500-275 Online Practice Questions and Answers

File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?

A. MD5

B. SHA-1

C. filenames

D. SHA-256

Which set of actions would you take to create a simple custom detection?

A. Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA256 values.

B. Upload a packet capture; use a Snort rule; use a ClamAV rule.

C. Manually input the PE header data, the MD-5 hash, and a list of MD-5 hashes.

D. Input the file and file name.

Custom whitelists are used for which purpose?

A. to specify which files to alert on

B. to specify which files to delete

C. to specify which files to ignore

D. to specify which files to sandbox

Which question should be in your predeployment checklist?

A. How often are backup jobs run?

B. Are any Linux servers being deployed?

C. Who are the users of the hosts on which you will deploy?

D. Which applications are installed on the hosts on which you will deploy?

What is the default command-line switch configuration, if you run a connector installation with no parameters?

A. /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0

B. /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 0

C. /desktopicon 0 /startmenu 0 /contextmenu 0 /skipdfc 1 /skiptetra 1

D. /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 1

How many days' worth of data do the widgets on the dashboard page display?

A. the previous 5 days of data

B. the previous 6 days of data

C. the previous 7 days of data

D. the number of days you set in the dashboard configuration

Which statement is true about the Device Trajectory feature?

A. It shows where the endpoint devices have moved in your environment by displaying each IP address that a device has had over time.

B. A "plus" sign on the File Trajectory map indicates that you can execute the file inside FireAMP.

C. In the File Trajectory map, you can view the parent process for a file by selecting the infected system.

D. It shows hosts that display Indications of Compromise.

Which information does the File Trajectory feature show?

A. the time that the scan was run

B. the name of the file

C. the hosts on which the file was seen and points in time where events occurred

D. the protocol

Which statement about two-step authentication is true?

A. It is the ability to use two separate passwords.

B. It is the ability to enable biometric authentication.

C. It is the ability to have a passphrase sent to a mobile device.

D. It is the ability to use a verification code in conjunction with the correct username and password.

Which of these can you use for two-step authentication?

A. the Apple Authenticator app

B. the Google Authenticator app

C. a SecurID token

D. any RFC 1918 compatible application