














































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Blue Coat Proxy Ultimate Exam is a comprehensive certification preparation resource focused on Blue Coat proxy technologies, web security solutions, network filtering, policy management, and cybersecurity operations. This exam covers proxy deployment, secure web gateway management, traffic inspection, authentication methods, access control, troubleshooting, and enterprise security practices. It is designed for network administrators, cybersecurity professionals, and IT specialists responsible for managing secure internet environments.
Typology: Exams
1 / 54
This page cannot be seen from the preview
Don't miss anything!















































Question 1. Which component of the ProxySG architecture is responsible for handling SSL interception and certificate generation? A) Forwarding layer B) SSL Intercept layer C) Web Access layer D) Content Analysis layer Answer: B Explanation: The SSL Intercept layer terminates client TLS sessions, generates certificates, and re-establishes a TLS session to the origin server. Question 2. In a transparent deployment using WCCP, how does traffic reach the ProxySG? A) Via explicit proxy configuration on the client B) Through a static route to the ProxySG IP address C) By the router redirecting packets based on WCCP service groups D) Using DNS redirection to the ProxySG hostname Answer: C Explanation: WCCP enables routers to forward matching traffic to the ProxySG without client configuration. Question 3. Which SGOS design principle allows administrators to reuse objects across multiple policies? A) Monolithic rule engine B) Object-based architecture C) Inline scripting D) Layered firewall model Answer: B
Explanation: SGOS stores reusable objects (source, destination, service, actions) that can be referenced by many policies. Question 4. Which of the following best describes the difference between a “Standard” and a “Tunnel” service listener? A) Standard listeners only accept HTTP, Tunnel listeners accept any protocol B) Standard listeners terminate the connection, Tunnel listeners forward traffic unchanged C) Standard listeners use port 80, Tunnel listeners use port 443 D) Standard listeners require authentication, Tunnel listeners do not Answer: B Explanation: A Tunnel listener passes the client traffic through the ProxySG without inspection, while a Standard listener terminates and processes the request. Question 5. When configuring an explicit proxy, which file type is used to automatically configure client browsers? A) .cfg B) .pac C) .xml D) .ini Answer: B Explanation: Proxy Auto-Config (.pac) files contain JavaScript that directs browsers to the proxy server. Question 6. Which licensing model is required to enable the Blue Coat WebFilter (BCWF) intelligence service on a ProxySG? A) Base ProxySG license only B) Optional “Web Filtering” add-on license
B) To provide separate DNS resolution for internal and external queries C) To cache DNS responses for faster lookups D) To encrypt DNS traffic with DNS-SEC Answer: B Explanation: Split-DNS allows the ProxySG to answer internal DNS queries differently from external ones, protecting internal name space. Question 10. Which HTTP header is most commonly inspected by content policies to enforce URL category blocking? A) User-Agent B) Host C) Referer D) X-Forwarded-For Answer: B Explanation: The Host header identifies the requested domain, which is matched against URL categories in policies. Question 11. Which authentication realm type uses Kerberos tickets to authenticate Windows users without prompting for credentials? A) LDAP realm B) RADIUS realm C) IWA (Integrated Windows Authentication) realm D) Local Database realm Answer: C Explanation: IWA leverages Kerberos (or NTLM) to silently authenticate domain users.
Question 12. When integrating SAML for cloud SaaS authentication, which component on the ProxySG holds the SAML Service Provider metadata? A) Authentication realm configuration file B) SAML Identity Provider (IdP) certificate store C) SAML Service Provider (SP) configuration page D) SSL Intercept keyring Answer: C Explanation: The SP configuration contains the entity ID, ACS URL, and certificate required for SAML exchanges. Question 13. Which of the following statements about the ProxySG’s keyring is true? A) It stores only the private keys for outbound TLS connections B) It holds the root CA certificates used to validate server certificates C) It contains the proxy’s own signing certificate for SSL interception D) It is used solely for client-side authentication to upstream servers Answer: C Explanation: The keyring stores the ProxySG’s self-signed CA certificate and private key used to generate on-the-fly certificates for intercepted sites. Question 14. What is the effect of enabling “Byte Caching” on a ProxySG? A) Only complete objects are cached, regardless of size B) Partial objects (e.g., video streams) are cached to improve bandwidth usage C) Objects are cached only if they are less than 1 KB D) Caching is disabled for encrypted traffic Answer: B
Answer: C Explanation: ELFF provides customizable key-value pairs that map well to SIEM ingestion schemas. Question 18. Which object type in CPL is used to perform a URL category lookup against WebPulse? A) cpl_lookup B) cpl_category C) cpl_webpulse D) cpl_intelligence Answer: D Explanation: cpl_intelligence triggers a real-time WebPulse lookup for URL categorization. Question 19. When using a “Bypass” service listener, what happens to the traffic? A) It is inspected and logged as normal HTTP B. It is forwarded unchanged, bypassing policy enforcement C) It is dropped if no matching rule exists D) It is encrypted again before leaving the ProxySG Answer: B Explanation: Bypass listeners forward traffic without inspection, useful for non-HTTP protocols. Question 20. Which of the following is a mandatory step after installing a new ProxySG hardware appliance? A) Enabling WCCP on all downstream routers B) Registering the device with a Symantec support account C) Configuring the management IP address via the console
D) Importing a custom SSL certificate chain Answer: C Explanation: The initial console setup requires assigning a management IP before any other configuration. Question 21. What does “PBR” stand for, and how is it used with ProxySG? A) Policy Based Routing; directs selected traffic to the proxy based on ACLs B) Proxy Bypass Rule; exempts traffic from inspection C) Packet Buffer Reassembly; handles fragmented packets D) Persistent Blocked Requests; caches denied URLs Answer: A Explanation: PBR configures routers to route specific traffic flows to the ProxySG. Question 22. Which layer in VPM is typically used to enforce user-based authentication before any content checks? A) SSL Intercept layer B) Web Access layer C) Forwarding layer D) Web Content layer Answer: B Explanation: The Web Access layer handles authentication and basic access controls prior to content inspection. Question 23. How does the ProxySG handle DNS resolution for a client request that contains a hostname not present in its DNS cache? A) It forwards the request to the origin server without resolving the name
A) It selects the most requested objects for permanent storage B) It evicts the least popular objects when cache space is needed C) It ranks objects based on size for compression D) It monitors user download speeds for QoS Answer: B Explanation: The popularity contest algorithm removes low-frequency items to free space for higher-frequency content. Question 27. Which protocol does the ProxySG use to send logs to an external syslog server? A) FTP B) HTTP C) UDP/TCP port 514 D) SNMP Answer: C Explanation: Syslog traditionally uses UDP (or TCP) port 514 for log transmission. Question 28. Which authentication realm type is best suited for environments that require two-factor authentication via OTP tokens? A) LDAP realm B) RADIUS realm C) IWA realm D) Local Database realm Answer: B Explanation: RADIUS can integrate with OTP systems to provide multi-factor authentication.
Question 29. What is the primary benefit of using “Asynchronous Adaptive Refresh” in the cache? A) Immediate purging of stale objects on every request B) Reducing bandwidth by refreshing objects only when needed C) Ensuring all cached objects are refreshed at the same interval D) Disabling cache for dynamic content Answer: B Explanation: Adaptive refresh updates cached objects in the background based on usage patterns, conserving bandwidth. Question 30. Which of the following is a true statement about “ICAP” integration on ProxySG? A) ICAP replaces the need for SSL interception B) ICAP is used to offload content-analysis tasks to external servers C) ICAP only works with HTTP/1.0 traffic D) ICAP provides authentication services for VPN users Answer: B Explanation: ICAP enables the ProxySG to send content to external analysis engines (e.g., DLP, anti-malware) for processing. Question 31. When configuring a “Forwarding” layer, which object determines the next hop for outbound traffic? A) Destination object B) Service object C) Action object set to “Forward” with a specified gateway D) Source object Answer: C Explanation: The Action object in a Forwarding layer can specify a next-hop IP address or interface.
Explanation: request_method allows matching GET, POST, PUT, etc., within a CPL rule. Question 35. What does the “Cache-Gain” metric indicate? A) The total size of the cache in megabytes B) The percentage of requests served from cache versus origin C) The average latency reduction per request D) The number of cache misses per hour Answer: B Explanation: Cache-Gain measures the proportion of traffic satisfied by cached objects. Question 36. Which of the following is NOT a valid reason to use a “Bridge” mode deployment? A) To inspect traffic without changing the IP addressing scheme B) To avoid the need for WCCP or PBR configurations C) To provide full SSL interception for all traffic D) To allow the ProxySG to act as a layer-2 device between switches Answer: C Explanation: Bridge mode does not terminate SSL; it only forwards frames at layer-2. Question 37. Which of the following actions can be applied in a VPM rule to block a request? A) allow B) bypass C) deny D) forward
Answer: C Explanation: The deny action stops the request and returns an error to the client. Question 38. What is the purpose of the “OCSP” feature in SSL interception? A) To issue client certificates on the fly B) To check the revocation status of server certificates in real time C) To encrypt the proxy’s internal management traffic D) To perform DNSSEC validation for HTTPS domains Answer: B Explanation: OCSP queries the certificate authority to confirm that a server certificate has not been revoked. Question 39. Which of the following best describes “Byte-range requests” handling in ProxySG caching? A) The ProxySG blocks all range requests for security reasons B) The ProxySG aggregates multiple range requests into a single cache fetch C) The ProxySG treats each range request as a separate cache object D) The ProxySG forwards range requests directly to the origin without caching Answer: B Explanation: The ProxySG can combine overlapping byte-range requests to reduce duplicate fetches. Question 40. When integrating with Blue Coat WebFilter, which response code indicates that a URL is uncategorized? A) 200 B) 403
B) Source MAC address only C) ACLs or route-maps defined on the router D) DNS name resolution results Answer: C Explanation: Policy-Based Routing uses router ACLs/route-maps to select the next hop (the ProxySG). Question 44. Which VPM layer would you use to apply a DLP scan via an external ICAP server? A) Web Access layer B) Web Content layer C) Forwarding layer D) SSL Intercept layer Answer: C Explanation: The Forwarding layer can invoke an ICAP server for DLP inspection before sending traffic onward. Question 45. What is the effect of enabling “HTTP CONNECT” on a standard listener port 443? A) It forces all traffic to be inspected as plain HTTP B) It allows tunneling of arbitrary TCP protocols through the proxy C) It disables SSL interception for that port D) It redirects HTTPS traffic to port 80 Answer: B Explanation: CONNECT establishes a tunnel, enabling protocols like HTTPS or FTP over the same port. Question 46. Which of the following statements about “Policy Tracing” is correct?
A) It modifies the active policy in real time B) It generates a detailed log of every rule evaluated for a single transaction C) It disables caching for the traced request D) It only works for traffic intercepted in explicit mode Answer: B Explanation: Policy tracing records the rule-matching process for a specific request, aiding debugging. Question 47. Which object in VPM is used to define a group of users for authentication purposes? A) Destination object B) Source object C) Service object D) Action object Answer: B Explanation: Source objects represent users, groups, or IP ranges that initiate traffic. Question 48. In the ProxySG UI, which tab allows you to upload a custom CRL file? A) System → Certificates B) Configuration → SSL Intercept → CRL Management C) Policy → Objects → CRL D) Administration → License Answer: B Explanation: The CRL Management page under SSL Intercept is where CRL files are imported.
Question 52. Which of the following is true about “Transparent” mode in ProxySG? A) Clients must configure the proxy address manually B) The ProxySG appears as a router to the client’s IP stack C) Only HTTP traffic can be intercepted D) SSL interception is automatically disabled Answer: B Explanation: In Transparent mode, the ProxySG sits inline at Layer-2, making it invisible to clients. Question 53. Which feature allows the ProxySG to forward DNS queries to a different server based on the queried domain? A) DNS Split-View B) DNS Forwarding Policy C) DNS Override List D) DNS Proxy Mode Answer: B Explanation: DNS Forwarding Policies can route queries for specific zones to designated DNS servers. Question 54. Which of the following is NOT a typical use case for “Policy-Based Routing” with ProxySG? A) Directing only SaaS traffic to the proxy B) Sending all traffic from a specific VLAN to the proxy C) Balancing load across multiple ProxySG appliances D) Encrypting traffic before it reaches the proxy Answer: D
Explanation: PBR is a routing decision; it does not perform encryption. Question 55. In the VPM, which layer type is responsible for decrypting HTTPS traffic? A) Web Access layer B) SSL Intercept layer C) Forwarding layer D) Web Content layer Answer: B Explanation: The SSL Intercept layer terminates TLS, decrypts, and re-encrypts traffic. Question 56. Which of the following best describes the “Popularity Contest” eviction algorithm? A) Least-Recently-Used (LRU) only B) Most-Frequently-Used (MFU) only C) Hybrid of LRU and LFU based on access counters D) Random eviction of objects when cache is full Answer: C Explanation: Popularity contest combines recency and frequency metrics to decide which objects to evict. Question 57. Which command would you use to capture a live packet trace on the ProxySG CLI? A) capture start B) pcap start C) packet capture D) debug pcap