Want to know Examcollection 500-285 Exam practice test features? Want to lear more about Cisco Securing Cisco Networks with Sourcefire IPS certification experience? Study Practical Cisco 500-285 answers to Replace 500-285 questions at Examcollection. Gat a success with an absolute guarantee to pass Cisco 500-285 (Securing Cisco Networks with Sourcefire IPS) test on your first attempt.

2021 Jul 500-285 study guide

Q1. When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery? 

A. host 

B. IPS event 

C. anti-malware 

D. networks 

Answer: A 


Q2. Which statement is true when adding a network to an access control rule? 

A. You can select only source networks. 

B. You must have preconfigured the network as an object. 

C. You can select the source and destination networks or network groups. 

D. You cannot include multiple networks or network groups as sources or destinations. 

Answer: C 


Q3. Which option transmits policy-based alerts such as SNMP and syslog? 

A. the Defense Center 

B. FireSIGHT 

C. the managed device 

D. the host 

Answer: C 


Q4. Which option is a valid whitelist evaluation value? 

A. pending 

B. violation 

C. semi-compliant 

D. not-evaluated 

Answer: D 


Q5. Which statement is true when network traffic meets the criteria specified in a correlation rule? 

A. Nothing happens, because you cannot assign a group of rules to a correlation policy. 

B. The network traffic is blocked. 

C. The Defense Center generates a correlation event and initiates any configured responses. 

D. An event is logged to the Correlation Policy Management table. 

Answer: C 


2passeasy.com

Regenerate 500-285 free practice questions:

Q6. Which Sourcefire feature allows you to send traffic directly through the device without inspecting it? 

A. fast-path rules 

B. thresholds or suppressions 

C. blacklist 

D. automatic application bypass 

Answer: A 


Q7. Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset the connection of HTTP traffic that meets the conditions of the access control rule? 

A. interactive block with reset 

B. interactive block 

C. block 

D. block with reset 

Answer: D 


Q8. Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations? 

A. logging to database, SMS, SMTP, and SNMP 

B. logging to database, SMTP, SNMP, and PCAP 

C. logging to database, SNMP, syslog, and email 

D. logging to database, PCAP, SMS, and SNMP 

Answer: C 


Q9. The collection of health modules and their settings is known as which option? A. appliance policy 

B. system policy 

C. correlation policy 

D. health policy 

Answer: D 


Q10. Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access? 

A. Administrator 

B. Intrusion Administrator 

C. Maintenance User 

D. Database Administrator 

Answer: A