500-285 Sample Questions Answers

from Context Explorer

from the Analysis menu

from the cloud

from the Defense Center

port scan

portsweep

decoy port scan

ACK scan

The administrator can save the IPS policy with the TCP stream preprocessor turned off, but the rules requiring its operation will not function properly.

When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.

The administrator will be prevented from changing the rule state of the rules that require the TCP stream preprocessor until the TCP stream preprocessor is enabled.

When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the rules that require the TCP stream preprocessor will be turned off for the IPS policy.

The host is not a target of the whitelist.

The host could not be evaluated because no profile exists for it.

The whitelist status could not be updated because the correlation policy it belongs to is not enabled.

The host is not on a monitored network segment.

Cisco IOS Null Route

Syslog Route

Nmap Route Scan

Response Group

Non-administrators can be made exempt on an individual basis.

Exempt users have a browser session timeout restriction of 24 hours.

Administrators can be exempt from any browser session timeout value.

By default, all users cannot be exempt from any browser session timeout value.

appliance policy

system policy

correlation policy

health policy

event classification

priority.conf file

host criticality selection

through Context Explorer

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Rule Category

Global

Source

Protocol

The Commit Changes button is enabled.

A system message notifies you.

You are prompted to save your changes on every screen refresh.

A yellow, triangular icon displays next to the Policy Information option in the navigation panel.

provides a table view of events

allows you to download a PCAP formatted file of the session that triggered the event

displays packet data in a format based on TCP/IP layers

shows you the user that triggered the event

Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.

Context Explorer can be added as a widget to a dashboard.

Widgets offer users an at-a-glance view of their environment.

Widgets are offered to all users, whereas Context Explorer is limited to a few roles.

The global blacklist universally allows all traffic through the managed device.

The global whitelist cannot be edited.

IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

The Security Intelligence lists cannot be updated.

is a policy-level variable

has a default value of "all"

defines the network the active policy protects

is used by all rules to define the internal network