GarGar123

1.

1 point

Which option can you enter in the Search text box to look for the trajectory of a particular file?

the MD5 hash value of the file

the URL of the file

the SHA-256 hash value of the file

the SHA-512 hash value of the file

2.

1 point

Correlation policy rules allow you to construct criteria for alerting on very specific conditions.
Which option is an example of such a rule?

enforcing two-factor authentication for access to critical servers

testing password strength when accessing an application

limiting general user access to administrative file shares

issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one

3.

1 point

Which option describes Spero file analysis?

a method of analyzing the SHA-256 hash of a file to determine whether a file is malicious or not

a method of analyzing a file by executing it in a sandbox environment and observing its behaviors to determine if it is malicious or not

a method of analyzing certain file characteristics, such as metadata and header information, to determine whether a file is malicious or not

a method of analyzing the entire contents of a file to determine whether it is malicious or not

4.

1 point

Which option is one of the three methods of updating the IP addresses in Sourcefire Security
Intelligence?

subscribe to a VRT

subscribe to a URL intelligence feed

automatically upload lists from a network share

upload a list that you create

5.

1 point

Host criticality is an example of which option?

a default whitelist

a correlation policy

a default traffic profile

a host attribute

6.

1 point

Where do you configure widget properties?

Context Explorer

dashboard properties

the Widget Properties button in the title bar of each widget

the Local Configuration page

7.

1 point

Which event source can have a default workflow configured?

server events

connection events

user events

discovery events

8.

1 point

A context box opens when you click on an event icon in the Network File Trajectory map for a file.
Which option is an element of the box?

Threat Name

File Name

Scan

Application Protocol

9.

1 point

Which option is derived from the discovery component of FireSIGHT technology?

host profile

network profile

connection event table view

authentication objects

10.

1 point

Which statement regarding user exemptions is true?

By default, all users cannot be exempt from any browser session timeout value.

Exempt users have a browser session timeout restriction of 24 hours.

Non-administrators can be made exempt on an individual basis.

Administrators can be exempt from any browser session timeout value.

11.

1 point

A user discovery agent can be installed on which platform?

RADIUS

OpenLDAP

Ubuntu

Windows

12.

1 point

When configuring an LDAP authentication object, which server type is available?

Yahoo

Microsoft Active Directory

SMTP

Oracle

13.

1 point

When you are editing an intrusion policy, how do you know that you have changes?

A yellow, triangular icon displays next to the Policy Information option in the navigation panel.

The Commit Changes button is enabled.

You are prompted to save your changes on every screen refresh

A system message notifies you

14.

1 point

Which Sourcefire feature allows you to send traffic directly through the device without inspecting
it?

thresholds or suppressions

fast-path rules

blacklist

automatic application bypass

15.

1 point

Access control policy rules can be configured to block based on the conditions that you specify in
each rule. Which behavior block response do you use if you want to deny and reset the connection
of HTTP traffic that meets the conditions of the access control rule?

interactive block with reset

block

interactive block

block with reset

16.

1 point

When configuring FireSIGHT detection, an administrator would create a network discovery policy
and set the action to "discover". Which option is a possible type of discovery?

anti-malware

host

IPS event

17.

1 point

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not
valid for FireSIGHT event access?

Intrusion Administrator

Security Analyst

Security Analyst (Read-Only)

Administrator

18.

1 point

How do you configure URL filtering?

Create an access control rule and, on the URLs tab, select the URLs or URL categories that are to be blocked or allowed.

Create a Security Intelligence object that contains the blocked URLs and add the object to the access control policy.

Create a variable.

Add blocked URLs to the global blacklist.

19.

1 point

Stacking allows a primary device to utilize which resources of secondary devices?

interfaces, CPUs, memory, and storage

interfaces, CPUs, and memory

CPUs and memory

interfaces and storage

20.

1 point

What is the maximum timeout value for a browser session?

60 minutes

120 minutes

1024 minutes

1440 minutes

21.

1 point

FireSIGHT uses three primary types of detection to understand the environment in which it is
deployed. Which option is one of the detection types?

application

protocol layer

objects

devices

22.

1 point

According to Gartner, which criteria distinguish a next-generation IPS?

content awareness, contextual awareness, and Agile Security engine

Agile Security engine, VPN, and context awareness

full-stack visibility, contextual awareness, and network access control

firewall capabilities, full-stack visibility, and content awareness

23.

1 point

The gateway VPN feature supports which deployment types?

client and route-based

SSL and HTTPS

PPTP and MPLS

point-to-point, star, and mesh

24.

1 point

Which Cisco AMP deployment would you recommend for advanced customers that want comprehensive threat protection, investigation, and response?

AMP for VPN

trajectory

AMP for Networks

AMP for MX

25.

1 point

Which statement is true when adding a network to an access control rule?

You must have preconfigured the network as an object.

You can select the source and destination networks or network groups.

You can select only source networks.

You cannot include multiple networks or network groups as sources or destinations

26.

1 point

Which option transmits policy-based alerts such as SNMP and syslog?

the Defense Center

the managed device

the host

FireSIGHT

27.

1 point

Which statement is true in regard to the Sourcefire Security Intelligence lists?

The global blacklist universally allows all traffic through the managed device.

The Security Intelligence lists cannot be updated.

IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer

The global whitelist cannot be edited.

28.

1 point

Which interface type allows for bypass mode?

inline

switched

grouped

routed

29.

1 point

In addition to the discovery of new hosts, FireSIGHT can also perform which function?

discover information about users

block traffic

route traffic

determine which users are involved in monitored connections

30.

1 point

One of the goals of geolocation is to identify which option?

the location of any IP address

the location of a routable IP address

the location of a TCP connection

the location of a MAC address

31.

1 point

FireSIGHT recommendations appear in which layer of the Policy Layers page?

Layer Summary

User Layers

FireSIGHT recommendations do not show up as a layer

Built-In Layers

32.

1 point

Which feature in the Cisco AMP solution provides the ability to track malware activity over time?

malware detection

blacklisting

trajectory

sandboxing

33.

1 point

Other than navigating to the Network File Trajectory page for a file, which option is an alternative
way of accessing the network trajectory of a file?

from the Defense Center

from the cloud

from Context Explorer

from the Analysis menu

34.

1 point

Which option is not a characteristic of dashboard widgets or Context Explorer?

Widgets offer users an at-a-glance view of their environment.

Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.

Widgets are offered to all users, whereas Context Explorer is limited to a few roles

Context Explorer can be added as a widget to a dashboard.

35.

1 point

Cisco FireSIGHT can provide visibility into which three types of information that competing products cannot? (Choose three.)

client-side applications

DoS attacks

database queries

viruses

VM communications

mobile devices

36.

1 point

Which option is true when configuring an access control rule?

You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.

You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.

You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses

You can use geolocation criteria to specify source and destination IP addresses by continent but not by country

37.

1 point

Which option is a valid whitelist evaluation value?

pending

semi-compliant

not-evaluated

violation

38.

1 point

The IP address::/0 is equivalent to which IPv4 address and netmask?

The IP address::/0 is not valid IPv6 syntax.

0.0.0.0

0.0.0.0/0

0.0.0.0/24

39.

1 point

Which statement describes the meaning of a red health status icon?

A health policy has been disabled on a monitored device.

A warning threshold has been exceeded.

At least one health module has failed.

A critical threshold has been exceeded.

40.

1 point

The collection of health modules and their settings is known as which option?

system policy

correlation policy

appliance policy

health policy

41.

1 point

When adding source and destination ports in the Ports tab of the access control policy rule editor,
which restriction is in place?

The protocol is restricted to TCP only.

The protocol is restricted to TCP or UDP.

The protocol is restricted to TCP and UDP.

The protocol is restricted to UDP only.

42.

1 point

Which interface type allows for VLAN tagging?

switched

passive

high-availability link

inline

43.

1 point

Which statement is true regarding malware blocking over HTTP?

It can be done only in the download direction.

It can be done in both the download and upload direction.

It can be done only in the upload direction.

HTTP is not a supported protocol for malware blocking.

44.

1 point

What are the two categories of variables that you can configure in Object Management?

System Default Variables and Procedural Variables

System Default Variables and FireSIGHT-Specific Variables

Policy-Specific Variables and Procedural Variables

Default Variables and Custom Variables

45.

1 point

Which option is true of the Packet Information portion of the Packet View screen?

shows you the user that triggered the event

displays packet data in a format based on TCP/IP layers

allows you to download a PCAP formatted file of the session that triggered the event

provides a table view of events

46.

1 point

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid
for FireSIGHT event access?

Maintenance User

Intrusion Administrator

Database Administrator

Administrator

47.

1 point

Which option is used to implement suppression in the Rule Management user interface?

Global

Source

Rule Category

Protocol

48.

1 point

Which policy controls malware blocking configuration?

IPS policy

access control policy

file policy

malware policy

49.

1 point

Which option is true regarding the $HOME_NET variable?

defines the network the active policy protects

is used by all rules to define the internal network

is a policy-level variable

has a default value of "all"

50.

1 point

Which statement is true concerning static NAT?

Static NAT provides a one-to-one mapping between IP addresses.

Static NAT supports only TCP traffic

Static NAT provides a many-to-one mapping between IP addresses.

Static NAT is normally deployed for outbound traffic only.