500-285 Online Practice Questions and Answers

Which option is true of the Packet Information portion of the Packet View screen?

A. provides a table view of events

B. allows you to download a PCAP formatted file of the session that triggered the event

C. displays packet data in a format based on TCP/IP layers

D. shows you the user that triggered the event

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

A. protocol layer

B. application

C. objects

D. devices

The collection of health modules and their settings is known as which option?

A. appliance policy

B. system policy

C. correlation policy

D. health policy

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

A. Administrator

B. Intrusion Administrator

C. Security Analyst

D. Security Analyst (Read-Only)

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

A. Administrator

B. Intrusion Administrator

C. Maintenance User

D. Database Administrator

When configuring an LDAP authentication object, which server type is available?

A. Microsoft Active Directory

B. Yahoo

C. Oracle

D. SMTP

Alert priority is established in which way?

A. event classification

B. priority.conf file

C. host criticality selection

D. through Context Explorer

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?

A. the directional operator in the rule header

B. the "flow" rule option

C. specification of the source and destination ports in the rule header

D. The detection engine evaluates all sides of a TCP communication regardless of the rule options.

Which option is a valid whitelist evaluation value?

A. pending

B. violation

C. semi-compliant

D. not-evaluated

Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?

A. The administrator can save the IPS policy with the TCP stream preprocessor turned off, but the rules requiring its operation will not function properly.

B. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.

C. The administrator will be prevented from changing the rule state of the rules that require the TCP stream preprocessor until the TCP stream preprocessor is enabled.

D. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the rules that require the TCP stream preprocessor will be turned off for the IPS policy.