[Free] Download New Latest (January 2016) Cisco 500-285 Real Exam 11-20

Ensurepass

QUESTION 11

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?

 

A.

the directional operator in the rule header

B.

the “flow” rule option

C.

specification of the source and destination ports in the rule header

D.

The detection engine evaluates all sides of a TCP communication regardless of the rule options.

 

Correct Answer: B

 

 

QUESTION 12

Which event source can have a default workflow configured?

 

A.

user events

B.

discovery events

C.

server events

D.

connection events

 

Correct Answer: B

 

 

QUESTION 13

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

 

A.

Administrator

B.

Intrusion Administrator

C.

Security Analyst

D.

Security Analyst (Read-Only)

 

Correct Answer: B

 

 

QUESTION 14

A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?

 

A.

Scan

B.

Application Protocol

C.

Threat Name

D.

File Name

 

Correct Answer: B

 

 

QUESTION 15

Which option is true of the Packet Information portion of the Packet View screen?

 

A.

provides a table view of events

B.

allows you to download a PCAP formatted file of the session that triggered the event

C.

displays packet data in a format based on TCP/IP layers

D.

shows you the user that triggered the event

 

Correct Answer: C

 

 

QUESTION 16

Which option describes the two basic components of Sourcefire Snort rules?

 

A.

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

B.

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

C.

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

D.

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

 

Correct Answer: D

 

 

QUESTION 17

Controlling simultaneous connections is a feature of which type of preprocessor?

 

A.

rate-based attack prevention

B.

detection e
nhancement

C.

TCP and network layer preprocessors

D.

performance settings

 

Correct Answer: A

 

 

QUESTION 18

Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

 

A.

logging to database, SMS, SMTP, and SNMP

B.

logging to database, SMTP, SNMP, and PCAP

C.

logging to database, SNMP, syslog, and email

D.

logging to database, PCAP, SMS, and SNMP

 

Correct Answer: C

QUESTION 19

Alert priority is established in which way?

 

A.

event classification

B.

priority.conf file

C.

host criticality selection

D.

through Context Explorer

 

Correct Answer: A

 

 

QUESTION 20

Remote access to the Defense Center database has which characteristic?

 

A.

read/write

B.

read-only

C.

Postgres

D.

Estreamer

 

Correct Answer: B

 

Free VCE & PDF File for Cisco 500-285 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.