cisco 500-275 practice test

Question 1 Topic 1

Topic 1
The FireAMP Mobile endpoint connector currently supports which mobile OS device?

• A. Firefox
• B. HTML5
• C. Android
• D. iPhone

Question 2 Topic 1

Topic 1
Which statement describes an advantage of the FireAMP product?

• A. Signatures are pushed to endpoints more quickly than other antivirus products.
• B. Superior detection algorithms on the endpoint limit the amount of work the cloud must perform.
• C. It provides enterprise visibility.
• D. It relies on sandboxing.

Question 3 Topic 1

Topic 1
Which feature allows retrospective detection?

• A. Total Recall
• B. Cloud Recall
• C. Recall Alert
• D. Recall Analysis

Question 4 Topic 1

Topic 1
Which statement describes an advantage of cloud-based detection?

• A. Limited customization allows for faster detection.
• B. Fewer resources are required on the endpoint.
• C. Sandboxing reduces the overall management overhead of the system.
• D. High-speed analytical engines on the endpoint limit the amount of work the cloud must perform.

Question 5 Topic 1

Topic 1
The FireAMP connector monitors the system for which type of activity?

• A. Vulnerabilities
• B. Enforcement of usage policies
• C. File operations
• D. Authentication activity

Question 6 Topic 1

Topic 1
Which disposition can be returned in response to a malware cloud lookup?

• A. Dirty
• B. Virus
• C. Malware
• D. Infected

Question 7 Topic 1

Topic 1
Which option is a detection technology that is used by FireAMP?

• A. fuzzy matching
• B. Norton AntiVirus
• C. network scans
• D. Exterminator

Question 8 Topic 1

Topic 1
If a file's SHA-256 hash is sent to the cloud, but the cloud has never seen the hash before, which disposition is returned?

• A. Clean
• B. Neutral
• C. Malware
• D. Unavailable

Question 9 Topic 1

Topic 1
File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?
A. MD5
B. SHA-1
C. filenames
D. SHA-256

Question 10 Topic 2

Topic 2
How does application blocking enhance security?

• A. It identifies and logs usage.
• B. It tracks application abuse.
• C. It deletes identified applications.
• D. It blocks vulnerable applications from running, until they are patched.

Question 11 Topic 2

Topic 2
Which set of actions would you take to create a simple custom detection?

• A. Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA-256 values.
• B. Upload a packet capture; use a Snort rule; use a ClamAV rule.
• C. Manually input the PE header data, the MD-5 hash, and a list of MD-5 hashes.
• D. Input the file and file name.

Question 12 Topic 2

Topic 2
Advanced custom signatures are written using which type of syntax?

• A. Snort signatures
• B. Firewall signatures
• C. ClamAV signatures
• D. bash shell

Question 13 Topic 2

Topic 2
When discussing the FireAMP product, which term does the acronym DFC represent?

• A. It means Detected Forensic Cause.
• B. It means Duplicate File Contents.
• C. It means Device Flow Correlation.
• D. It is not an acronym that is associated with the FireAMP product.

Question 14 Topic 2

Topic 2
Custom whitelists are used for which purpose?
A. to specify which files to alert on
B. to specify which files to delete
C. to specify which files to ignore
D. to specify which files to sandbox

Question 15 Topic 3

Topic 3
The FireAMP connector supports which proxy type?

• A. SOCKS6
• B. HTTP_proxy
• C. SOCKS5_filename
• D. SOCKS7