Proper study guides for Renew Cisco Securing Cisco Networks with Sourcefire IPS certified begins with Cisco 500-285 preparation products which designed to deliver the Simulation 500-285 questions by making you pass the 500-285 test at your first time. Try the free 500-285 demo right now.
2026 New 500-285 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/500-285/
Q1. What does packet latency thresholding measure?
A. the total elapsed time it takes to process a packet
B. the amount of time it takes for a rule to process
C. the amount of time it takes to process an event
D. the time span between a triggered event and when the packet is dropped
Answer: A
Q2. Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?
A. testing password strength when accessing an application
B. limiting general user access to administrative file shares
C. enforcing two-factor authentication for access to critical servers
D. issuing an alert if a noncompliant operating system is detected or if a host operating system changes to a noncompliant operating system when it was previously profiled as a compliant one
Answer: D
Q3. In addition to the discovery of new hosts, FireSIGHT can also perform which function?
A. block traffic
B. determine which users are involved in monitored connections
C. discover information about users
D. route traffic
Answer: B
Q4. Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?
A. the rule group accordion
B. a filter bar
C. a link below the preprocessor heading
D. a button next to each preprocessor option that has a corresponding rule
Answer: C
Q5. Controlling simultaneous connections is a feature of which type of preprocessor?
A. rate-based attack prevention
B. detection enhancement
C. TCP and network layer preprocessors
D. performance settings
Answer: A
Q6. FireSIGHT recommendations appear in which layer of the Policy Layers page?
A. Layer Summary
B. User Layers
C. Built-In Layers
D. FireSIGHT recommendations do not show up as a layer.
Answer: C
Q7. How do you configure URL filtering?
A. Add blocked URLs to the global blacklist.
B. Create a Security Intelligence object that contains the blocked URLs and add the object to the access control policy.
C. Create an access control rule and, on the URLs tab, select the URLs or URL categories
that are to be blocked or allowed.
D. Create a variable.
Answer: C
Q8. Which option can you enter in the Search text box to look for the trajectory of a particular file?
A. the MD5 hash value of the file
B. the SHA-256 hash value of the file
C. the URL of the file
D. the SHA-512 hash value of the file
Answer: B
Q9. Which event source can have a default workflow configured?
A. user events
B. discovery events
C. server events
D. connection events
Answer: B
Q10. Which option describes the two basic components of Sourcefire Snort rules?
A. preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place
B. a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol
C. a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers
D. a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol
Answer: D