Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Cisco 500-285 - Securing Cisco Networks with Sourcefire IPS

Cisco 500-285 Premium Access     Download Demo    
Page: 1 / 2
Total 60 questions

A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

A.

port scan

B.

portsweep

C.

decoy port scan

D.

ACK scan

What does packet latency thresholding measure?

A.

the total elapsed time it takes to process a packet

B.

the amount of time it takes for a rule to process

C.

the amount of time it takes to process an event

D.

the time span between a triggered event and when the packet is dropped

Where do you configure widget properties?

A.

dashboard properties

B.

the Widget Properties button in the title bar of each widget

C.

the Local Configuration page

D.

Context Explorer

Remote access to the Defense Center database has which characteristic?

A.

read/write

B.

read-only

C.

Postgres

D.

Estreamer

One of the goals of geolocation is to identify which option?

A.

the location of any IP address

B.

the location of a MAC address

C.

the location of a TCP connection

D.

the location of a routable IP address

Which option is true of the Packet Information portion of the Packet View screen?

A.

provides a table view of events

B.

allows you to download a PCAP formatted file of the session that triggered the event

C.

displays packet data in a format based on TCP/IP layers

D.

shows you the user that triggered the event

Which option describes the two basic components of Sourcefire Snort rules?

A.

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

B.

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

C.

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

D.

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Alert priority is established in which way?

A.

event classification

B.

priority.conf file

C.

host criticality selection

D.

through Context Explorer

Which statement is true when network traffic meets the criteria specified in a correlation rule?

A.

Nothing happens, because you cannot assign a group of rules to a correlation policy.

B.

The network traffic is blocked.

C.

The Defense Center generates a correlation event and initiates any configured responses.

D.

An event is logged to the Correlation Policy Management table.

Which option is a valid whitelist evaluation value?

A.

pending

B.

violation

C.

semi-compliant

D.

not-evaluated