Cisco 500-285 SSFIPS Exam Practice Test Instant Access

Question 1

Which statement is true when network traffic meets the criteria specified in a correlation rule?

ANothing happens, because you cannot assign a group of rules to a correlation policy.

BThe network traffic is blocked.

CThe Defense Center generates a correlation event and initiates any configured responses.

DAn event is logged to the Correlation Policy Management table.

Answer : C

Question 2

Which option describes the two basic components of Sourcefire Snort rules?

Apreprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

Ba rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

Ca rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

Da rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Answer : D

Question 3

Alert priority is established in which way?

Aevent classification

Bpriority.conf file

Chost criticality selection

Dthrough Context Explorer

Answer : A

Question 4

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

AAdministrator

BIntrusion Administrator

CSecurity Analyst

DSecurity Analyst (Read-Only)

Answer : B

Question 5

When configuring an LDAP authentication object, which server type is available?

AMicrosoft Active Directory

BYahoo

COracle

DSMTP

Answer : A

Question 6

Which policy controls malware blocking configuration?

Afile policy

Bmalware policy

Caccess control policy

DIPS policy

Answer : A

Question 7

A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?

AScan

BApplication Protocol

CThreat Name

DFile Name

Answer : B

Cisco 500-285 Securing Cisco Networks with Fire-SIGHT Intrusion Prevention System SSFIPS Exam Practice Test