500-275 Dumps
500-275 Braindumps
500-275 Real Questions
500-275 Practice Test
Actual Questions
killexams.com
Securing Cisco Networks with Sourcefire FireAMP Endpoints
https://killexams.com/pass4sure/exam-detail/500-275
Question #153
Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?
subscribe to a URL intelligence feed
subscribe to a VRT
upload a list that you create
automatically upload lists from a network share
Which statement is true in regard to the Sourcefire Security Intelligence lists?
The global blacklist universally allows all traffic through the managed device.
The global whitelist cannot be edited.
IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.
The Security Intelligence lists cannot be updated.
When building a platform for a Snort installation, which set of components is a major security concern?
IP address, mask, and gateway settings
host naming conventions
URL feed vendors
default accounts and settings
In the IP addressing scheme of your organization, each subnet consists of 4096 hosts, and the beginning of the addressing scheme is 172.16.0.0. Your remote office is allocated the range of addresses from the first subnet. What are the CIDR notation, network address, broadcast address, and valid IP address in your assigned range?
A. 172.16.0.0/24, 172.16.0.0, 172.16.8.255, 172.16.0.51
B. 172.16.0.0/20, 172.16.0.0, 172.16.15.255, 172.16.8.252
C. 172.16.0.0/16, 172.16.0.0, 172.16.32.255, 172.16.22.4
D. 172.16.0.0/12, 172.16.0.0, 172.16.64.255, 172.16.52.112
Which statement about implementing DAQ is true?
It is a shell script that works on any Linux platform.
It must be compiled separately.
You must obtain it from Sourceforge.
It is not open source.
Which version of libpcap does DAQ require?
0.9.8 or later
1.0.0 or later
any version
none
If Snort is installed and the sensor, database, and web server all reside on the same machine, to which ports should remote access of the sensor be restricted?
22 and 443
80 and 443
443 and 3306
23 and 80
To execute a command in Linux while in the directory where it is located, and be sure you are only running that particular copy, what would you use in front of the executable name?
A. ./ B. ../
..\
.\
Which application can read Barnyard log_pcap output plug-in files?
SnortReport
BASE or ACID
tcpdump
Snorby
To accept input from Snort and produce various forms of output, the Barnyard architecture consists of which components?
preprocessors and reassemblers
preprocessors and detection engine
data processors and output plug-ins
data processors and reassemblers
Barnyard has a mode of operation that reads the most current unified log file and processes new unified files as they become available. What is this mode called?
one-shot
continual
continual with checkpoint
unified
What does the log_dump output plug-in do?
converts data into a format similar to Snort ASCII packet dump mode
converts data into a format similar to Snort fast alert mode
converts log data to PCAP-formatted output
converts data to CVS format
Which output method is the fastest for Snort?
unified2
database
binary (tcpdump)
CSV
Which command-line argument can you use with Snort to produce a binary output file?
-B
-b
-u
-U
Which command-line argument can you use with Snort to read a previously created file?
-O
-o
-p
-r
What must you do to produce ASCII-formatted output from Snort?
Do nothing because Snort produces ASCII output by default.
Use the -K ascii switch when you start Snort from the command line.
Compile Snort with the -K ascii flag in the configure command.
Use a third-party application to convert native Snort output to ASCII.
For which application is Snort output suitable?
tcpdump
Wireshark
any application that can read PCAP format
NMap