answer : KDC (Key Distribution Center)

Log format variable s-ip always refers to


Options are :

  • IP address of the HTTP request client
  • IP address of the original content server
  • IP address of the ProxySG to which client has established a connection

Answer : IP address of the ProxySG to which client has established a connection

Blue Coat Certified Proxy Professional BCCPP Set 3

What is a precondition for using L2 MAC rewrite with WCCP?


Options are :

  • The LAN where WCCP router and ProxySG are located should use IPv6
  • No forwarding should be defined for ProxySG
  • ProxySG and router should be in the same broadcast domain

Answer : ProxySG and router should be in the same broadcast domain

A policy trace can be enabled for any layer type.


Options are :

  • True
  • False

Answer : True

Which regular expression should you test against a URL to match both http and https schemes?


Options are :

  • 2https?
  • [http][https]
  • ^https?
  • http[s]

Answer : ^https?

Blue Coat Certified Proxy Professional BCCPP Set 4

The ProxySG is intercepting Flash traffic. Client A requests an on-demand 100MB Flash video and watches the first 50MB of it before terminating the media player. Client B requests the same on-demand Flash video, starts at the 25MB mark, and plays the remainder of the video. In normal conditions without any policy specifically controlling caching, how is the video served to Client B?


Options are :

  • The portion from 25MB to 50MB is served from the ProxySG cache, and the remainder is retrieved from the content server and is cached on the ProxySG.
  • The entire video is retrieved from the content server and is cached on the ProxySG.
  • The portion from 25MB to 100MB is retrieved from the content server and is cached on the ProxySG.

Answer : The entire video is retrieved from the content server and is cached on the ProxySG.

Is it possible to run more than one version of a BCAAA processor on a Windows computer?


Options are :

  • Yes
  • No

Answer : Yes

Where can you get the SNMP MIBs for the version of SGOS running on your ProxySG?


Options are :

  • BlueTouch Online.
  • At https://proxyIPaddr:8082/mibs, where proxyIPaddr is the IP address of your ProxySG.
  • From the vendor of your network management software. https://kb.bluecoat.com/index?page=content&id=FAQ718&actp=RSS

Answer : BlueTouch Online.

Blue Coat Certified Proxy Professional BCCPP Set 3

In an SSL transaction in which the serverís certificate is not from a trusted authority, which entity generates the warning that is displayed in a web browser?


Options are :

  • The web browser.
  • The server.
  • The ProxySG.
  • The answer depends on how the ProxySG has been configured.

Answer : The web browser.

When Blue Coat Director is used to manage a ProxySG, which one of these methods can Director use to prevent unexpected changes from being made directly on the ProxySG?


Options are :

  • Director changes the administrative passwords on the ProxySG to secret, random values.
  • Director disables the serial port interface to the ProxySG.
  • Director disables the Management Console on the ProxySG.

Answer : Director disables the serial port interface to the ProxySG.

When authenticating a guest user in an LDAP realm, which of these CPL properties would best be used to specify that the guest user should be part of the predefined LDAP group MobileUsers?


Options are :

  • authorize.guest(group=MobileUsers)
  • authorize.add_group(MobileUsers)
  • authorize.guest(MobileUsers)
  • authorize.add_group(guest:MobileUsers)

Answer : authorize.guest(MobileUsers)

Blue Coat Certified Proxy Professional BCCPP Set 4

http://www.bluecoat.com/index.html?user=bobkent
For the above URL, will the trigger url.regex=!\.html$ match or miss?


Options are :

  • Match
  • Miss

Answer : Match

When creating policy in the VPM, where can you instruct the ProxySG to enable or disable pipelining of referenced objects?


Options are :

  • In a Web Content layer.
  • In a Cache Control layer.
  • In a Web Access layer.
  • You cannot do this in the VPM.

Answer : In a Web Content layer.

In a CPL back reference of the form $(n), are references numbered from right to left or from left to right?


Options are :

  • Left to right
  • Right to left

Answer : Left to right

Blue Coat Certified Proxy Professional BCCPP Set 4

Which one of these statements best describes how policy checkpoints evaluate the installed policy on a ProxySG?


Options are :

  • The Client In checkpoint decides which rules will be evaluated by the other checkpoints.
  • At each checkpoint, a decision is made whether to allow or deny the transaction.
  • The Server In checkpoint decides which rules will be evaluated by the other checkpoints.
  • Relevant rules are evaluated at each checkpoint based on the information about the transaction that is available at that point.

Answer : At each checkpoint, a decision is made whether to allow or deny the transaction.

What are the three types of ProxySG surrogate credentials? (Select three)


Options are :

  • Connection
  • IP
  • Cookie
  • Redirect
  • Proxy
  • Origin
  • Form

Answer : Connection IP Cookie

What are the three levels of the ProxySG authentication cache? (Select 3)


Options are :

  • IP
  • Authentication
  • Credential
  • Surrogate
  • Proxy
  • Cookie

Answer : IP Proxy Cookie

In CPL, rules that have similar syntax can be grouped into what?


Options are :

  • Actions
  • Layer guards
  • Triggers
  • Sections

Answer : Layer guards

When one ProxySG forwards HTTP requests to another ProxySG, does the originating ProxySG send a server-style GET request or a proxy-style GET request?


Options are :

  • Server-style
  • Proxy-style

Answer : Server-style

If the ProxySG and a client cannot successfully authenticate the use of Kerberos credentials during authentication in a realm where use of Kerberos credentials is enabled, what happens to the authentication request?


Options are :

  • The request automatically downgrades and tries to use Basic credentials.
  • The request automatically downgrades and tries to use NTLM credentials, and then Basic credentials.
  • The request fails.

Answer : The request automatically downgrades and tries to use NTLM credentials, and then Basic credentials.

An HTTP request containing which header instructs the content server to return whether the requested object has been modified since the last visit?


Options are :

  • Pragma: no-cache
  • GET If-Modified-Since
  • Cache-control: max-age
  • None of the above

Answer : Cache-control: max-age

SGOS is based on which other operating system?


Options are :

  • VxWorks
  • pSOS
  • Unix
  • Windows
  • None of the above

Answer : Windows

What type of filesystem does SGOS use?


Options are :

  • ZFS
  • NTFS
  • FAT32
  • None of the above

Answer : NTFS

When a downstream ProxySG requests an object that already is cached in an upstream ProxySG, the downstream ProxySG checks the objectís freshness with the origin content server.


Options are :

  • True
  • False

Answer : True

If a user agent that does not support authentication tries to request content through a connection on which the ProxySG requires authentication, how can you best resolve the issue?


Options are :

  • Identify the TCP ports used by the user agent, and create a proxy service to bypass such traffic.
  • Identify an HTTP header that identifies the user agent, and then write policy to exempt matching transactions from authentication.
  • Identify the IP address of the user agent, and then write policy to exempt matching transactions from authentication.
  • You cannot do this.

Answer : Identify an HTTP header that identifies the user agent, and then write policy to exempt matching transactions from authentication.

When writing CPL, should layers containing the most general rules usually appear near the beginning or the end of a policy file?


Options are :

  • Near the beginning.
  • Near the end

Answer : Near the beginning.

To create policy that tests only for the authentication error of expired_credentials, can you use the VPM, CPL, or either?


Options are :

  • VPM
  • CPL
  • Either

Answer : Either

http://support.bluecoat.com/products/proxysg/sg9000.html?customer=123
For the above URL, will the trigger url.domain=bluecoat.com match or miss?


Options are :

  • Match
  • Miss

Answer : Miss

If a CPL rule contains more than one trigger, how are the triggers evaluated?


Options are :

  • Only the last trigger is evaluated.
  • They are logically ORed together; any one of them must be true for the rule to match.
  • They are logically ANDed together; all of them must be true for the rule to match.
  • Only the first trigger is evaluated.
  • The answer depends on the type of layer.

Answer : They are logically ORed together; any one of them must be true for the rule to match.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions