New 500-285 exam questions from PassLeader 500-285 dumps! Welcome to download the newest PassLeader 500-285 VCE and PDF dumps: http://www.passleader.com/500-285.html (65 Q&As)
P.S. Free 500-285 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpZXM1eGxaQXZ4amM
QUESTION 21
Which option is a valid whitelist evaluation value?
A. pending
B. violation
C. semi-compliant
D. not-evaluated
Answer: D
QUESTION 22
Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?
A. logging to database, SMS, SMTP, and SNMP
B. logging to database, SMTP, SNMP, and PCAP
C. logging to database, SNMP, syslog, and email
D. logging to database, PCAP, SMS, and SNMP
Answer: C
QUESTION 23
Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?
A. testing password strength when accessing an application
B. limiting general user access to administrative file shares
C. enforcing two-factor authentication for access to critical servers
D. issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one
Answer: D
QUESTION 24
Which option is a remediation module that comes with the Sourcefire System?
A. Cisco IOS Null Route
B. Syslog Route
C. Nmap Route Scan
D. Response Group
Answer: A
QUESTION 25
What does the whitelist attribute value “not evaluated” indicate?
A. The host is not a target of the whitelist.
B. The host could not be evaluated because no profile exists for it.
C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.
D. The host is not on a monitored network segment.
Answer: A
QUESTION 26
Controlling simultaneous connections is a feature of which type of preprocessor?
A. rate-based attack prevention
B. detection enhancement
C. TCP and network layer preprocessors
D. performance settings
Answer: A
QUESTION 27
Which statement represents detection capabilities of the HTTP preprocessor?
A. You can configure it to blacklist known bad web servers.
B. You can configure it to normalize cookies in HTTP headers.
C. You can configure it to normalize image content types.
D. You can configure it to whitelist specific servers.
Answer: B
QUESTION 28
A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?
A. port scan
B. portsweep
C. decoy port scan
D. ACK scan
Answer: B
QUESTION 29
Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?
A. the rule group accordion
B. a filter bar
C. a link below the preprocessor heading
D. a button next to each preprocessor option that has a corresponding rule
Answer: C
QUESTION 30
What does packet latency thresholding measure?
A. the total elapsed time it takes to process a packet
B. the amount of time it takes for a rule to process
C. the amount of time it takes to process an event
D. the time span between a triggered event and when the packet is dropped
Answer: A
New 500-285 exam questions from PassLeader 500-285 dumps! Welcome to download the newest PassLeader 500-285 VCE and PDF dumps: http://www.passleader.com/500-285.html (65 Q&As)
P.S. Free 500-285 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpZXM1eGxaQXZ4amM