Securing Cisco Networks with Sourcefire IPS v7.0

Page:    1 / 4   
Exam contains 63 questions

Which statement describes the meaning of a red health status icon?

  • A. A critical threshold has been exceeded.
  • B. At least one health module has failed.
  • C. A health policy has been disabled on a monitored device.
  • D. A warning threshold has been exceeded.


Answer : A

The collection of health modules and their settings is known as which option?

  • A. appliance policy
  • B. system policy
  • C. correlation policy
  • D. health policy


Answer : D

Where do you configure widget properties?

  • A. dashboard properties
  • B. the Widget Properties button in the title bar of each widget
  • C. the Local Configuration page
  • D. Context Explorer


Answer : B

Which event source can have a default workflow configured?

  • A. user events
  • B. discovery events
  • C. server events
  • D. connection events


Answer : B

What is the maximum timeout value for a browser session?

  • A. 60 minutes
  • B. 120 minutes
  • C. 1024 minutes
  • D. 1440 minutes


Answer : D

Remote access to the Defense Center database has which characteristic?

A. read/write -

B. read-only -

C. Postgres -

D. Estreamer -



Answer : B Topic 8, Account Management

When configuring an LDAP authentication object, which server type is available?

  • A. Microsoft Active Directory
  • B. Yahoo
  • C. Oracle
  • D. SMTP


Answer : A

Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

  • A. Administrator
  • B. Intrusion Administrator
  • C. Security Analyst
  • D. Security Analyst (Read-Only)


Answer : B

Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

A. Administrator -

B. Intrusion Administrator -

C. Maintenance User -

D. Database Administrator -



Answer : A Topic 9, Creating Snort Rules

Alert priority is established in which way?

  • A. event classification
  • B. priority.conf file
  • C. host criticality selection
  • D. through Context Explorer


Answer : A

Which option describes the two basic components of Sourcefire Snort rules?

  • A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place
  • B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol
  • C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers
  • D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol


Answer : D

Which mechanism should be used to write an IPS rule that focuses on the client or server side of a TCP communication?
A. the directional operator in the rule header

B. the "flow" rule option -
C. specification of the source and destination ports in the rule header
D. The detection engine evaluates all sides of a TCP communication regardless of the rule options.



Answer : B Topic 10, Device Management

The gateway VPN feature supports which deployment types?

  • A. SSL and HTTPS
  • B. PPTP and MPLS
  • C. client and route-based
  • D. point-to-point, star, and mesh


Answer : D

Which Sourcefire feature allows you to send traffic directly through the device without inspecting it?

  • A. fast-path rules
  • B. thresholds or suppressions
  • C. blacklist
  • D. automatic application bypass


Answer : A

Which interface type allows for bypass mode?

  • A. inline
  • B. switched
  • C. routed
  • D. grouped


Answer : A

Page:    1 / 4   
Exam contains 63 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.