cisco.certkiller.500 275.v2015!03!28.by.jeannette.50q unprotected

www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn

CertKiller.500-275.50Q.A

Number: 500-275Passing Score: 800Time Limit: 120 minFile Version: 5.3

Cisco 500-275Securing Cisco Networks with Sourcefire FireAMP Endpoints

Alhamdullilah passed the 500-275 exam today with 93%.I found this Pretty easy,because ALL the questions are given in section vise which are easy to understand.It contains updated questions that do not appear in previous dump versions.I've downloaded and looks pretty good vce file.I can confirm this file is 100% valid for the exam. All questions from this vce.

Sections1. FireAMP Overview and Architecture2. Outbreak Control Menu Items3. Enpoint Policies4. Groups and Development

kinan

Text Box

Dumps & Student Guide & Workshop & Internal Training & Video Training Update Daily https://goo.gl/VVmVZ0


5. Analysis and Reporting6. Private Cloud7. Accounts8. FireAMP Connector9. Console Interface


Exam A

QUESTION 1Real 4Cisco 500-275 ExamHow does application blocking enhance security?

A. It identifies and logs usage.B. It tracks application abuse.C. It deletes identified applications.D. It blocks vulnerable applications from running, until they are patched.

Correct Answer: DSection: Outbreak Control Menu ItemsExplanation

Explanation/Reference:most obvious answer.

QUESTION 2How can customers feed new intelligence such as files and hashes to FireAMP?

A. by uploading it to the FTP serverB. from the connectorC. through the management consoleD. by sending it via email

Correct Answer: CSection: Analysis and ReportingExplanation

Explanation/Reference:Explanation:

QUESTION 3Where does an administrator go to get a copy of a fetched file?

A. the Business Defaults pageB. the File menu, followed by Downloads

Real 17Cisco 500-275 Exam


C. the File RepositoryD. the Search selection in the Analysis menu

Correct Answer: CSection: Console InterfaceExplanation

Explanation/Reference:answer is genuine.

QUESTION 4Which FireAMP capability can tell you how malware has spread in a network?

A. File AnalysisB. Threat Root CauseC. File TrajectoryD. Heat Map


Explanation/Reference:specific answer,

QUESTION 5The FireAMP Mobile endpoint connector currently supports which mobile OS device?

A. FirefoxB. HTML5C. AndroidD. iPhone

Correct Answer: CSection: FireAMP Overview and ArchitectureExplanation



QUESTION 6Which statement describes an advantage of the FireAMP product?

A. Signatures are pushed to endpoints more quickly than other antivirus products.B. Superior detection algorithms on the endpoint limit the amount of work the cloud must perform.C. It provides enterprise visibility.D. It relies on sandboxing.



QUESTION 7Which feature allows retrospective detection?

A. Total RecallB. Cloud RecallC. Recall AlertD. Recall Analysis

Correct Answer: BSection: FireAMP Overview and ArchitectureExplanation

Explanation/Reference:sensual answer.

QUESTION 8Which statement describes an advantage of cloud-based detection?

A. Limited customization allows for faster detection.B. Fewer resources are required on the endpoint.C. Sandboxing reduces the overall management overhead of the system.D. High-speed analytical engines on the endpoint limit the amount of work the cloud must perform.

Correct Answer: BSection: FireAMP Overview and Architecture


Explanation

Explanation/Reference:answer is best.

QUESTION 9The FireAMP connector monitors the system for which type of activity?

A. VulnerabilitiesB. Enforcement of usage policiesC. File operationsD. Authentication activity



QUESTION 10Which disposition can be returned in response to a malware cloud lookup?

A. DirtyB. VirusC. MalwareD. Infected


Explanation/Reference:answer is confirmed.

QUESTION 11Real 3Cisco 500-275 ExamWhich option is a detection technology that is used by FireAMP?

A. fuzzy matching


B. Norton AntiVirusC. network scansD. Exterminator

Correct Answer: ASection: FireAMP Overview and ArchitectureExplanation


QUESTION 12If a file's SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned?

A. CleanB. NeutralC. MalwareD. Unavailable

Correct Answer: BSection: FireAMP Overview and ArchitectureExplanation

Explanation/Reference:ALL options are properly mentioned.

QUESTION 13File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?

A. MD5B. SHA-1C. filenamesD. SHA-256

Correct Answer: DSection: FireAMP Overview and ArchitectureExplanation

Explanation/Reference:genuine answer.


QUESTION 14In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events?

A. opadmin.<your domain>.comB. console.<your domain>.comC. cloud.<your domain>.comD. aws.<your domain>.com

Correct Answer: BSection: Private CloudExplanation

Explanation/Reference:real answer.

QUESTION 15A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time?

A. 100 connectors over a 15-day periodB. 1000 connectors over a 45-day periodC. 5000 connectors over a 10-day periodD. 500 connectors over a 30-day period

Correct Answer: DSection: Private CloudExplanation


QUESTION 16The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy?


A. Audit LogB. UsersC. Applications


D. Business

Correct Answer: DSection: AccountsExplanation


QUESTION 17Which statement about two-step authentication is true?

A. It is the ability to use two separate passwords.B. It is the ability to enable biometric authentication.C. It is the ability to have a passphrase sent to a mobile device.D. It is the ability to use a verification code in conjunction with the correct username and password.

Correct Answer: DSection: AccountsExplanation

Explanation/Reference:ALL right.

QUESTION 18Which of these can you use for two-step authentication?

A. the Apple Authenticator appB. the Google Authenticator appC. a SecurID tokenD. any RFC 1918 compatible application

Correct Answer: BSection: AccountsExplanation


QUESTION 19


When a user initiates a scan, which types of scan are available as options?


A. scheduled scan, thorough scan, quick scan, network scanB. jiffy scan, overnight scan, scan when available, vulnerability scanC. flash scan, custom scan, full scanD. none, because user-initiated scans are not allowed

Correct Answer: CSection: FireAMP ConnectorExplanation

Explanation/Reference:answer is Okay.

QUESTION 20Which pair represents equivalent processes whose names differ, depending on the connector version that you are running?

A. immunet_protect and iptrayB. agent.exe and sfc.exeC. TETRA and SPEROD. ETHOS and SPERO

Correct Answer: BSection: FireAMP ConnectorExplanation

Explanation/Reference:upgraded answer.

QUESTION 21When discussing the FireAMP product, which term does the acronym DFC represent?


A. It means Detected Forensic Cause.B. It means Duplicate File Contents.


C. It means Device Flow Correlation.D. It is not an acronym that is associated with the FireAMP product.

Correct Answer: CSection: Outbreak Control Menu ItemsExplanation


QUESTION 22Custom whitelists are used for which purpose?

A. to specify which files to alert onB. to specify which files to deleteC. to specify which files to ignoreD. to specify which files to sandbox



QUESTION 23The FireAMP connector supports which proxy type?

A. SOCKS6B. HTTP_proxyC. SOCKS5_filenameD. SOCKS7

Correct Answer: BSection: Enpoint PoliciesExplanation

Explanation/Reference:nice.


QUESTION 24What do policies enable you to do?


A. specify a custom whitelistB. specify group membershipC. specify hosts to include in reportsD. specify which events to view

Correct Answer: ASection: Enpoint PoliciesExplanation


QUESTION 25What is the default clean disposition cache setting?

A. 3600B. 604800C. 10080D. 1 hour

Correct Answer: BSection: Enpoint PoliciesExplanation

Explanation/Reference:real answer.

QUESTION 26The Update Window allows you to perform which action?

A. identify which hosts need to be updatedB. email the user to download a new clientC. specify a timeframe when an upgrade can be started and stoppedD. update your cloud instance


Correct Answer: CSection: Enpoint PoliciesExplanation


QUESTION 27From the Deployment screen, you can deploy agents via which mechanism?

A. push to clientB. .zip install fileC. user download from Sourcefire website or emailD. precompiled RPM package

Correct Answer: CSection: Groups and DevelopmentExplanation

Explanation/Reference:appropriate answer.

QUESTION 28What is the default command-line switch configuration, if you run a connector installation with no parameters?

A. <installer package name> /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0B. <installer package name> /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 0 Real 9

Cisco 500-275 ExamC. <installer package name> /desktopicon 0 /startmenu 0 /contextmenu 0 /skipdfc 1 /skiptetra 1D. <installer package name> /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 1

Correct Answer: ASection: Groups and DevelopmentExplanation


QUESTION 29


When you are viewing information about a computer, what is displayed?

A. the type of antivirus software that is installedB. the internal IP addressC. when the operating system was installedD. the console settings

Correct Answer: BSection: Analysis and ReportingExplanation

Explanation/Reference:agreed with the answer.

QUESTION 30What is the first system that is infected with a particular malware called?

A. Patient ZeroB. SourceC. InfectorD. Carrier

Correct Answer: ASection: Analysis and ReportingExplanation

Explanation/Reference:exact answer.

QUESTION 31Which action can you take from the Detections/Quarantine screen?

A. Create a policy.B. Restore the detected file.


C. Run a report.D. Change computer group membership.

Correct Answer: B


Section: Analysis and ReportingExplanation

Explanation/Reference:great answer.

QUESTION 32How many days' worth of data do the widgets on the dashboard page display?

A. the previous 5 days of dataB. the previous 6 days of dataC. the previous 7 days of dataD. the number of days you set in the dashboard configuration


Explanation/Reference:answer is outclass.

QUESTION 33Which type of activity is shown in the Device Trajectory page?

A. the IP addresses of hosts on which a file was seenB. the activity of the FireAMP console usersC. the hosts that are in the same group as the selected hostD. file creation

Correct Answer: DSection: Analysis and ReportingExplanation


QUESTION 34Which statement is true about the Device Trajectory feature?

A. It shows where the endpoint devices have moved in your environment by displaying each IP address that a device has had over time.


B. A "plus" sign on the File Trajectory map indicates that you can execute the file inside FireAMP.C. In the File Trajectory map, you can view the parent process for a file by selecting the infected Real 11

Cisco 500-275 Examsystem.

D. It shows hosts that display Indications of Compromise.


Explanation/Reference:answer explained properly.

QUESTION 35Which information does the File Trajectory feature show?

A. the time that the scan was runB. the name of the fileC. the hosts on which the file was seen and points in time where events occurredD. the protocol


Explanation/Reference:elaborated answer.

QUESTION 36FireAMP reports can be distributed by which mechanism?

A. emailB. cloud syncC. Windows file shareD. a Crystal Reports subscription


Correct Answer: ASection: Analysis and Reporting


Explanation

Explanation/Reference:answer is best.

QUESTION 37In a FireAMP Private Cloud installation, deployed connectors communicate with which server?

A. opadmin.<your domain>.comB. console.<your domain>.comC. cloud.<your domain>.comD. aws.<your domain>.com

Correct Answer: CSection: Private CloudExplanation

Explanation/Reference:authenticated.

QUESTION 38For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication?

A. 22B. 80C. 443D. 32137

Correct Answer: DSection: Private CloudExplanation

Explanation/Reference:fine answer.

QUESTION 39In a FireAMP Private Cloud installation, an administrator uses which server to configure the FireAMP Private Cloud properties?

A. opadmin.<your domain>.comB. console.<your domain>.com


C. cloud.<your domain>.comReal 13Cisco 500-275 Exam

D. aws.<your domain>.com

Correct Answer: ASection: Private CloudExplanation

Explanation/Reference:answer is real.

QUESTION 40Which tool can you use to query the history.db file?

A. CurlB. FireAMP_Helper.vbsC. cscriptD. SQLite

Correct Answer: DSection: FireAMP ConnectorExplanation

Explanation/Reference:well defined.

QUESTION 41Which option represents a configuration step on first use?


A. Verify, Contain, and ProtectB. User Account SetupC. System Defaults ConfigurationD. Event Filtering

Correct Answer: ASection: Console InterfaceExplanation


Explanation/Reference:to the point answer.

QUESTION 42Which option describes a requirement for using Remote File Fetch?

A. It must be done from a private cloud console.B. It can be done only over port 32137.C. The administrator must have two-step authentication enabled.D. The feature is integrated into the product, so no specific requirements must be fulfilled.


Explanation/Reference:accurate answer.

QUESTION 43Where is the File Fetch context menu option available?

A. anywhere a filename or SHA-256 hash is displayedB. only from the Filter Event View pageC. from the Audit Event pageD. from the configuration in the Business Defaults page

Correct Answer: ASection: Console InterfaceExplanation

Explanation/Reference:nice.

QUESTION 44Which set of actions would you take to create a simple custom detection?

A. Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA-256 values.B. Upload a packet capture; use a Snort rule; use a ClamAV rule.C. Manually input the PE header data, the MD-5 hash, and a list of MD-5 hashes.


D. Input the file and file name.

Correct Answer: ASection: Outbreak Control Menu ItemsExplanation


QUESTION 45Advanced custom signatures are written using which type of syntax?

A. Snort signaturesB. Firewall signaturesC. ClamAV signaturesD. bash shell


Explanation/Reference:straight answer.

QUESTION 46What is a valid data source for DFC Windows connector policy configuration?

A. SANSB. NIST


C. Emerging ThreatsD. Custom and Sourcefire

Correct Answer: DSection: Enpoint PoliciesExplanation



QUESTION 47Which hosts merit special consideration for crafting a policy?

A. end-user hostsB. domain controllersC. Linux serversD. none, because all hosts should get equal consideration

Correct Answer: BSection: Groups and DevelopmentExplanation

Explanation/Reference:answer is good.

QUESTION 48Which statement represents a best practice for deploying on Windows servers?

A. You should treat Windows servers like any other host in the deployment.B. You should obtain the Microsoft TechNet article that describes the proper exclusions for Windows servers.C. You should never configure exclusions for Windows servers.D. You should deploy FireAMP connectors only alongside existing antivirus software on Windows servers.

Correct Answer: BSection: Groups and DevelopmentExplanation

Explanation/Reference:valid answer.

QUESTION 49Incident responders use which policy mode for outbreak control?

A. AuditReal 8Cisco 500-275 Exam

B. ProtectC. Triage


D. Emergency

Correct Answer: CSection: Groups and DevelopmentExplanation

Explanation/Reference:sensual answer.

QUESTION 50Which question should be in your predeployment checklist?

A. How often are backup jobs run?B. Are any Linux servers being deployed?C. Who are the users of the hosts on which you will deploy?D. Which applications are installed on the hosts on which you will deploy?

Correct Answer: DSection: Groups and DevelopmentExplanation

Explanation/Reference:superb answer.

cisco.certkiller.500 275.v2015!03!28.by.jeannette.50q unprotected

Documents

fireamp overview

obvious answer

specific answer

iphonecorrect answer

emailcorrect answer

fireamp capability

fireamp product

fireamp connector9