Cisco.passguide.500 285.v2014!12!29.by.grayson.53q Unprotected

www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn

Passguide 500-285 Grayson 53q

Number: 500-285Passing Score: 800Time Limit: 120 minFile Version: 14.0

Exam code: 500-285

Exam name: Securing Cisco Networks with Sourcefire IPS

kinan

Text Box

Dumps & Student Guide & Workshop & Internal Training & Video Training Update Daily https://goo.gl/VVmVZ0


500-285

QUESTION 1What are the two categories of variables that you can configure in Object Management?

A. System Default Variables and FireSIGHT-Specific VariablesB. System Default Variables and Procedural VariablesC. Default Variables and Custom VariablesD. Policy-Specific Variables and Procedural Variables

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 2Which option is true regarding the $HOME_NET variable?

A. is a policy-level variableB. has a default value of "all"C. defines the network the active policy protectsD. is used by all rules to define the internal network



QUESTION 3Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?

A. subscribe to a URL intelligence feedB. subscribe to a VRTC. upload a list that you createD. automatically upload lists from a network share




QUESTION 4Which statement is true in regard to the Sourcefire Security Intelligence lists?

A. The global blacklist universally allows all traffic through the managed device.B. The global whitelist cannot be edited.C. IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.D. The Security Intelligence lists cannot be updated.



QUESTION 5How do you configure URL filtering?

A. Add blocked URLs to the global blacklist.B. Create a Security Intelligence object that contains the blocked URLs and add the object to the access control policy.C. Create an access control rule and, on the URLs tab, select the URLs or URL categories that are to be blocked or allowed.D. Create a variable.



QUESTION 6When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place?

A. The protocol is restricted to TCP only.


B. The protocol is restricted to UDP only.C. The protocol is restricted to TCP or UDP.D. The protocol is restricted to TCP and UDP.



QUESTION 7Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you useif you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule?

A. interactive block with resetB. interactive blockC. blockD. block with reset

Correct Answer: DSection: (none)Explanation


QUESTION 8Which option transmits policy-based alerts such as SNMP and syslog?

A. the Defense CenterB. FireSIGHTC. the managed deviceD. the host




QUESTION 9When you are editing an intrusion policy, how do you know that you have changes?

A. The Commit Changes button is enabled.B. A system message notifies you.C. You are prompted to save your changes on every screen refresh.D. A yellow, triangular icon displays next to the Policy Information option in the navigation panel.



QUESTION 10FireSIGHT recommendations appear in which layer of the Policy Layers page?

A. Layer SummaryB. User LayersC. Built-In LayersD. FireSIGHT recommendations do not show up as a layer.



QUESTION 11Host criticality is an example of which option?

A. a default whitelistB. a default traffic profileC. a host attributeD. a correlation policy




QUESTION 12FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

A. protocol layerB. applicationC. objectsD. devices

Correct Answer: BSection: (none)Explanation


QUESTION 13When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is apossible type of discovery?

A. hostB. IPS eventC. anti-malwareD. networks

Correct Answer: ASection: (none)Explanation


QUESTION 14Which option is derived from the discovery component of FireSIGHT technology?


A. connection event table viewB. network profileC. host profileD. authentication objects



QUESTION 15The IP address ::/0 is equivalent to which IPv4 address and netmask?

A. 0.0.0.0B. 0.0.0.0/0C. 0.0.0.0/24D. The IP address ::/0 is not valid IPv6 syntax.



QUESTION 16In addition to the discovery of new hosts, FireSIGHT can also perform which function?

A. block trafficB. determine which users are involved in monitored connectionsC. discover information about usersD. route traffic




QUESTION 17A user discovery agent can be installed on which platform?

A. OpenLDAPB. WindowsC. RADIUSD. Ubuntu



QUESTION 18Other than navigating to the Network File Trajectory page for a file, which option is an alternative way of accessing the network trajectory of a file?

A. from Context ExplorerB. from the Analysis menuC. from the cloudD. from the Defense Center



QUESTION 19Which option can you enter in the Search text box to look for the trajectory of a particular file?

A. the MD5 hash value of the fileB. the SHA-256 hash value of the fileC. the URL of the fileD. the SHA-512 hash value of the file




QUESTION 20A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?

A. ScanB. Application ProtocolC. Threat NameD. File Name



QUESTION 21Which policy controls malware blocking configuration?

A. file policyB. malware policyC. access control policyD. IPS policy



QUESTION 22Which statement is true regarding malware blocking over HTTP?

A. It can be done only in the download direction.


B. It can be done only in the upload direction.C. It can be done in both the download and upload direction.D. HTTP is not a supported protocol for malware blocking.



QUESTION 23Which option describes Spero file analysis?

A. a method of analyzing the SHA-256 hash of a file to determine whether a file is malicious or notB. a method of analyzing the entire contents of a file to determine whether it is malicious or notC. a method of analyzing certain file characteristics, such as metadata and header information, to determine whether a file is malicious or notD. a method of analyzing a file by executing it in a sandbox environment and observing its behaviors to determine if it is malicious or not



QUESTION 24Which event source can have a default workflow configured?

A. user eventsB. discovery eventsC. server eventsD. connection events




QUESTION 25Where do you configure widget properties?

A. dashboard propertiesB. the Widget Properties button in the title bar of each widgetC. the Local Configuration pageD. Context Explorer



QUESTION 26Which statement describes the meaning of a red health status icon?

A. A critical threshold has been exceeded.B. At least one health module has failed.C. A health policy has been disabled on a monitored device.D. A warning threshold has been exceeded.



QUESTION 27What is the maximum timeout value for a browser session?

A. 60 minutesB. 120 minutesC. 1024 minutesD. 1440 minutes

Correct Answer: D


Section: (none)Explanation


QUESTION 28Which statement regarding user exemptions is true?

A. Non-administrators can be made exempt on an individual basis.B. Exempt users have a browser session timeout restriction of 24 hours.C. Administrators can be exempt from any browser session timeout value.D. By default, all users cannot be exempt from any browser session timeout value.



QUESTION 29Remote access to the Defense Center database has which characteristic?

A. read/writeB. read-onlyC. PostgresD. Estreamer



QUESTION 30The collection of health modules and their settings is known as which option?

A. appliance policy


B. system policyC. correlation policyD. health policy



QUESTION 31Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

A. AdministratorB. Intrusion AdministratorC. Maintenance UserD. Database Administrator



QUESTION 32When configuring an LDAP authentication object, which server type is available?

A. Microsoft Active DirectoryB. YahooC. OracleD. SMTP




QUESTION 33Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

A. AdministratorB. Intrusion AdministratorC. Security AnalystD. Security Analyst (Read-Only)



QUESTION 34Alert priority is established in which way?

A. event classificationB. priority.conf fileC. host criticality selectionD. through Context Explorer



QUESTION 35Which option describes the two basic components of Sourcefire Snort rules?

A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to defineexactly how alerting is to take place

B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria suchas source, destination, and protocol

C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the ruletriggers


D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matchingcriteria based on where a packet originates, where it is going, and over which protocol



QUESTION 36Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?

A. the directional operator in the rule headerB. the "flow" rule optionC. specification of the source and destination ports in the rule headerD. The detection engine evaluates all sides of a TCP communication regardless of the rule options.



QUESTION 37The gateway VPN feature supports which deployment types?

A. SSL and HTTPSB. PPTP and MPLSC. client and route-basedD. point-to-point, star, and mesh



QUESTION 38


Which interface type allows for bypass mode?

A. inlineB. switchedC. routedD. grouped



QUESTION 39Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

A. fast-path rulesB. thresholds or suppressionsC. blacklistD. automatic application bypass



QUESTION 40Which interface type allows for VLAN tagging?

A. inlineB. switchedC. high-availability linkD. passive




QUESTION 41Which statement is true concerning static NAT?

A. Static NAT supports only TCP traffic.B. Static NAT is normally deployed for outbound traffic only.C. Static NAT provides a one-to-one mapping between IP addresses.D. Static NAT provides a many-to-one mapping between IP addresses.



QUESTION 42Stacking allows a primary device to utilize which resources of secondary devices?

A. interfaces, CPUs, and memoryB. CPUs and memoryC. interfaces, CPUs, memory, and storageD. interfaces and storage



QUESTION 43Which statement is true when network traffic meets the criteria specified in a correlation rule?

A. Nothing happens, because you cannot assign a group of rules to a correlation policy.B. The network traffic is blocked.C. The Defense Center generates a correlation event and initiates any configured responses.


D. An event is logged to the Correlation Policy Management table.



QUESTION 44Which option is a valid whitelist evaluation value?

A. pendingB. violationC. semi-compliantD. not-evaluated



QUESTION 45Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

A. logging to database, SMS, SMTP, and SNMPB. logging to database, SMTP, SNMP, and PCAPC. logging to database, SNMP, syslog, and emailD. logging to database, PCAP, SMS, and SNMP



QUESTION 46Correlation policy rules allow you to construct criteria for alerting on very specific conditions.


Which option is an example of such a rule?

A. testing password strength when accessing an applicationB. limiting general user access to administrative file sharesC. enforcing two-factor authentication for access to critical serversD. issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it

was previously profiled as a compliant one



QUESTION 47Which option is a remediation module that comes with the Sourcefire System?

A. Cisco IOS Null RouteB. Syslog RouteC. Nmap Route ScanD. Response Group



QUESTION 48What does the whitelist attribute value "not evaluated" indicate?

A. The host is not a target of the whitelist.B. The host could not be evaluated because no profile exists for it.C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.D. The host is not on a monitored network segment.

Correct Answer: ASection: (none)


Explanation


QUESTION 49Controlling simultaneous connections is a feature of which type of preprocessor?

A. rate-based attack preventionB. detection enhancementC. TCP and network layer preprocessorsD. performance settings



QUESTION 50Which statement represents detection capabilities of the HTTP preprocessor?

A. You can configure it to blacklist known bad web servers.B. You can configure it to normalize cookies in HTTP headers.C. You can configure it to normalize image content types.D. You can configure it to whitelist specific servers.



QUESTION 51A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

A. port scanB. portsweep


C. decoy port scanD. ACK scan



QUESTION 52Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you areconfiguring?

A. the rule group accordionB. a filter barC. a link below the preprocessor headingD. a button next to each preprocessor option that has a corresponding rule



QUESTION 53What does packet latency thresholding measure?

A. the total elapsed time it takes to process a packetB. the amount of time it takes for a rule to processC. the amount of time it takes to process an eventD. the time span between a triggered event and when the packet is dropped



Cisco.passguide.500 285.v2014!12!29.by.grayson.53q Unprotected

Documents

Transcript of Cisco.passguide.500 285.v2014!12!29.by.grayson.53q Unprotected