500-285 Online Practice Questions and Answers
What are the two categories of variables that you can configure in Object Management?
A. System Default Variables and FireSIGHT-Specific Variables
B. System Default Variables and Procedural Variables
C. Default Variables and Custom Variables
D. Policy-Specific Variables and Procedural Variables
Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?
A. subscribe to a URL intelligence feed
B. subscribe to a VRT
C. upload a list that you create
D. automatically upload lists from a network share
Which option transmits policy-based alerts such as SNMP and syslog?
A. the Defense Center
B. FireSIGHT
C. the managed device
D. the host
A user discovery agent can be installed on which platform?
A. OpenLDAP
B. Windows
C. RADIUS
D. Ubuntu
Which option describes Spero file analysis?
A. a method of analyzing the SHA-256 hash of a file to determine whether a file is malicious or not
B. a method of analyzing the entire contents of a file to determine whether it is malicious or not
C. a method of analyzing certain file characteristics, such as metadata and header information, to determine whether a file is malicious or not
D. a method of analyzing a file by executing it in a sandbox environment and observing its behaviors to determine if it is malicious or not
A. It can be done only in the download direction.
B. It can be done only in the upload direction.
C. It can be done in both the download and upload direction.
D. HTTP is not a supported protocol for malware blocking.
Which statement regarding user exemptions is true?
A. Non-administrators can be made exempt on an individual basis.
B. Exempt users have a browser session timeout restriction of 24 hours.
C. Administrators can be exempt from any browser session timeout value.
D. By default, all users cannot be exempt from any browser session timeout value.
Which interface type allows for bypass mode?
A. inline
B. switched
C. routed
D. grouped
Which statement is true when network traffic meets the criteria specified in a correlation rule?
A. Nothing happens, because you cannot assign a group of rules to a correlation policy.
B. The network traffic is blocked.
C. The Defense Center generates a correlation event and initiates any configured responses.
D. An event is logged to the Correlation Policy Management table.
Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?
A. The administrator can save the IPS policy with the TCP stream preprocessor turned off, but the rules requiring its operation will not function properly.
B. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.
C. The administrator will be prevented from changing the rule state of the rules that require the TCP stream preprocessor until the TCP stream preprocessor is enabled.
D. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the rules that require the TCP stream preprocessor will be turned off for the IPS policy.
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.