500-285 Online Practice Questions and Answers

Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?

A. subscribe to a URL intelligence feed

B. subscribe to a VRT

C. upload a list that you create

D. automatically upload lists from a network share

Which statement is true when adding a network to an access control rule?

A. You can select only source networks.

B. You must have preconfigured the network as an object.

C. You can select the source and destination networks or network groups.

D. You cannot include multiple networks or network groups as sources or destinations.

When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place?

A. The protocol is restricted to TCP only.

B. The protocol is restricted to UDP only.

C. The protocol is restricted to TCP or UDP.

D. The protocol is restricted to TCP and UDP.

When you are editing an intrusion policy, how do you know that you have changes?

A. The Commit Changes button is enabled.

B. A system message notifies you.

C. You are prompted to save your changes on every screen refresh.

D. A yellow, triangular icon displays next to the Policy Information option in the navigation panel.

The collection of health modules and their settings is known as which option?

A. appliance policy

B. system policy

C. correlation policy

D. health policy

Alert priority is established in which way?

A. event classification

B. priority.conf file

C. host criticality selection

D. through Context Explorer

Which interface type allows for VLAN tagging?

A. inline

B. switched

C. high-availability link

D. passive

What does the whitelist attribute value "not evaluated" indicate?

A. The host is not a target of the whitelist.

B. The host could not be evaluated because no profile exists for it.

C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.

D. The host is not on a monitored network segment.

Which statement represents detection capabilities of the HTTP preprocessor?

A. You can configure it to blacklist known bad web servers.

B. You can configure it to normalize cookies in HTTP headers.

C. You can configure it to normalize image content types.

D. You can configure it to whitelist specific servers.

Controlling simultaneous connections is a feature of which type of preprocessor?

A. rate-based attack prevention

B. detection enhancement

C. TCP and network layer preprocessors

D. performance settings