500-285 Securing Cisco Networks with Sourcefire IPS Question and Answers

Layer Summary

User Layers

Built-In Layers

FireSIGHT recommendations do not show up as a layer.

The global blacklist universally allows all traffic through the managed device.

The global whitelist cannot be edited.

IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

The Security Intelligence lists cannot be updated.

subscribe to a URL intelligence feed

subscribe to a VRT

upload a list that you create

automatically upload lists from a network share

logging to database, SMS, SMTP, and SNMP

logging to database, SMTP, SNMP, and PCAP

logging to database, SNMP, syslog, and email

logging to database, PCAP, SMS, and SNMP

Cisco IOS Null Route

Syslog Route

Nmap Route Scan

Response Group

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol