1. Home
  2. Cisco
  3. Additional Online Exams
  4. 500-285
  5. Securing Cisco Networks with Sourcefire IPS Questions and Answers

Pass the Cisco Additional Online Exams 500-285 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which option is used to implement suppression in the Rule Management user interface?

Options:
A.

Rule Category

B.

Global

C.

Source

D.

Protocol

Expert Solution
Questions # 2:

FireSIGHT recommendations appear in which layer of the Policy Layers page?

Options:
A.

Layer Summary

B.

User Layers

C.

Built-In Layers

D.

FireSIGHT recommendations do not show up as a layer.

Expert Solution
Questions # 3:

Which statement describes the meaning of a red health status icon?

Options:
A.

A critical threshold has been exceeded.

B.

At least one health module has failed.

C.

A health policy has been disabled on a monitored device.

D.

A warning threshold has been exceeded.

Expert Solution
Questions # 4:

The collection of health modules and their settings is known as which option?

Options:
A.

appliance policy

B.

system policy

C.

correlation policy

D.

health policy

Expert Solution
Questions # 5:

Which option is true regarding the $HOME_NET variable?

Options:
A.

is a policy-level variable

B.

has a default value of "all"

C.

defines the network the active policy protects

D.

is used by all rules to define the internal network

Expert Solution
Questions # 6:

Which statement is true in regard to the Sourcefire Security Intelligence lists?

Options:
A.

The global blacklist universally allows all traffic through the managed device.

B.

The global whitelist cannot be edited.

C.

IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

D.

The Security Intelligence lists cannot be updated.

Expert Solution
Questions # 7:

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

Options:
A.

fast-path rules

B.

thresholds or suppressions

C.

blacklist

D.

automatic application bypass

Expert Solution
Questions # 8:

Which statement is true concerning static NAT?

Options:
A.

Static NAT supports only TCP traffic.

B.

Static NAT is normally deployed for outbound traffic only.

C.

Static NAT provides a one-to-one mapping between IP addresses.

D.

Static NAT provides a many-to-one mapping between IP addresses.

Expert Solution
Questions # 9:

Alert priority is established in which way?

Options:
A.

event classification

B.

priority.conf file

C.

host criticality selection

D.

through Context Explorer

Expert Solution
Questions # 10:

Which option describes the two basic components of Sourcefire Snort rules?

Options:
A.

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

B.

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

C.

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

D.

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions