500-275 Securing Cisco Networks with Sourcefire FireAMP Endpoints

Page 1   
Question 1

The Update Window allows you to perform which action?

  • A. identify which hosts need to be updated
  • B. email the user to download a new client
  • C. specify a timeframe when an upgrade can be started and stopped
  • D. update your cloud instance

Answer : C

Question 2

The FireAMP connector supports which proxy type?

  • A. SOCKS6
  • B. HTTP_proxy
  • C. SOCKS5_filename
  • D. SOCKS7

Answer : B

Question 3

What do policies enable you to do?

  • A. specify a custom whitelist
  • B. specify group membership
  • C. specify hosts to include in reports
  • D. specify which events to view

Answer : A

Question 4

What is the default clean disposition cache setting?

  • A. 3600
  • B. 604800
  • C. 10080
  • D. 1 hour

Answer : B

Question 5

Which statement represents a best practice for deploying on Windows servers?

  • A. You should treat Windows servers like any other host in the deployment.
  • B. You should obtain the Microsoft TechNet article that describes the proper exclusions for Windows servers.
  • C. You should never configure exclusions for Windows servers.
  • D. You should deploy FireAMP connectors only alongside existing antivirus software on Windows servers.

Answer : B

Question 6

Incident responders use which policy mode for outbreak control?

  • A. Audit
  • B. Protect
  • C. Triage
  • D. Emergency

Answer : C

Question 7

Which question should be in your predeployment checklist?

  • A. How often are backup jobs run?
  • B. Are any Linux servers being deployed?
  • C. Who are the users of the hosts on which you will deploy?
  • D. Which applications are installed on the hosts on which you will deploy?

Answer : D

Question 8

Which hosts merit special consideration for crafting a policy?

  • A. end-user hosts
  • B. domain controllers
  • C. Linux servers
  • D. none, because all hosts should get equal consideration

Answer : B

Question 9

From the Deployment screen, you can deploy agents via which mechanism?

  • A. push to client
  • B. zip install file
  • C. user download from Sourcefire website or email
  • D. precompiled RPM package

Answer : C

Question 10

What is the default command-line switch configuration, if you run a connector installation
with no parameters?

  • A. <installer package name> /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0
  • B. <installer package name> /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 0
  • C. <installer package name> /desktopicon 0 /startmenu 0 /contextmenu 0 /skipdfc 1 /skiptetra 1
  • D. <installer package name> /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 1

Answer : A

Question 11

How many days' worth of data do the widgets on the dashboard page display?

  • A. the previous 5 days of data
  • B. the previous 6 days of data
  • C. the previous 7 days of data
  • D. the number of days you set in the dashboard configuration

Answer : C

Question 12

Which type of activity is shown in the Device Trajectory page?

  • A. the IP addresses of hosts on which a file was seen
  • B. the activity of the FireAMP console users
  • C. the hosts that are in the same group as the selected host
  • D. file creation

Answer : D

Question 13

Which statement is true about the Device Trajectory feature?

  • A. It shows where the endpoint devices have moved in your environment by displaying each IP address that a device has had over time.
  • B. A "plus" sign on the File Trajectory map indicates that you can execute the file inside FireAMP.
  • C. In the File Trajectory map, you can view the parent process for a file by selecting the infected system.
  • D. It shows hosts that display Indications of Compromise.

Answer : C

Question 14

When you are viewing information about a computer, what is displayed?

  • A. the type of antivirus software that is installed
  • B. the internal IP address
  • C. when the operating system was installed
  • D. the console settings

Answer : B

Question 15

How can customers feed new intelligence such as files and hashes to FireAMP?

  • A. by uploading it to the FTP server
  • B. from the connector
  • C. through the management console
  • D. by sending it via email

Answer : C

Page 1