500-275 - Securing Cisco Networks with Sourcefire FireAMP Endpoints
Go back to Cisco
The FireAMP Mobile endpoint connector currently supports which mobile OS device?
Which hosts merit special consideration for crafting a policy?
Which application can read Barnyard log_pcap output plug-in files?
Host criticality is an example of which option?
a host attribute
If a file's SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned?
Which preprocessor plays a role in detecting the reconnaissance phase of an attack?
How many days' worth of data do the widgets on the dashboard page display?
the previous 7 days of data
For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication?
What does protocol normalization do?
removes any protocol-induced or protocol-allowable ambiguities
Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers?
What is VRT?
Vulnerability Research Team
Which action can you take from the Detections/Quarantine screen?
Restore the detected file.
One of the goals of geolocation is to identify which option?
the location of a routable IP address
How does application blocking enhance security?
It blocks vulnerable applications from running, until they are patched.
File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?
The FireAMP connector monitors the system for which type of activity?
The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy?
The Update Window allows you to perform which action?
specify a timeframe when an upgrade can be started and stopped
What is the default clean disposition cache setting?
When you are viewing information about a computer, what is displayed?
the internal IP address
An IPS addresses evasion by implementing countermeasures. What is one such countermeasure?
perform pattern and signature analysis against the entire packet, rather than against individual fragments
Which tool can you use to query the history.db file?
Which action is valid for decoder/preprocessor stub rules?
Consider the process that begins with file retrospection, continues to interrogate the file and update its disposition over time, then records the pathway that the software and files take from device to device. This process is an example of which Cisco AMP feature?
attack chain weaving
Which pair represents equivalent processes whose names differ, depending on the connector version that you are running?
agent.exe and sfc.exe
FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?
Which preprocessor can normalize the IIS %u encoding scheme?
Which set of actions would you take to create a simple custom detection?
Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA-256 values.
What is the primary reason that customers need content security today?
More business is done using the web and email than ever before.
Where does an administrator go to get a copy of a fetched file?
the File Repository
Which preprocessor maintains connection state so that attacks that manifest over multiple packets in a session can be detected?
Which file is the primary configuration file for keeping rules up to date?
Which management and analysis tool can you use to enhance a Snort installation?
Which configuration is optimal for the frag3 engine?
Bind target IP addresses to policies that represent operating systems, so that the IPS engine can process traffic the same way that target hosts do.
Which information does the File Trajectory feature show?
the hosts on which the file was seen and points in time where events occurred
A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time?
500 connectors over a 30-day period
Remote access to the Defense Center database has which characteristic?
What does the whitelist attribute value "not evaluated" indicate?
The host is not a target of the whitelist.
Which statement represents a best practice for deploying on Windows servers?
You should obtain the Microsoft TechNet article that describes the proper exclusions for Windows servers.
What is a GID?
Which option represents a configuration step on first use?
Verify, Contain, and Protect
Which option is used to implement suppression in the Rule Management user interface?
Which file defines Snort IDs and associated alert labels that are not provided within the unified output format?
Which statement is true about the Device Trajectory feature?
In the File Trajectory map, you can view the parent process for a file by selecting the infected system.
To accept input from Snort and produce various forms of output, the Barnyard architecture consists of which components?
data processors and output plug-ins
What is the primary source for Snort rules?
Which disposition can be returned in response to a malware cloud lookup?
Which statement describes an advantage of the FireAMP product?
It provides enterprise visibility.
Which interface type allows for bypass mode?
Which option is a detection technology that is used by FireAMP?