Browse Exams Pricing

Exams500-285Questions

500-285 Exam Questions

66 real 500-285 exam questions with expert-verified answers and explanations. Page 1 of 2.

Question #1
Which option is true of the Packet Information portion of the Packet View screen?
Question #2
Which option is used to implement suppression in the Rule Management user interface?
Question #3
When you are editing an intrusion policy, how do you know that you have changes?
Question #4
FireSIGHT recommendations appear in which layer of the Policy Layers page?
Question #5
Host criticality is an example of which option?
Question #6
FireSIGHT uses three primary types of detection to understand the environment in which it is deployed. Which option is one of the detection types?
Question #7
When configuring FireSIGHT detection, an administrator would create a network discovery policy and set the action to "discover". Which option is a possible type of discovery?
Question #8
Which option is derived from the discovery component of FireSIGHT technology?
Question #9
The IP address ::/0 is equivalent to which IPv4 address and netmask?
Question #10
In addition to the discovery of new hosts, FireSIGHT can also perform which function?
Question #11
Which one of the following statements is true regarding tuned signatures?
Question #12
Which TCP stream reassembly mode disables TCP window-evasion checking?
Question #13
Which three values are used to calculate the risk rating for an event? (Choose three.)
Question #14
A context box opens when you click on an event icon in the Network File Trajectory map for a file. Which option is an element of the box?
Question #15
Which policy controls malware blocking configuration?
Question #16
Which statement is true regarding malware blocking over HTTP?
Question #17
Which option describes Spero file analysis?
Question #18
Which event source can have a default workflow configured?
Question #19
Where do you configure widget properties?
Question #20
Which option describes the two basic components of Sourcefire Snort rules?
Question #21
Which option is a valid whitelist evaluation value?
Question #22
Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?
Question #23
Correlation policy rules allow you to construct criteria for alerting on very specific conditions. Which option is an example of such a rule?
Question #24
Which option is a remediation module that comes with the Sourcefire System?
Question #25
What does the whitelist attribute value "not evaluated" indicate?
Question #26
Controlling simultaneous connections is a feature of which type of preprocessor?
Question #27
Which statement represents detection capabilities of the HTTP preprocessor?
Question #28
A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?
Question #29
Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?
Question #30
What does packet latency thresholding measure?
Question #31
What are the two categories of variables that you can configure in Object Management?
Question #32
Which option is true regarding the $HOME_NET variable?
Question #33
Which option is one of the three methods of updating the IP addresses in Sourcefire Security Intelligence?
Question #34
Which statement is true in regard to the Sourcefire Security Intelligence lists?
Question #35
How do you configure URL filtering?
Question #36
When adding source and destination ports in the Ports tab of the access control policy rule editor, which restriction is in place?
Question #37
Access control policy rules can be configured to block based on the conditions that you specify in each rule. Which behavior block response do you use if you want to deny and reset...
Question #38
Which option transmits policy-based alerts such as SNMP and syslog?
Question #39
Which statement is true when adding a network to an access control rule?
Question #40
Which option is true when configuring an access control rule?
Question #41
One of the goals of geolocation is to identify which option?
Question #42
Which option is not a characteristic of dashboard widgets or Context Explorer?
Question #43
Which statement describes the meaning of a red health status icon?
Question #44
What is the maximum timeout value for a browser session?
Question #45
Which statement regarding user exemptions is true?
Question #46
Remote access to the Defense Center database has which characteristic?
Question #47
The collection of health modules and their settings is known as which option?
Question #48
Context Explorer can be accessed by a subset of user roles. Which predefined user role is valid for FireSIGHT event access?
Question #49
When configuring an LDAP authentication object, which server type is available?
Question #50
Context Explorer can be accessed by a subset of user roles. Which predefined user role is not valid for FireSIGHT event access?

Page 1 of 2Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.