March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Cisco 500-285 Dumps

Page: 1 / 2
Total 59 questions

Securing Cisco Networks with Sourcefire IPS Questions and Answers

Question 1

Which statement is true when adding a network to an access control rule?

Options:

A.

You can select only source networks.

B.

You must have preconfigured the network as an object.

C.

You can select the source and destination networks or network groups.

D.

You cannot include multiple networks or network groups as sources or destinations.

Question 2

Which option is true when configuring an access control rule?

Options:

A.

You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.

B.

You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses.

C.

You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.

D.

You can use geolocation criteria to specify source and destination IP addresses by continent but not by country.

Question 3

Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?

Options:

A.

testing password strength when accessing an application

B.

limiting general user access to administrative file shares

C.

enforcing two-factor authentication for access to critical servers

D.

issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one

Question 4

Which statement is true when network traffic meets the criteria specified in a correlation rule?

Options:

A.

Nothing happens, because you cannot assign a group of rules to a correlation policy.

B.

The network traffic is blocked.

C.

The Defense Center generates a correlation event and initiates any configured responses.

D.

An event is logged to the Correlation Policy Management table.

Question 5

Which option describes the two basic components of Sourcefire Snort rules?

Options:

A.

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

B.

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

C.

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

D.

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Question 6

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?

Options:

A.

the directional operator in the rule header

B.

the "flow" rule option

C.

specification of the source and destination ports in the rule header

D.

The detection engine evaluates all sides of a TCP communication regardless of the rule options.

Question 7

Which statement is true concerning static NAT?

Options:

A.

Static NAT supports only TCP traffic.

B.

Static NAT is normally deployed for outbound traffic only.

C.

Static NAT provides a one-to-one mapping between IP addresses.

D.

Static NAT provides a many-to-one mapping between IP addresses.

Question 8

The gateway VPN feature supports which deployment types?

Options:

A.

SSL and HTTPS

B.

PPTP and MPLS

C.

client and route-based

D.

point-to-point, star, and mesh

Question 9

What does packet latency thresholding measure?

Options:

A.

the total elapsed time it takes to process a packet

B.

the amount of time it takes for a rule to process

C.

the amount of time it takes to process an event

D.

the time span between a triggered event and when the packet is dropped

Page: 1 / 2
Total 59 questions