Securing Cisco Networks with Sourcefire IPS v7.0 (500-285)

Page:    1 / 4   
Total 63 questions

Which statement describes the meaning of a red health status icon?

  • A. A critical threshold has been exceeded.
  • B. At least one health module has failed.
  • C. A health policy has been disabled on a monitored device.
  • D. A warning threshold has been exceeded.


Answer : A

The collection of health modules and their settings is known as which option?

  • A. appliance policy
  • B. system policy
  • C. correlation policy
  • D. health policy


Answer : D

Where do you configure widget properties?

  • A. dashboard properties
  • B. the Widget Properties button in the title bar of each widget
  • C. the Local Configuration page
  • D. Context Explorer


Answer : B

Which event source can have a default workflow configured?

  • A. user events
  • B. discovery events
  • C. server events
  • D. connection events


Answer : B

What is the maximum timeout value for a browser session?

  • A. 60 minutes
  • B. 120 minutes
  • C. 1024 minutes
  • D. 1440 minutes


Answer : D

Remote access to the Defense Center database has which characteristic?

A. read/write -

B. read-only -

C. Postgres -

D. Estreamer -



Answer : B Topic 8, Account Management

When configuring an LDAP authentication object, which server type is available?

  • A. Microsoft Active Directory
  • B. Yahoo
  • C. Oracle
  • D. SMTP


Answer : A

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

  • A. Administrator
  • B. Intrusion Administrator
  • C. Security Analyst
  • D. Security Analyst (Read-Only)


Answer : B

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

A. Administrator -

B. Intrusion Administrator -

C. Maintenance User -

D. Database Administrator -



Answer : A Topic 9, Creating Snort Rules

Alert priority is established in which way?

  • A. event classification
  • B. priority.conf file
  • C. host criticality selection
  • D. through Context Explorer


Answer : A

Which option describes the two basic components of Sourcefire Snort rules?

  • A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place
  • B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol
  • C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers
  • D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol


Answer : D

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?
A. the directional operator in the rule header

B. the "flow" rule option -
C. specification of the source and destination ports in the rule header
D. The detection engine evaluates all sides of a TCP communication regardless of the rule options.



Answer : B Topic 10, Device Management

The gateway VPN feature supports which deployment types?

  • A. SSL and HTTPS
  • B. PPTP and MPLS
  • C. client and route-based
  • D. point-to-point, star, and mesh


Answer : D

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

  • A. fast-path rules
  • B. thresholds or suppressions
  • C. blacklist
  • D. automatic application bypass


Answer : A

Which interface type allows for bypass mode?

  • A. inline
  • B. switched
  • C. routed
  • D. grouped


Answer : A

Page:    1 / 4   
Total 63 questions