1. Home
  2. Cisco
  3. 500-285

Securing Cisco Networks with Sourcefire Intrusion Prevention System

Exam Details

  • Exam Code
    :500-285
  • Exam Name
    :Securing Cisco Networks with Sourcefire Intrusion Prevention System
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :60 Q&As
  • Last Updated
    :Mar 23, 2025

Cisco Cisco Certifications 500-285 Questions & Answers

  • Question 21:

    Alert priority is established in which way?

    A. event classification

    B. priority.conf file

    C. host criticality selection

    D. through Context Explorer

  • Question 22:

    Which option describes the two basic components of Sourcefire Snort rules?

    A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

    B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

    C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

    D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

  • Question 23:

    Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

    A. Administrator

    B. Intrusion Administrator

    C. Security Analyst

    D. Security Analyst (Read-Only)

  • Question 24:

    Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?

    A. Administrator

    B. Intrusion Administrator

    C. Maintenance User

    D. Database Administrator

  • Question 25:

    The collection of health modules and their settings is known as which option?

    A. appliance policy

    B. system policy

    C. correlation policy

    D. health policy

  • Question 26:

    Which statement describes the meaning of a red health status icon?

    A. A critical threshold has been exceeded.

    B. At least one health module has failed.

    C. A health policy has been disabled on a monitored device.

    D. A warning threshold has been exceeded.

  • Question 27:

    Which event source can have a default workflow configured?

    A. user events

    B. discovery events

    C. server events

    D. connection events

  • Question 28:

    Where do you configure widget properties?

    A. dashboard properties

    B. the Widget Properties button in the title bar of each widget

    C. the Local Configuration page

    D. Context Explorer

  • Question 29:

    Which policy controls malware blocking configuration?

    A. file policy

    B. malware policy

    C. access control policy

    D. IPS policy

  • Question 30:

    What is the maximum timeout value for a browser session?

    A. 60 minutes

    B. 120 minutes

    C. 1024 minutes

    D. 1440 minutes

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 500-285 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.