500-285 - Securing Cisco Networks with Sourcefire Intrusion Prevention System

Go back to Cisco

Example Questions

What is the default command-line switch configuration, if you run a connector installation with no parameters? Incident responders use which policy mode for outbreak control? Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule? Which Cisco ASA NGFW license is needed to allow a high-school security administration to implement policy to allow student access to high-reputation sites only? To execute a command in Linux while in the directory where it is located, and be sure you are only running that particular copy, what would you use in front of the executable name? The FireAMP connector monitors the system for which type of activity? Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication? Where do you configure widget properties? Which statement regarding user exemptions is true? Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access? Which action can you take from the Detections/Quarantine screen? When you are editing an intrusion policy, how do you know that you have changes? Which statement best describes application recognition on the Cisco ASA NGFW? Which option can you enter in the Search text box to look for the trajectory of a particular file? Which interface type allows for bypass mode? From the Deployment screen, you can deploy agents via which mechanism? In a FireAMP Private Cloud installation, deployed connectors communicate with which server? Which option describes Spero file analysis? On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command? A user discovery agent can be installed on which platform? In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events? A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type? Which option represents a configuration step on first use? Which option is true of the Packet Information portion of the Packet View screen? Which statement about two-step authentication is true? The IP address::/0 is equivalent to which IPv4 address and netmask? What does the whitelist attribute value "not evaluated" indicate? Advanced custom signatures are written using which type of syntax? A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box? The Update Window allows you to perform which action? What is the primary reason that customers need content security today? How can customers feed new intelligence such as files and hashes to FireAMP? Which set of actions would you take to create a simple custom detection? Which statement is true in regard to the Sourcefire Security Intelligence lists? Which type of activity is shown in the Device Trajectory page? Which option is true when configuring an access control rule? Which statement is true when network traffic meets the criteria specified in a correlation rule? What is the default clean disposition cache setting? Which statement about the on-box version of PRSM is true? The collection of health modules and their settings is known as which option? The FireAMP connector supports which proxy type? Where is the File Fetch context menu option available? A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time? Which hosts merit special consideration for crafting a policy? Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule? Stacking allows a primary device to utilize which resources of secondary devices? Which statement describes an advantage of the FireAMP product? The gateway VPN feature supports which deployment types? What is the maximum timeout value for a browser session? Which Cisco Secure Access solution provides centralized policy management to give administrators more granular control over access authorization?

Study Guides