500-285 Online Practice Questions and Answers

What are the two categories of variables that you can configure in Object Management?

A. System Default Variables and FireSIGHT-Specific Variables

B. System Default Variables and Procedural Variables

C. Default Variables and Custom Variables

D. Policy-Specific Variables and Procedural Variables

Which option is true regarding the $HOME_NET variable?

A. is a policy-level variable

B. has a default value of "all"

C. defines the network the active policy protects

D. is used by all rules to define the internal network

Host criticality is an example of which option?

A. a default whitelist

B. a default traffic profile

C. a host attribute

D. a correlation policy

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

A. protocol layer

B. application

C. objects

D. devices

Which option is derived from the discovery component of FireSIGHT technology?

A. connection event table view

B. network profile

C. host profile

D. authentication objects

Which policy controls malware blocking configuration?

A. file policy

B. malware policy

C. access control policy

D. IPS policy

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

A. Administrator

B. Intrusion Administrator

C. Security Analyst

D. Security Analyst (Read-Only)

Which option describes the two basic components of Sourcefire Snort rules?

A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Which option is a remediation module that comes with the Sourcefire System?

A. Cisco IOS Null Route

B. Syslog Route

C. Nmap Route Scan

D. Response Group

Controlling simultaneous connections is a feature of which type of preprocessor?

A. rate-based attack prevention

B. detection enhancement

C. TCP and network layer preprocessors

D. performance settings