500-290 - IPS Express Security for Engineers

Go back to Cisco

Example Questions

Which statement is true when network traffic meets the criteria specified in a correlation rule? When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place? Which statement is true when adding a network to an access control rule? Which Cisco AMP deployment would you recommend for advanced customers that want comprehensive threat protection, investigation, and response? Which option is true when configuring an access control rule? Which interface type allows for bypass mode? Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation? Which option is not a characteristic of dashboard widgets or Context Explorer? Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access? Which statement represents detection capabilities of the HTTP preprocessor? Which feature in the Cisco AMP solution provides the ability to track malware activity over time? What does packet latency thresholding measure? Which option transmits policy-based alerts such as SNMP and syslog? Which statement is true regarding malware blocking over HTTP? Which event source can have a default workflow configured? Which interface type allows for VLAN tagging? Host criticality is an example of which option? Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence? Which policy controls malware blocking configuration? Which Sourcefire feature allows you to send traffic directly through the device without inspecting it? A user discovery agent can be installed on which platform? Which option is a remediation module that comes with the Sourcefire System? Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule? Which option is true regarding the $HOME_NET variable? The gateway VPN feature supports which deployment types? In addition to the discovery of new hosts, FireSIGHT can also perform which function? Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file? Which option is true of the Packet Information portion of the Packet View screen? FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types? How do you configure URL filtering? What is the maximum timeout value for a browser session? Which option is derived from the discovery component of FireSIGHT technology? Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations? One of the goals of geolocation is to identify which option? Which statement regarding user exemptions is true? Controlling simultaneous connections is a feature of which type of preprocessor? According to Gartner, which criteria distinguish a next-generation IPS? The IP address::/0 is equivalent to which IPv4 address and netmask? Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access? What are the two categories of variables that you can configure in Object Management? Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule? Which option is used to implement suppression in the Rule Management user interface? When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery? Which statement is true in regard to the Sourcefire Security Intelligence lists? FireSIGHT recommendations appear in which layer of the Policy Layers page? Where do you configure widget properties? Which statement is true concerning static NAT? A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type? When configuring an LDAP authentication object, which server type is available? Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?