500-285 - Securing Cisco Networks with Sourcefire Intrusion Prevention System
Go back to Cisco
What is the default command-line switch configuration, if you run a connector installation with no parameters?
<installer package name> /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0
Incident responders use which policy mode for outbreak control?
Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?
issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one
Which Cisco ASA NGFW license is needed to allow a high-school security administration to implement policy to allow student access to high-reputation sites only?
To execute a command in Linux while in the directory where it is located, and be sure you are only running that particular copy, what would you use in front of the executable name?
The FireAMP connector monitors the system for which type of activity?
Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?
the "flow" rule option
Where do you configure widget properties?
the Widget Properties button in the title bar of each widget
Which statement regarding user exemptions is true?
Non-administrators can be made exempt on an individual basis.
Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?
Which action can you take from the Detections/Quarantine screen?
Restore the detected file.
When you are editing an intrusion policy, how do you know that you have changes?
A yellow, triangular icon displays next to the Policy Information option in the navigation panel.
Which statement best describes application recognition on the Cisco ASA NGFW?
Application recognition is based on signatures, heuristics, and content scanning, which removes the need to tie applications to ports.
Which option can you enter in the Search text box to look for the trajectory of a particular file?
the SHA-256 hash value of the file
Which interface type allows for bypass mode?
From the Deployment screen, you can deploy agents via which mechanism?
user download from Sourcefire website or email
In a FireAMP Private Cloud installation, deployed connectors communicate with which server?
Which option describes Spero file analysis?
a method of analyzing certain file characteristics, such as metadata and header information, to determine whether a file is malicious or not
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
set connection advanced-options
A user discovery agent can be installed on which platform?
In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events?
A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?
Which option represents a configuration step on first use?
Verify, Contain, and Protect
Which option is true of the Packet Information portion of the Packet View screen?
displays packet data in a format based on TCP/IP layers
Which statement about two-step authentication is true?
It is the ability to use a verification code in conjunction with the correct username and password.
The IP address::/0 is equivalent to which IPv4 address and netmask?
What does the whitelist attribute value "not evaluated" indicate?
The host is not a target of the whitelist.
Advanced custom signatures are written using which type of syntax?
A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?
The Update Window allows you to perform which action?
specify a timeframe when an upgrade can be started and stopped
What is the primary reason that customers need content security today?
More business is done using the web and email than ever before.
How can customers feed new intelligence such as files and hashes to FireAMP?
through the management console
Which set of actions would you take to create a simple custom detection?
Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA-256 values.
Which statement is true in regard to the Sourcefire Security Intelligence lists?
IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.
Which type of activity is shown in the Device Trajectory page?
Which option is true when configuring an access control rule?
You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.
Which statement is true when network traffic meets the criteria specified in a correlation rule?
The Defense Center generates a correlation event and initiates any configured responses.
What is the default clean disposition cache setting?
Which statement about the on-box version of PRSM is true?
Cisco ASA NGFW comes preinstalled with a version of PRSM.
The collection of health modules and their settings is known as which option?
The FireAMP connector supports which proxy type?
Where is the File Fetch context menu option available?
anywhere a filename or SHA-256 hash is displayed
A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time?
500 connectors over a 30-day period
Which hosts merit special consideration for crafting a policy?
Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule?
block with reset
Stacking allows a primary device to utilize which resources of secondary devices?
CPUs and memory
Which statement describes an advantage of the FireAMP product?
It provides enterprise visibility.
The gateway VPN feature supports which deployment types?
point-to-point, star, and mesh
What is the maximum timeout value for a browser session?
Which Cisco Secure Access solution provides centralized policy management to give administrators more granular control over access authorization?
Cisco Identity Services Engine