500-275 Dumps 500-275 Braindumps 500-275 Real Questions 500-275 Practice Test 500-275 Actual Questions Cisco 500-275 Securing Cisco Networks with Sourcefire FireAMP Endpoints https://killexams.com/pass4sure/exam-detail/500-275 Question #153 Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence? A. subscribe to a URL intelligence feed B. subscribe to a VRT C. upload a list that you create D. automatically upload lists from a network share Answer: C Question #154 Which statement is true in regard to the Sourcefire Security Intelligence lists? A. The global blacklist universally allows all traffic through the managed device. B. The global whitelist cannot be edited. C. IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer. D. The Security Intelligence lists cannot be updated. Answer: C Question #155 When building a platform for a Snort installation, which set of components is a major security concern? A. IP address, mask, and gateway settings B. host naming conventions C. URL feed vendors D. default accounts and settings Answer: D Question #156 In the IP addressing scheme of your organization, each subnet consists of 4096 hosts, and the beginning of the addressing scheme is 172.16.0.0. Your remote office is allocated the range of addresses from the first subnet. What are the CIDR notation, network address, broadcast address, and valid IP address in your assigned range? A. 172.16.0.0/24, 172.16.0.0, 172.16.8.255, 172.16.0.51 B. 172.16.0.0/20, 172.16.0.0, 172.16.15.255, 172.16.8.252 C. 172.16.0.0/16, 172.16.0.0, 172.16.32.255, 172.16.22.4 D. 172.16.0.0/12, 172.16.0.0, 172.16.64.255, 172.16.52.112 Answer: B Question #157 Which statement about implementing DAQ is true? A. It is a shell script that works on any Linux platform. B. It must be compiled separately. C. You must obtain it from Sourceforge. D. It is not open source. Answer: B Question #158 Which version of libpcap does DAQ require? A. 0.9.8 or later B. 1.0.0 or later C. any version D. none Answer: B Question #159 If Snort is installed and the sensor, database, and web server all reside on the same machine, to which ports should remote access of the sensor be restricted? A. 22 and 443 B. 80 and 443 C. 443 and 3306 D. 23 and 80 Answer: A Question #160 To execute a command in Linux while in the directory where it is located, and be sure you are only running that particular copy, what would you use in front of the executable name? A. ./ B. ../ C. ..\ D. .\ Answer: A Question #161 Which application can read Barnyard log_pcap output plug-in files? A. SnortReport B. BASE or ACID C. tcpdump D. Snorby Answer: C Question #162 To accept input from Snort and produce various forms of output, the Barnyard architecture consists of which components? A. preprocessors and reassemblers B. preprocessors and detection engine C. data processors and output plug-ins D. data processors and reassemblers Answer: C Question #163 Barnyard has a mode of operation that reads the most current unified log file and processes new unified files as they become available. What is this mode called? A. one-shot B. continual C. continual with checkpoint D. unified Answer: B Question #164 What does the log_dump output plug-in do? A. converts data into a format similar to Snort ASCII packet dump mode B. converts data into a format similar to Snort fast alert mode C. converts log data to PCAP-formatted output D. converts data to CVS format Answer: A Question #165 Which output method is the fastest for Snort? A. unified2 B. database C. binary (tcpdump) D. CSV Answer: A Question #166 Which command-line argument can you use with Snort to produce a binary output file? A. -B B. -b C. -u D. -U Answer: B Question #167 Which command-line argument can you use with Snort to read a previously created file? A. -O B. -o C. -p D. -r Answer: D Question #168 What must you do to produce ASCII-formatted output from Snort? A. Do nothing because Snort produces ASCII output by default. B. Use the -K ascii switch when you start Snort from the command line. C. Compile Snort with the -K ascii flag in the configure command. D. Use a third-party application to convert native Snort output to ASCII. Answer: B Question #169 For which application is Snort output suitable? A. tcpdump B. Wireshark C. any application that can read PCAP format D. NMap Answer: C 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG