500-275 Dumps

500-275 Braindumps

500-275 Real Questions

500-275 Practice Test

1. Actual Questions

   
   

   Cisco

   
   

   500-275

   
   

   Securing Cisco Networks with Sourcefire FireAMP Endpoints

   
   

   https://killexams.com/pass4sure/exam-detail/500-275

   Question #153

   
   

   Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?

   
   

   

   1. subscribe to a URL intelligence feed

      

   2. subscribe to a VRT

      

   3. upload a list that you create

      

   4. automatically upload lists from a network share

Answer: C Question #154

Which statement is true in regard to the Sourcefire Security Intelligence lists?

1. The global blacklist universally allows all traffic through the managed device.

   

2. The global whitelist cannot be edited.

   

3. IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

   

4. The Security Intelligence lists cannot be updated.

Answer: C Question #155

When building a platform for a Snort installation, which set of components is a major security concern?

1. IP address, mask, and gateway settings

   

2. host naming conventions

   

3. URL feed vendors

   

4. default accounts and settings

Answer: D Question #156

In the IP addressing scheme of your organization, each subnet consists of 4096 hosts, and the beginning of the addressing scheme is 172.16.0.0. Your remote office is allocated the range of addresses from the first subnet. What are the CIDR notation, network address, broadcast address, and valid IP address in your assigned range?

A. 172.16.0.0/24, 172.16.0.0, 172.16.8.255, 172.16.0.51

B. 172.16.0.0/20, 172.16.0.0, 172.16.15.255, 172.16.8.252

C. 172.16.0.0/16, 172.16.0.0, 172.16.32.255, 172.16.22.4

D. 172.16.0.0/12, 172.16.0.0, 172.16.64.255, 172.16.52.112

Answer: B Question #157

Which statement about implementing DAQ is true?

1. It is a shell script that works on any Linux platform.

   

2. It must be compiled separately.

   

3. You must obtain it from Sourceforge.

   

4. It is not open source.

Answer: B Question #158

Which version of libpcap does DAQ require?

1. 0.9.8 or later

   

2. 1.0.0 or later

   

3. any version

   

4. none

Answer: B Question #159

If Snort is installed and the sensor, database, and web server all reside on the same machine, to which ports should remote access of the sensor be restricted?

1. 22 and 443

   

2. 80 and 443

   

3. 443 and 3306

   

4. 23 and 80

Answer: A Question #160

To execute a command in Linux while in the directory where it is located, and be sure you are only running that particular copy, what would you use in front of the executable name?

A. ./ B. ../

1. ..\

   

2. .\

Answer: A Question #161

Which application can read Barnyard log_pcap output plug-in files?

1. SnortReport

   

2. BASE or ACID

   

3. tcpdump

   

4. Snorby

Answer: C Question #162

To accept input from Snort and produce various forms of output, the Barnyard architecture consists of which components?

1. preprocessors and reassemblers

   

2. preprocessors and detection engine

   

3. data processors and output plug-ins

   

4. data processors and reassemblers

Answer: C Question #163

Barnyard has a mode of operation that reads the most current unified log file and processes new unified files as they become available. What is this mode called?

1. one-shot

   

2. continual

   

3. continual with checkpoint

   

4. unified

Answer: B Question #164

What does the log_dump output plug-in do?

1. converts data into a format similar to Snort ASCII packet dump mode

   

2. converts data into a format similar to Snort fast alert mode

   

3. converts log data to PCAP-formatted output

   

4. converts data to CVS format

Answer: A Question #165

Which output method is the fastest for Snort?

1. unified2

   

2. database

   

3. binary (tcpdump)

   

4. CSV

Answer: A Question #166

Which command-line argument can you use with Snort to produce a binary output file?

1. -B

   

2. -b

   

3. -u

   

4. -U

Answer: B Question #167

Which command-line argument can you use with Snort to read a previously created file?

1. -O

   

2. -o

   

3. -p

   

4. -r

Answer: D Question #168

What must you do to produce ASCII-formatted output from Snort?

1. Do nothing because Snort produces ASCII output by default.

   

2. Use the -K ascii switch when you start Snort from the command line.

   

3. Compile Snort with the -K ascii flag in the configure command.

   

4. Use a third-party application to convert native Snort output to ASCII.

Answer: B Question #169

For which application is Snort output suitable?

1. tcpdump

   

2. Wireshark

   

3. any application that can read PCAP format

   

4. NMap

Answer: C

6$03/( 48(67,216

7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV

.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP

$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP

([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP

3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV

*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV

8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV

7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\

'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG