500-285 Online Practice Questions and Answers

What are the two categories of variables that you can configure in Object Management?

A. System Default Variables and FireSIGHT-Specific Variables

B. System Default Variables and Procedural Variables

C. Default Variables and Custom Variables

D. Policy-Specific Variables and Procedural Variables

Which statement is true when adding a network to an access control rule?

A. You can select only source networks.

B. You must have preconfigured the network as an object.

C. You can select the source and destination networks or network groups.

D. You cannot include multiple networks or network groups as sources or destinations.

Which option is true when configuring an access control rule?

A. You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.

B. You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses.

C. You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.

D. You can use geolocation criteria to specify source and destination IP addresses by continent but not by country.

Which option is not a characteristic of dashboard widgets or Context Explorer?

A. Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.

B. Context Explorer can be added as a widget to a dashboard.

C. Widgets offer users an at-a-glance view of their environment.

D. Widgets are offered to all users, whereas Context Explorer is limited to a few roles.

Which option is true of the Packet Information portion of the Packet View screen?

A. provides a table view of events

B. allows you to download a PCAP formatted file of the session that triggered the event

C. displays packet data in a format based on TCP/IP layers

D. shows you the user that triggered the event

Which option is used to implement suppression in the Rule Management user interface?

A. Rule Category

B. Global

C. Source

D. Protocol

Host criticality is an example of which option?

A. a default whitelist

B. a default traffic profile

C. a host attribute

D. a correlation policy

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

A. protocol layer

B. application

C. objects

D. devices

A. It can be done only in the download direction.

B. It can be done only in the upload direction.

C. It can be done in both the download and upload direction.

D. HTTP is not a supported protocol for malware blocking.

Which event source can have a default workflow configured?

A. user events

B. discovery events

C. server events

D. connection events

Alert priority is established in which way?

A. event classification

B. priority.conf file

C. host criticality selection

D. through Context Explorer

What does the whitelist attribute value "not evaluated" indicate?

A. The host is not a target of the whitelist.

B. The host could not be evaluated because no profile exists for it.

C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.

D. The host is not on a monitored network segment.

Which statement is true when network traffic meets the criteria specified in a correlation rule?

A. Nothing happens, because you cannot assign a group of rules to a correlation policy.

B. The network traffic is blocked.

C. The Defense Center generates a correlation event and initiates any configured responses.

D. An event is logged to the Correlation Policy Management table.

Controlling simultaneous connections is a feature of which type of preprocessor?

A. rate-based attack prevention

B. detection enhancement

C. TCP and network layer preprocessors

D. performance settings

What does packet latency thresholding measure?

A. the total elapsed time it takes to process a packet

B. the amount of time it takes for a rule to process

C. the amount of time it takes to process an event

D. the time span between a triggered event and when the packet is dropped