500-285 Exam Dumps - Cisco Additional Online Exams Questions and Answers

preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

the directional operator in the rule header

the "flow" rule option

specification of the source and destination ports in the rule header

The detection engine evaluates all sides of a TCP communication regardless of the rule options.

the location of any IP address

the location of a MAC address

the location of a TCP connection

the location of a routable IP address

Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.

Context Explorer can be added as a widget to a dashboard.

Widgets offer users an at-a-glance view of their environment.

Widgets are offered to all users, whereas Context Explorer is limited to a few roles.

inline

switched

routed

grouped

Layer Summary

User Layers

Built-In Layers

FireSIGHT recommendations do not show up as a layer.

Rule Category

Global

Source

Protocol

connection event table view

network profile

host profile

authentication objects

0.0.0.0

0.0.0.0/0

0.0.0.0/24

The IP address::/0 is not valid IPv6 syntax.