Which statement is true when adding a network to an access control rule?

A. You can select only source networks.

B. You must have preconfigured the network as an object.

C. You can select the source and destination networks or network groups.

D. You cannot include multiple networks or network groups as sources or destinations.

How do you configure URL filtering?

A. Add blocked URLs to the global blacklist.

B. Create a Security Intelligence object that contains the blocked URLs and add the object to the access control policy.

C. Create an access control rule and, on the URLs tab, select the URLs or URL categories that are to be blocked or allowed.

D. Create a variable.

FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?

A. protocol layer

B. application

C. objects

D. devices

When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery?

A. host

B. IPS event

C. anti-malware

D. networks

When configuring an LDAP authentication object, which server type is available?

A. Microsoft Active Directory

B. Yahoo

C. Oracle

D. SMTP

Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?

A. testing password strength when accessing an application

B. limiting general user access to administrative file shares

C. enforcing two-factor authentication for access to critical servers

D. issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one

Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

A. logging to database, SMS, SMTP, and SNMP

B. logging to database, SMTP, SNMP, and PCAP

C. logging to database, SNMP, syslog, and email

D. logging to database, PCAP, SMS, and SNMP

Which statement represents detection capabilities of the HTTP preprocessor?

A. You can configure it to blacklist known bad web servers.

B. You can configure it to normalize cookies in HTTP headers.

C. You can configure it to normalize image content types.

D. You can configure it to whitelist specific servers.

Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?

A. the rule group accordion

B. a filter bar

C. a link below the preprocessor heading

D. a button next to each preprocessor option that has a corresponding rule

Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?

A. The administrator can save the IPS policy with the TCP stream preprocessor turned off, but the rules requiring its operation will not function properly.

B. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.

C. The administrator will be prevented from changing the rule state of the rules that require the TCP stream preprocessor until the TCP stream preprocessor is enabled.

D. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the rules that require the TCP stream preprocessor will be turned off for the IPS policy.