Deck 47: Designing Cisco Unified Contact Center Enterprise (UCCED)

A) SOCKS6
B) HTTP_proxy
C) SOCKS5_filename
D) SOCKS7

A) Limited customization allows for faster detection.
B) Fewer resources are required on the endpoint.
C) Sandboxing reduces the overall management overhead of the system.
D) High-speed analytical engines on the endpoint limit the amount of work the cloud must perform.

A) 3600
B) 604800
C) 10080
D) 1 hour

A) Vulnerabilities
B) Enforcement of usage policies
C) File operations
D) Authentication activity

A) specify a custom whitelist
B) specify group membership
C) specify hosts to include in reports
D) specify which events to view

A) It means Detected Forensic Cause.
B) It means Duplicate File Contents.
C) It means Device Flow Correlation.
D) It is not an acronym that is associated with the FireAMP product.

A) Firefox
B) HTML5
C) Android
D) iPhone

A) MD5
B) SHA-1
C) filenames
D) SHA-256

A) It identifies and logs usage.
B) It tracks application abuse.
C) It deletes identified applications.
D) It blocks vulnerable applications from running, until they are patched.

A) to specify which files to alert on
B) to specify which files to delete
C) to specify which files to ignore
D) to specify which files to sandbox

A) fuzzy matching
B) Norton AntiVirus
C) network scans
D) Exterminator

A) Snort signatures
B) Firewall signatures
C) ClamAV signatures
D) bash shell

A) SANS
B) NIST
C) Emerging Threats
D) Custom and Sourcefire

A) Signatures are pushed to endpoints more quickly than other antivirus products.
B) Superior detection algorithms on the endpoint limit the amount of work the cloud must perform.
C) It provides enterprise visibility.
D) It relies on sandboxing.

A) Dirty
B) Virus
C) Malware
D) Infected

A) Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA-256 values.
B) Upload a packet capture; use a Snort rule; use a ClamAV rule.
C) Manually input the PE header data, the MD-5 hash, and a list of MD-5 hashes.
D) Input the file and file name.

A) Total Recall
B) Cloud Recall
C) Recall Alert
D) Recall Analysis

A) end-user hosts
B) domain controllers
C) Linux servers
D) none, because all hosts should get equal consideration

A) identify which hosts need to be updated
B) email the user to download a new client
C) specify a timeframe when an upgrade can be started and stopped
D) update your cloud instance

A) It is the ability to use two separate passwords.
B) It is the ability to enable biometric authentication.
C) It is the ability to have a passphrase sent to a mobile device.
D) It is the ability to use a verification code in conjunction with the correct username and password.

A) the IP addresses of hosts on which a file was seen
B) the activity of the FireAMP console users
C) the hosts that are in the same group as the selected host
D) file creation

A) You should treat Windows servers like any other host in the deployment.
B) You should obtain the Microsoft TechNet article that describes the proper exclusions for Windows servers.
C) You should never configure exclusions for Windows servers.
D) You should deploy FireAMP connectors only alongside existing antivirus software on Windows servers.

A) Create a policy.
B) Restore the detected file.
C) Run a report.
D) Change computer group membership.

A) the time that the scan was run
B) the name of the file
C) the hosts on which the file was seen and points in time where events occurred
D) the protocol

A) Patient Zero
B) Source
C) Infector
D) Carrier

A) the Apple Authenticator app
B) the Google Authenticator app
C) a SecurID token
D) any RFC 1918 compatible application

A) the previous 5 days of data
B) the previous 6 days of data
C) the previous 7 days of data
D) the number of days you set in the dashboard configuration

A) scheduled scan, thorough scan, quick scan, network scan
B) jiffy scan, overnight scan, scan when available, vulnerability scan
C) flash scan, custom scan, full scan
D) none, because user-initiated scans are not allowed

A) Audit Log
B) Users
C) Applications
D) Business

A) push to client
B) .zip install file
C) user download from Sourcefire website or email
D) precompiled RPM package

A) by uploading it to the FTP server
B) from the connector
C) through the management console
D) by sending it via email

A) Audit
B) Protect
C) Triage
D) Emergency

A) email
B) cloud sync
C) Windows file share
D) a Crystal Reports subscription

A) 100 connectors over a 15-day period
B) 1000 connectors over a 45-day period
C) 5000 connectors over a 10-day period
D) 500 connectors over a 30-day period

A) /desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0
B) /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 0
C) /desktopicon 0 /startmenu 0 /contextmenu 0 /skipdfc 1 /skiptetra 1
D) /desktopicon 1 /startmenu 0 /contextmenu 0 /skipdfc 0 /skiptetra 1

A) Curl
B) FireAMP_Helper.vbs
C) cscript
D) SQLite

A) the type of antivirus software that is installed
B) the internal IP address
C) when the operating system was installed
D) the console settings

A) immunet_protect and iptray
B) agent.exe and sfc.exe
C) TETRA and SPERO
D) ETHOS and SPERO

A) How often are backup jobs run?
B) Are any Linux servers being deployed?
C) Who are the users of the hosts on which you will deploy?
D) Which applications are installed on the hosts on which you will deploy?

A) The protocol is restricted to TCP only.
B) The protocol is restricted to UDP only.
C) The protocol is restricted to TCP or UDP.
D) The protocol is restricted to TCP and UDP.

A) protocol layer
B) application
C) objects
D) devices

A) The Commit Changes button is enabled.
B) A system message notifies you.
C) You are prompted to save your changes on every screen refresh.
D) A yellow, triangular icon displays next to the Policy Information option in the navigation panel.

A) Rule Category
B) Global
C) Source
D) Protocol

A) 0.0.0.0
B) 0.0.0.0/0
C) 0.0.0.0/24
D) The IP address ::/0 is not valid IPv6 syntax.

A) connection event table view
B) network profile
C) host profile
D) authentication objects

A) provides a table view of events
B) allows you to download a PCAP formatted file of the session that triggered the event
C) displays packet data in a format based on TCP/IP layers
D) shows you the user that triggered the event

A) block traffic
B) determine which users are involved in monitored connections
C) discover information about users
D) route traffic

A) opadmin..com
B) console..com
C) cloud..com
D) aws..com

A) a default whitelist
B) a default traffic profile
C) a host attribute
D) a correlation policy

A) the Defense Center
B) FireSIGHT
C) the managed device
D) the host

A) File Analysis
B) Threat Root Cause
C) File Trajectory
D) Heat Map

A) the location of any IP address
B) the location of a MAC address
C) the location of a TCP connection
D) the location of a routable IP address

A) Layer Summary
B) User Layers
C) Built-In Layers
D) FireSIGHT recommendations do not show up as a layer.

A) You can select only source networks.
B) You must have preconfigured the network as an object.
C) You can select the source and destination networks or network groups.
D) You cannot include multiple networks or network groups as sources or destinations.

A) Context Explorer is a tool used primarily by analysts looking for trends across varying periods of time.
B) Context Explorer can be added as a widget to a dashboard.
C) Widgets offer users an at-a-glance view of their environment.
D) Widgets are offered to all users, whereas Context Explorer is limited to a few roles.

A) interactive block with reset
B) interactive block
C) block
D) block with reset

A) host
B) IPS event
C) anti-malware
D) networks

A) You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.
B) You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses.
C) You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.
D) You can use geolocation criteria to specify source and destination IP addresses by continent but not by country.

A) Add blocked URLs to the global blacklist.
B) Create a Security Intelligence object that contains the blocked URLs and add the object to the access control policy.
C) Create an access control rule and, on the URLs tab, select the URLs or URL categories that are to be blocked or allowed.
D) Create a variable.

A) a method of analyzing the SHA-256 hash of a file to determine whether a file is malicious or not
B) a method of analyzing the entire contents of a file to determine whether it is malicious or not
C) a method of analyzing certain file characteristics, such as metadata and header information, to determine whether a file is malicious or not
D) a method of analyzing a file by executing it in a sandbox environment and observing its behaviors to determine if it is malicious or not

A) event classification
B) priority.conf file
C) host criticality selection
D) through Context Explorer

A) from Context Explorer
B) from the Analysis menu
C) from the cloud
D) from the Defense Center

A) Administrator
B) Intrusion Administrator
C) Maintenance User
D) Database Administrator

A) file policy
B) malware policy
C) access control policy
D) IPS policy

A) user events
B) discovery events
C) server events
D) connection events

A) preprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place
B) a rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol
C) a rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers
D) a rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

A) the MD5 hash value of the file
B) the SHA-256 hash value of the file
C) the URL of the file
D) the SHA-512 hash value of the file

A) Microsoft Active Directory
B) Yahoo
C) Oracle
D) SMTP

A) Non-administrators can be made exempt on an individual basis.
B) Exempt users have a browser session timeout restriction of 24 hours.
C) Administrators can be exempt from any browser session timeout value.
D) By default, all users cannot be exempt from any browser session timeout value.

A) OpenLDAP
B) Windows
C) RADIUS
D) Ubuntu

A) 60 minutes
B) 120 minutes
C) 1024 minutes
D) 1440 minutes

A) dashboard properties
B) the Widget Properties button in the title bar of each widget
C) the Local Configuration page
D) Context Explorer

A) the directional operator in the rule header
B) the "flow" rule option
C) specification of the source and destination ports in the rule header
D) The detection engine evaluates all sides of a TCP communication regardless of the rule options.

A) Scan
B) Application Protocol
C) Threat Name
D) File Name

A) Administrator
B) Intrusion Administrator
C) Security Analyst
D) Security Analyst (Read-Only)

A) read/write
B) read-only
C) Postgres
D) Estreamer

A) appliance policy
B) system policy
C) correlation policy
D) health policy

A) It can be done only in the download direction.
B) It can be done only in the upload direction.
C) It can be done in both the download and upload direction.
D) HTTP is not a supported protocol for malware blocking.

A) A critical threshold has been exceeded.
B) At least one health module has failed.
C) A health policy has been disabled on a monitored device.
D) A warning threshold has been exceeded.