A financial services company is using a ProxySG in explicit mode. To comply with new regulations, all outbound traffic to known financial partner APIs must be logged with full transaction details, while traffic to all other destinations must have user-identifying information stripped from the access logs. An existing global policy layer already sets the logging level for all traffic. How should an administrator configure the Visual Policy Manager (VPM) to meet this requirement without disrupting the existing logging policy for general traffic?
Q2
An administrator is troubleshooting a Kerberos authentication issue where users are intermittently failing to authenticate through the ProxySG. A packet capture on the ProxySG shows that for failed requests, the KDC is returning a `KRB5KDC_ERR_PREAUTH_REQUIRED` error, even though the client's browser is configured correctly for Integrated Windows Authentication. The same users can authenticate successfully when bypassing the proxy. Which ProxySG configuration is the most likely cause of this issue?
Q3
A network architect is designing a solution for a geographically distributed enterprise. The goal is to reduce latency for web objects that are frequently updated, such as pricing information and news articles. The architect wants to ensure that users always receive the most current version of an object without creating excessive validation traffic to the origin content servers (OCS). Which caching directive, when set in a CPL policy, best achieves this balance?
Q4
True or False: When using the `ssl.forward_proxy(https)` action to intercept SSL traffic, the ProxySG uses the Common Name (CN) from the origin server's certificate to dynamically generate a new certificate, which is then signed by the CA certificate specified in the SSL Interception settings.
Q5Multiple answers
A company has a policy to block executable file downloads. The administrator has created a CPL rule using a File Extension object for `.exe`. However, users are still able to download executables that have been renamed with a `.txt` extension. To prevent this, the administrator wants to inspect the actual content of the file. Which TWO of the following policy objects should be used in combination to achieve this? (Select TWO)
Q6
An administrator needs to create a CPL script that redirects any HTTP request for `http://www.example.com/oldpath` to `https://www.newdomain.com/newpath`. Which of the following CPL code snippets correctly performs this redirection?
Q7
A global company uses ProxySG appliances in a reverse proxy configuration to protect and accelerate access to its internal web applications. The security team wants to ensure that any traffic containing signatures of known SQL injection attacks is blocked before it reaches the web servers. This inspection should only happen for POST requests. Which is the most efficient way to implement this using the VPM?
Q8
During a performance audit of a ProxySG 9000 series appliance, an administrator notices that the CPU utilization for HTTP workers is consistently high, leading to increased latency. The sysinfo file shows a large number of active connections but a relatively low cache hit rate. Which action would be most effective in mitigating the high CPU load on the HTTP workers?
Q9
A policy trace is being used to debug why a user is being denied access to a specific website. The trace output shows the final decision is `DENIED`, but the administrator cannot see which specific rule in the VPM is causing the block. What is the most likely reason for this and how can it be resolved? ```mermaid flowchart TD A[Start Request] --> B{Layer 1: Auth}; B --> C{Layer 2: Content Filter}; C --> D{Layer 3: Web Access}; D --> E[Decision Point]; E --> F1[ALLOW]; E --> F2[DENY]; ```
Q10
A hospital is deploying a ProxySG to enforce acceptable use policies and protect against malware. Due to patient privacy regulations (HIPAA), traffic to specific healthcare-related domains containing Protected Health Information (PHI) must NOT be decrypted or inspected. However, all other SSL/TLS traffic, including to webmail and social media sites, MUST be intercepted and scanned. Which VPM configuration is the best practice to meet these requirements?
