web analytics

How does application blocking enhance security?

How does application blocking enhance security? A. It identifies and logs usage. B. It tracks application abuse. C. It deletes identified applications. D. It blocks vulnerable applications from running, until

How can customers feed new intelligence such as files and hashes to FireAMP?

How can customers feed new intelligence such as files and hashes to FireAMP? A. by uploading it to the FTP server B. from the connector C. through the management console

Where does an administrator go to get a copy of a fetched file?

Where does an administrator go to get a copy of a fetched file? A. the Business Defaults page B. the File menu, followed by Downloads C. the File Repository D.

Which FireAMP capability can tell you how malware has spread in a network?

Which FireAMP capability can tell you how malware has spread in a network? A. File Analysis B. Threat Root Cause C. File Trajectory D. Heat Map Answer: C

The FireAMP Mobile endpoint connector currently supports which mobile OS device?

The FireAMP Mobile endpoint connector currently supports which mobile OS device? A. Firefox B. HTML5 C. Android D. iPhone Answer: C

Which statement describes an advantage of the FireAMP product?

Which statement describes an advantage of the FireAMP product? A. Signatures are pushed to endpoints more quickly than other antivirus products. B. Superior detection algorithms on the endpoint limit the

Which feature allows retrospective detection?

Which feature allows retrospective detection? A. Total Recall B. Cloud Recall C. Recall Alert D. Recall Analysis Answer: B

Which statement describes an advantage of cloud-based detection?

Which statement describes an advantage of cloud-based detection? A. Limited customization allows for faster detection. B. Fewer resources are required on the endpoint. C. Sandboxing reduces the overall management overhead

The FireAMP connector monitors the system for which type of activity?

The FireAMP connector monitors the system for which type of activity? A. Vulnerabilities B. Enforcement of usage policies C. File operations D. Authentication activity Answer: C

Which disposition can be returned in response to a malware cloud lookup?

Which disposition can be returned in response to a malware cloud lookup? A. Dirty B. Virus C. Malware D. Infected Answer: C

Which option is a detection technology that is used by FireAMP?

Which option is a detection technology that is used by FireAMP? A. fuzzy matching B. Norton AntiVirus C. network scans D. Exterminator Answer: A

If a file’s SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned?

If a file’s SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned? A. Clean B. Neutral C. Malware D.

File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?

File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format? A. MD5 B. SHA-1 C. filenames D. SHA-256 Answer: D

In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events?

In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events? A. opadmin..com B. console..com C. cloud..com D. aws..com Answer: B

A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time?

A default FireAMP Private Cloud installation can accommodate how many connectors over which period of time? A. 100 connectors over a 15-day period B. 1000 connectors over a 45-day period

The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy?

The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy? A. Audit Log B. Users C. Applications D.

Which of these can you use for two-step authentication?

Which of these can you use for two-step authentication? A. the Apple Authenticator app B. the Google Authenticator app C. a SecurID token D. any RFC 1918 compatible application Answer:

Which statement about two-step authentication is true?

Which statement about two-step authentication is true? A. It is the ability to use two separate passwords. B. It is the ability to enable biometric authentication. C. It is the

When a user initiates a scan, which types of scan are available as options?

When a user initiates a scan, which types of scan are available as options? A. scheduled scan, thorough scan, quick scan, network scan B. jiffy scan, overnight scan, scan when

Which pair represents equivalent processes whose names differ, depending on the connector version that you are running?

Which pair represents equivalent processes whose names differ, depending on the connector version that you are running? A. immunet_protect and iptray B. agent.exe and sfc.exe C. TETRA and SPERO D.

When discussing the FireAMP product, which term does the acronym DFC represent?

When discussing the FireAMP product, which term does the acronym DFC represent? A. It means Detected Forensic Cause. B. It means Duplicate File Contents. C. It means Device Flow Correlation.

Custom whitelists are used for which purpose?

Custom whitelists are used for which purpose? A. to specify which files to alert on B. to specify which files to delete C. to specify which files to ignore D.

The FireAMP connector supports which proxy type?

The FireAMP connector supports which proxy type? A. SOCKS6 B. HTTP_proxy C. SOCKS5_filename D. SOCKS7 Answer: B

What do policies enable you to do?

What do policies enable you to do? A. specify a custom whitelist B. specify group membership C. specify hosts to include in reports D. specify which events to view Answer:

What is the default clean disposition cache setting?

What is the default clean disposition cache setting? A. 3600 B. 604800 C. 10080 D. 1 hour Answer: B

The Update Window allows you to perform which action?

The Update Window allows you to perform which action? A. identify which hosts need to be updated B. email the user to download a new client C. specify a timeframe

From the Deployment screen, you can deploy agents via which mechanism?

From the Deployment screen, you can deploy agents via which mechanism? A. push to client B. .zip install file C. user download from Sourcefire website or email D. precompiled RPM

What is the default command-line switch configuration, if you run a connector installation with no parameters?

What is the default command-line switch configuration, if you run a connector installation with no parameters? A. /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0 B. /desktopicon 1

When you are viewing information about a computer, what is displayed?

When you are viewing information about a computer, what is displayed? A. the type of antivirus software that is installed B. the internal IP address C. when the operating system

What is the first system that is infected with a particular malware called?

What is the first system that is infected with a particular malware called? A. Patient Zero B. Source C. Infector D. Carrier Answer: A

Which action can you take from the Detections/Quarantine screen?

Which action can you take from the Detections/Quarantine screen? A. Create a policy. B. Restore the detected file. C. Run a report. D. Change computer group membership. Answer: B

How many days’ worth of data do the widgets on the dashboard page display?

How many days’ worth of data do the widgets on the dashboard page display? A. the previous 5 days of data B. the previous 6 days of data C. the

Which type of activity is shown in the Device Trajectory page?

Which type of activity is shown in the Device Trajectory page? A. the IP addresses of hosts on which a file was seen B. the activity of the FireAMP console

Which statement is true about the Device Trajectory feature?

Which statement is true about the Device Trajectory feature? A. It shows where the endpoint devices have moved in your environment by displaying each IP address that a device has

Which information does the File Trajectory feature show?

Which information does the File Trajectory feature show? A. the time that the scan was run B. the name of the file C. the hosts on which the file was

FireAMP reports can be distributed by which mechanism?

FireAMP reports can be distributed by which mechanism? A. email B. cloud sync C. Windows file share D. a Crystal Reports subscription Answer: A

In a FireAMP Private Cloud installation, deployed connectors communicate with which server?

In a FireAMP Private Cloud installation, deployed connectors communicate with which server? A. opadmin..com B. console..com C. cloud..com D. aws..com Answer: C

For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication?

For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication? A. 22 B. 80 C. 443 D. 32137 Answer: D

In a FireAMP Private Cloud installation, an administrator uses which server to configure the FireAMP Private Cloud properties?

In a FireAMP Private Cloud installation, an administrator uses which server to configure the FireAMP Private Cloud properties? A. opadmin..com B. console..com C. cloud..com D. aws..com Answer: A

Which tool can you use to query the history.db file?

Which tool can you use to query the history.db file? A. Curl B. FireAMP_Helper.vbs C. cscript D. SQLite Answer: D

Which option represents a configuration step on first use?

Which option represents a configuration step on first use? A. Verify, Contain, and Protect B. User Account Setup C. System Defaults Configuration D. Event Filtering Answer: A

Which option describes a requirement for using Remote File Fetch?

Which option describes a requirement for using Remote File Fetch? A. It must be done from a private cloud console. B. It can be done only over port 32137. C.

Where is the File Fetch context menu option available?

Where is the File Fetch context menu option available? A. anywhere a filename or SHA-256 hash is displayed B. only from the Filter Event View page C. from the Audit

Which set of actions would you take to create a simple custom detection?

Which set of actions would you take to create a simple custom detection? A. Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file

Advanced custom signatures are written using which type of syntax?

Advanced custom signatures are written using which type of syntax? A. Snort signatures B. Firewall signatures C. ClamAV signatures D. bash shell Answer: C

What is a valid data source for DFC Windows connector policy configuration?

What is a valid data source for DFC Windows connector policy configuration? A. SANS B. NIST C. Emerging Threats D. Custom and Sourcefire Answer: D

Which hosts merit special consideration for crafting a policy?

Which hosts merit special consideration for crafting a policy? A. end-user hosts B. domain controllers C. Linux servers D. none, because all hosts should get equal consideration Answer: B

Which statement represents a best practice for deploying on Windows servers?

Which statement represents a best practice for deploying on Windows servers? A. You should treat Windows servers like any other host in the deployment. B. You should obtain the Microsoft

Incident responders use which policy mode for outbreak control?

Incident responders use which policy mode for outbreak control? A. Audit B. Protect C. Triage D. Emergency Answer: C

Which question should be in your predeployment checklist?

Which question should be in your predeployment checklist? A. How often are backup jobs run? B. Are any Linux servers being deployed? C. Who are the users of the hosts