Cisco 500-290 Dumps
Exam: IPS Express Security for Engineers
Cisco 500-290 Exam Tutorial
Question No : 1
When you are editing an intrusion policy, how do you know that you have changes?
A. The Commit Changes button is enabled.
B. A system message notifies you.
C. You are prompted to save your changes on every screen refresh.
D. A yellow, triangular icon displays next to the Policy Information option in the navigation panel.
Question No : 2
Which statement is true regarding malware blocking over HTTP?
A. It can be done only in the download direction.
B. It can be done only in the upload direction.
C. It can be done in both the download and upload direction.
D. HTTP is not a supported protocol for malware blocking.
Question No : 3
What is the maximum timeout value for a browser session?
A. 60 minutes
B. 120 minutes
C. 1024 minutes
D. 1440 minutes
Question No : 4
Cisco FireSIGHT can provide visibility into which three types of information that competing
products cannot? (Choose three.)
A. client-side applications
C. DoS attacks
D. mobile devices
E. database queries
F. VM communications
Question No : 5
Controlling simultaneous connections is a feature of which type of preprocessor?
A. rate-based attack prevention
B. detection enhancement
C. TCP and network layer preprocessors
D. performance settings
Question No : 6
Which interface type allows for VLAN tagging?
C. high-availability link
Question No : 7
Which statement is true when adding a network to an access control rule?
A. You can select only source networks.
B. You must have preconfigured the network as an object.
C. You can select the source and destination networks or network groups.
D. You cannot include multiple networks or network groups as sources or destinations.
Question No : 8
FireSIGHT recommendations appear in which layer of the Policy Layers page?
A. Layer Summary
B. User Layers
C. Built-In Layers
D. FireSIGHT recommendations do not show up as a layer.
Question No : 9
Which option is true when configuring an access control rule?
A. You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.
B. You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses.
C. You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.
D. You can use geolocation criteria to specify source and destination IP addresses by continent but not by country.
Question No : 10
According to Gartner, which criteria distinguish a next-generation IPS?
A. Agile Security engine, VPN, and context awareness
B. firewall capabilities, full-stack visibility, and content awareness
C. content awareness, contextual awareness, and Agile Security engine
D. full-stack visibility, contextual awareness, and network access control
Question No : 11
Context Explorer can be accessed by a subset of user roles. Which predefined user role is
not valid for FireSIGHT event access?
B. Intrusion Administrator
C. Security Analyst
D. Security Analyst (Read-Only)
Question No : 12
In addition to the discovery of new hosts, FireSIGHT can also perform which function?
A. block traffic
B. determine which users are involved in monitored connections
C. discover information about users
D. route traffic
Question No : 13
A user discovery agent can be installed on which platform?
Question No : 14
Access control policy rules can be configured to block based on the conditions that you
specify in each rule. Which behavior block response do you use if you want to deny and
reset the connection of HTTP traffic that meets the conditions of the access control rule?
A. interactive block with reset
B. interactive block
D. block with reset
Question No : 15
Which option is used to implement suppression in the Rule Management user interface?
A. Rule Category
Question No : 16
The IP address ::/0 is equivalent to which IPv4 address and netmask?
D. The IP address ::/0 is not valid IPv6 syntax.
Question No : 17
Host criticality is an example of which option?
A. a default whitelist
B. a default traffic profile
C. a host attribute
D. a correlation policy
Question No : 18
Which Cisco AMP deployment would you recommend for advanced customers that want
comprehensive threat protection, investigation, and response?
B. AMP for MX
C. AMP for Networks
D. AMP for VPN
Question No : 19
Which statement describes the meaning of a red health status icon?
A. A critical threshold has been exceeded.
B. At least one health module has failed.
C. A health policy has been disabled on a monitored device.
D. A warning threshold has been exceeded.
Question No : 20
Which option can you enter in the Search text box to look for the trajectory of a particular
A. the MD5 hash value of the file
B. the SHA-256 hash value of the file
C. the URL of the file
D. the SHA-512 hash value of the file