500-275 - Securing Cisco Networks with Sourcefire FireAMP Endpoints

Go back to Cisco

Example Questions

The FireAMP Mobile endpoint connector currently supports which mobile OS device? Which hosts merit special consideration for crafting a policy? Which application can read Barnyard log_pcap output plug-in files? Host criticality is an example of which option? If a file's SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned? Which preprocessor plays a role in detecting the reconnaissance phase of an attack? How many days' worth of data do the widgets on the dashboard page display? For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication? What does protocol normalization do? Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers? What is VRT? Which action can you take from the Detections/Quarantine screen? One of the goals of geolocation is to identify which option? How does application blocking enhance security? File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format? The FireAMP connector monitors the system for which type of activity? The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy? The Update Window allows you to perform which action? What is the default clean disposition cache setting? When you are viewing information about a computer, what is displayed? An IPS addresses evasion by implementing countermeasures. What is one such countermeasure? Which tool can you use to query the history.db file? Which action is valid for decoder/preprocessor stub rules? Consider the process that begins with file retrospection, continues to interrogate the file and update its disposition over time, then records the pathway that the software and files take from device to device. This process is an example of which Cisco AMP feature? Which pair represents equivalent processes whose names differ, depending on the connector version that you are running? FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types? Which preprocessor can normalize the IIS %u encoding scheme? Which set of actions would you take to create a simple custom detection? What is the primary reason that customers need content security today? Where does an administrator go to get a copy of a fetched file? Which preprocessor maintains connection state so that attacks that manifest over multiple packets in a session can be detected? Which file is the primary configuration file for keeping rules up to date? Which management and analysis tool can you use to enhance a Snort installation? Which configuration is optimal for the frag3 engine? Which information does the File Trajectory feature show? A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time? Remote access to the Defense Center database has which characteristic? What does the whitelist attribute value "not evaluated" indicate? Which statement represents a best practice for deploying on Windows servers? What is a GID? Which option represents a configuration step on first use? Which option is used to implement suppression in the Rule Management user interface? Which file defines Snort IDs and associated alert labels that are not provided within the unified output format? Which statement is true about the Device Trajectory feature? To accept input from Snort and produce various forms of output, the Barnyard architecture consists of which components? What is the primary source for Snort rules? Which disposition can be returned in response to a malware cloud lookup? Which statement describes an advantage of the FireAMP product? Which interface type allows for bypass mode? Which option is a detection technology that is used by FireAMP?