500-285 Online Practice Questions and Answers

Which statement is true in regard to the Sourcefire Security Intelligence lists?

A. The global blacklist universally allows all traffic through the managed device.

B. The global whitelist cannot be edited.

C. IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

D. The Security Intelligence lists cannot be updated.

FireSIGHT recommendations appear in which layer of the Policy Layers page?

A. Layer Summary

B. User Layers

C. Built-In Layers

D. FireSIGHT recommendations do not show up as a layer.

A user discovery agent can be installed on which platform?

A. OpenLDAP

B. Windows

C. RADIUS

D. Ubuntu

What is the maximum timeout value for a browser session?

A. 60 minutes

B. 120 minutes

C. 1024 minutes

D. 1440 minutes

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

A. fast-path rules

B. thresholds or suppressions

C. blacklist

D. automatic application bypass

Stacking allows a primary device to utilize which resources of secondary devices?

A. interfaces, CPUs, and memory

B. CPUs and memory

C. interfaces, CPUs, memory, and storage

D. interfaces and storage

Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?

A. testing password strength when accessing an application

B. limiting general user access to administrative file shares

C. enforcing two-factor authentication for access to critical servers

D. issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one

A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

A. port scan

B. portsweep

C. decoy port scan

D. ACK scan