Exam NSE7_EFW-7.0 topic 1 question 47 discussion

B - Study guide page 365

b seems right "IPS and WAD will only send request to urlfilter daemon when cache is missed. "

B is correct

B for sure

B Enterprise_Firewall_7.0_Study_Guide-Online.pdf page 365

Only B is valid.

Indeed B, however I came to this answer because the request TO the filter is cat=255=unknown and the lookup is cat=52, so it had to do a lookup somewhere else. But indeed the urlfilter is only used when the local cache doesn't have the info and the debug output will only show something IF the urlfiler is actually used.

B Study guide page 365

B is correct. This exact example is in the study guide. It is forwarding the request to WAD.

should be msg="Cache miss" if no local cache

I think the answer is C: Example log for no local cache case: #id=93000 msg="pid=57 urlfilter_main-723 in main.c received pkt:count=91 "IPS and WAD will only send request to urlfilter daemon when cache is missed. " So the WAD process by itself found the URL rating in the local cache and didn`t ask for help from the URL process as in the example. B - we can`t know anything about CN or SNI in this debug. It is more SSL-inspection field.

All choices except B are incorrect. The debug output should say something like this "fetched from local cache" if local cache is used.

c is the answer

answer

we don't see msg= miss cache for me C