500-285 Securing Cisco Networks with Sourcefire Intrusion Prevention System (Exam 8)

500-285 Securing Cisco Networks with Sourcefire Intrusion Prevention System (Exam 8)

created by Fisher BRink (@fisher) at Feb. 8, 2016
  • What is the minimum action that you should take when configuring a new Snort insta...

  • Which syntax correctly expresses a port variable?

  • Which statement about the FTPTelnet preprocessor is true?

  • Which preprocessor can normalize the IIS %u encoding scheme?

  • When Snort receives packets, in which order are they placed into the preprocessors?

  • Which configuration is optimal for the frag3 engine?

  • Which preprocessor maintains connection state so that attacks that manifest over m...

  • Which preprocessor uses a global directive and an engine instance directive in the...

  • What is a GID?

  • Which file defines Snort IDs and associated alert labels that are not provided wit...

  • Which information does the rule body contain?

  • Which character must a rule body end with?

  • Which keyword can you use to check a packet IP header TTL value?

  • Which action is valid for decoder/preprocessor stub rules?

  • Which keyword can you use to try to close a session when an alert is triggered?

  • Which rule keyword categorizes alerts into attack classes?

  • Given the rule option byte_test:1, ,64,2;, what is the offset?

  • Given the rule option byte_jump:4,4,relative, align;, how many bytes are being jum...

  • Given the regular expression /[^Cc]at/, where does the system look for the "C" or ...

  • Which option is true regarding the $HOME_NET variable?

Be the first to review
Login and Review
  • info
    Quiz Info
  • date_range
    Feb. 8, 2016, 3:42 a.m.
    help_outline
    20 questions
    dvr
    0 completed
    remove_red_eye
    0 views
    people
    0 takers
    folder

  • 500-285 Securing Cisco Networks with Sourcefire Intrusion Prevention System (Exam 8) QR code

Ratings

star_borderstar_borderstar_borderstar_borderstar_border
ratings