500-290 - IPS Express Security for Engineers
Go back to Cisco
Which statement is true when network traffic meets the criteria specified in a correlation rule?
The Defense Center generates a correlation event and initiates any configured responses.
When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place?
The protocol is restricted to TCP or UDP.
Which statement is true when adding a network to an access control rule?
You can select the source and destination networks or network groups.
Which Cisco AMP deployment would you recommend for advanced customers that want comprehensive threat protection, investigation, and response?
AMP for Networks
Which option is true when configuring an access control rule?
You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.
Which interface type allows for bypass mode?
Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?
When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.
Which option is not a characteristic of dashboard widgets or Context Explorer?
Context Explorer can be added as a widget to a dashboard.
Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?
Which statement represents detection capabilities of the HTTP preprocessor?
You can configure it to normalize cookies in HTTP headers.
Which feature in the Cisco AMP solution provides the ability to track malware activity over time?
What does packet latency thresholding measure?
the total elapsed time it takes to process a packet
Which option transmits policy-based alerts such as SNMP and syslog?
the managed device
Which statement is true regarding malware blocking over HTTP?
It can be done in both the download and upload direction.
Which event source can have a default workflow configured?
Which interface type allows for VLAN tagging?
Host criticality is an example of which option?
a host attribute
Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?
upload a list that you create
Which policy controls malware blocking configuration?
Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?
A user discovery agent can be installed on which platform?
Which option is a remediation module that comes with the Sourcefire System?
Cisco IOS Null Route
Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?
issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one
Which option is true regarding the $HOME_NET variable?
defines the network the active policy protects
The gateway VPN feature supports which deployment types?
point-to-point, star, and mesh
In addition to the discovery of new hosts, FireSIGHT can also perform which function?
determine which users are involved in monitored connections
Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file?
from Context Explorer
Which option is true of the Packet Information portion of the Packet View screen?
displays packet data in a format based on TCP/IP layers
FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?
How do you configure URL filtering?
Create an access control rule and, on the URLs tab, select the URLs or URL categories that are to be blocked or allowed.
What is the maximum timeout value for a browser session?
Which option is derived from the discovery component of FireSIGHT technology?
Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?
logging to database, SNMP, syslog, and email
One of the goals of geolocation is to identify which option?
the location of a routable IP address
Which statement regarding user exemptions is true?
Non-administrators can be made exempt on an individual basis.
Controlling simultaneous connections is a feature of which type of preprocessor?
rate-based attack prevention
According to Gartner, which criteria distinguish a next-generation IPS?
content awareness, contextual awareness, and Agile Security engine
The IP address::/0 is equivalent to which IPv4 address and netmask?
Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?
What are the two categories of variables that you can configure in Object Management?
Default Variables and Custom Variables
Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule?
block with reset
Which option is used to implement suppression in the Rule Management user interface?
When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery?
Which statement is true in regard to the Sourcefire Security Intelligence lists?
IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.
FireSIGHT recommendations appear in which layer of the Policy Layers page?
Where do you configure widget properties?
the Widget Properties button in the title bar of each widget
Which statement is true concerning static NAT?
Static NAT provides a one-to-one mapping between IP addresses.
A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?
When configuring an LDAP authentication object, which server type is available?
Microsoft Active Directory
Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?
a link below the preprocessor heading