500-285 Online Practice Questions and Answers

Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?

A. subscribe to a URL intelligence feed

B. subscribe to a VRT

C. upload a list that you create

D. automatically upload lists from a network share

Which statement is true when adding a network to an access control rule?

A. You can select only source networks.

B. You must have preconfigured the network as an object.

C. You can select the source and destination networks or network groups.

D. You cannot include multiple networks or network groups as sources or destinations.

FireSIGHT recommendations appear in which layer of the Policy Layers page?

A. Layer Summary

B. User Layers

C. Built-In Layers

D. FireSIGHT recommendations do not show up as a layer.

Which event source can have a default workflow configured?

A. user events

B. discovery events

C. server events

D. connection events

Alert priority is established in which way?

A. event classification

B. priority.conf file

C. host criticality selection

D. through Context Explorer

Stacking allows a primary device to utilize which resources of secondary devices?

A. interfaces, CPUs, and memory

B. CPUs and memory

C. interfaces, CPUs, memory, and storage

D. interfaces and storage

What does the whitelist attribute value "not evaluated" indicate?

A. The host is not a target of the whitelist.

B. The host could not be evaluated because no profile exists for it.

C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.

D. The host is not on a monitored network segment.

Which statement is true when network traffic meets the criteria specified in a correlation rule?

A. Nothing happens, because you cannot assign a group of rules to a correlation policy.

B. The network traffic is blocked.

C. The Defense Center generates a correlation event and initiates any configured responses.

D. An event is logged to the Correlation Policy Management table.

Which statement represents detection capabilities of the HTTP preprocessor?

A. You can configure it to blacklist known bad web servers.

B. You can configure it to normalize cookies in HTTP headers.

C. You can configure it to normalize image content types.

D. You can configure it to whitelist specific servers.

Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?

A. the rule group accordion

B. a filter bar

C. a link below the preprocessor heading

D. a button next to each preprocessor option that has a corresponding rule