‘Question Sot 4 QUESTION 1 ‘The FireAMP Mobile endpoint connector currently supports which mobile OS device? Frefox IMLS, Android iPhone poee Correct answer: © ‘Question 2 Whicn statement descnbes an advantage of tne FreaMP product? |A. Signatures are pushed to endpoints more quichy than other antivirus products. Superior detection algorithms on the endpoint Imit te amount of work the cloud must perform, CC. Itprovides enterprise visibly. D. Itrelies on sandboxing Correct answer: © ‘QUESTION 3 Which feature allows retrospective detection? A, Total Racal B. Cloud Recall C. Recall Alert D. Recall analysis Correct Anewert B ‘Question 4 Which statement describes an advantage of cloud-based detection? A. Limited customization allows for faster detection B. Fewerresources are required on the endpoint ©. Sanaboxing reduces the overall management overhead of the system. D. High-speed analytical engines on the endpoint imitthe amount of work the cloud must perfom. Correct answer: B ‘Question 5 ‘The FireAMP connector monitors the system for wnlch type of activity? A. Vulnerabilities Enforcement af usage policies CC. File operations: D. Authenticaton activity Correct answer: © ‘QUESTION 6 Which disposition can be retumed in response to a malware cloud lookup? A. Diety B. ViusC. Malware D. Infected Correct Answer: © ‘Question 7 Which option isa detecton technology that is used by FireAMP? A. fuzzy matening B. Norton Anevitus CC. network scans D. Exterminator Correct Answer: & ‘QuesTiON 8 Ifa fle's SHA.256 hash is sent to fhe cloud, but the cloud has never s2en the hash before, which disposition is returned? A. Clean B. Neutal C. Malware D. Unavailable Correct Answer: 5 ‘Question 9 Fle information is sent to the Sourcefire Collective Security Intaligence Cloud using which format? wos SHA flenanes SHA256 gop Correct Anewer: D‘Question Set 4 ‘QUESTION + ow coes application blocking enhance security? Itidentifes and logs usage. IRtracks appfeation abuse. It¢eletes identified apzlications. Itblocks vulrerable applications fom running, until they are patched, pop, Correst Answer: D ‘question 2 Which ost of actone would you take to ereato @ simple custom dotoction? A, Add a SHA-256 value; upload a fe to calculate @ SHA-256 value; upload a tex! fle hat containe SHA- 255 values. B. Unload packet capture; use a Snort rule; use a ClamAV rule. (C. Manually input the PE header data, the MD.S hash, and a ist of MDS hashes. D. Input the file and fle name. Correct Answer: A ‘Question 3 ‘Advanced custom signatures are writen using which type of syntax? A. Snort signatures 1B. Fircwall signatures CC. ClamaV signatures D. bash shell Correct Answer: C ‘QUESTION 4 ‘Won discussing the FiroAMP product, which orm does the azronym DFC represent? means Detectea Forensic Cause. Itmeans Duplicate File Contents. Itmeans Device Fiow Correlation. Iti notan acronym thet is associated withthe FreANP product pom, Correct answer: ‘QUESTION 5 Custom whitelisis are used for which purpose? ‘A. to speciy wtich files to alert on . to specify which files to delete CC. to specty which mies tolgnore DD. to specty wtich fies to sandbox Correct Answer: C‘question set1 Question ‘The FireAMP connector supports which proxy type? socks6 HITP_proxy ‘SOCKS5_flename socks? pom Correct Answer: B ‘question 2 What do policies enable you to do? specify a custom whitelist specify grou membership speci hosts to includ in reports specify which events to view Pome Correct Answer: A Question 3 Whats the default clean disposition cache setting? 4, 3600 . 604800 c. 10080 D. thour Correct Answer: B QUESTION 4 “The Update Window allowe you to perform which setion? Identify which hosts need te be updated email the user to downloada new client specify a timeframe when an upgrade can be started and stopped Update your loud instance pope Correct answer: ‘Question 5 Whatis a valid data source for DFC Windows connector policy configuration? SANS NIST Emergng Twreats Custom and Sourcefire popE Correct Answer: DQuestion Set ‘question 1 Which hosts merit special consideration for erating a policy? end-user hosts domain centrolers Linux servers: one, because all hsts ahoulé get equal consideration pomp Correct answer: 8 ‘question 2 Which statement represents a best practice for deploying on Windows servers? ‘A. You should treat Windows servers Ike any other host in the deployment. BB. You should obtain the Mierosof TechNet article thet deserbes the proper exclusions fer Windows CC. You should never configure exclusions for Windows servers. D. You should deploy FireAMP connectors only alongside existing antivirus software on Windows servers. Correct Answer: B ‘QuesTiON 3 Incident reependere uee whith poley mode for outbresk contro!? Aucit Protect Triage Emergency pom Correct answer: © ‘question 4 Which question should be in your predeployment checklist? ‘A. How often are backup jobs run? B. Are any Linux servers being deployed? CC. Whoare the users ofthe hosts on which you will deploy? 'D. Which applications are installed on the hosts on which you wil deploy? Correct Answer: D ‘Question 5 From the Deployment sereen, you can depley agents via which mechanism? ‘A. pushto client 8. zp instaliie CC. user dowrload from Sourcefire website or email D. precompiled RPM package Correct Answer: C ‘QUESTION 6 ‘Wat is he detaurt commancune switen connguraton, you run a connector instalation with no parameters? ‘A. /desktopicon 0 /startmeru 1 /eontextmenu 1 /skipde Oiskiptetra 01. {deshlopicon 1 /startmenu 0 /eontertmeru 0 /skipetc 0 lskiptetra & C. idesktopicon 0 /starimenu 0 /eontextmenu 0 /skipdtc 1 Iskiptetra + D. idesktopicon 1 /starmenu 0 /eontextmenu 0 /skipate 0 lskiptetra + Correct answer: A‘Question Set 4 ‘question 1 When you are viewing information about @ computer, what's displayed? A. the type of antivirus software thats installed BB. the intemal IP address (C. when the operating eystem wise intalled D. the console settings Correct Answer: 8 QuesTiON 2 ‘What isthe fist system that's infected witha particular maware called? A. Patient Zero B. Source . Infector D. Carrier Correct Answer: A ‘QUESTION 3 Which action can you take from the Detections/CGuarantine screen? A. Create a potty. B. Restore the detected fie. C. Runa report. D. Change computer group membership, Correct Answer: 8 ‘QuesTiON 4 How many days! worth of data do the widgets on the dashtoard page display? A. the previous 5 days of data B. the previous 6 days of deta CC. the previous 7 days of deta 1D. the number of days you setin the dashboard configuration Correct Anewor: © ‘QUESTION 5 Which type of actity is shown in the Device Trajectory page? A. the IP aderesses ofhosts on which a file was seen BB. the activity of the FifeANP console users CC. the hots that are inthe came group ao the solocted hoot D. fle creation Correct Answer: D ‘QUESTION 6 Which statement is true about the Device Trajectory feature? |A. It shows where the endpoint devices have moved in your environment by displaying each IP address that's devies hae had overtime,1B. A "plus" sign onthe File Trajectory map indieates that you can execute the fle inside Fire AMP. CC. In the File Trajectory map, you can view the parent process fora fle by selecting the infected system. 1D. It'shows nests mat aspiay indications of Compromise. Correct Answer: C ‘QuesTioN 7 How can customers feed new inteligence such as fles and hashes to FireaMP? ‘A. by uploading itto the FTP server BB. from the connector CC. through the management console D. by sendingit via email Correct Answer: C QUESTION 8 Which information does the Fie Trajectory feature show? ‘A. the time thatthe sean was run B. the neme ofthe fle CC. the hests on which the fle was seen and points in tme where events o¢curred D. the protocol Correct Answer: C ‘question 9 FiteAMP repors can be distributed by which mechanism? coud syne Windows fite share a Crystal Repors subscrotion pop Correct Answer: A‘Question Set 4 ‘Question 1 In FireAMP Private Cloud instalation, deployed comectors communicate with which server? A. epadmin.cyour domain=.com B. console..com CC. dloud. com Correct Anewer: © Comect answer: D ‘question 3 In FireAMP Private Cloud instalation, an administrator uses which server to configure the FreANP Pavate Clouc properues? ‘A. opadiin. com B. console com CC. cloud com Correct Answer: ‘QUESTION 4 In FireAMP Private Cloud instalation, which server does an administrator use to manage connector ppolcy and view events? ‘A. opadimin. com B. conzole. com Correct Answer: B ‘QUESTION § {A default FireAMP Private Cloud installation ean accommedats how many connectore over which period of time? A. 100 connectors over a 15-day period 1B. 1000 connecters over a 45-day period CC. 5000 connecters over a 10-day period D. 500 connectors over a 30-day period Correct Answer: D‘Question Sot 4 QUESTION + ‘The Accounts menu contains tems that are related to FreANP console accounts. Which menu allows you to-setthe default group policy? ‘Aut Log Users Applications Business pop Correct answer: D ‘question 2 Which statement about two-step authentication is tue? A. Iti the ably to use two separate passwords. B. itis the abilty to enable biometric authentication C. Itis the abilly tohavea passphrase sent to a mobile device. D. tis the abilty touse @ verification code in conjunction with the correct usemiame and password. Correct Answer: D ‘QUESTION 3 Which of these can you use for two-step authentication? |A. the Apple Authenticator app B. the Google Authenticator app C. aSecuriD token D. any RFC 1818 compatible application Correct answer: B‘Question Set 4 ‘QUESTION + When a user iniiates a scan, which types of scan are available as options? A 8 c. D. Correct Answer scheduled scan, thorough sean, quick sean, network scan iffy sean, overnight sean, scan when available, vulnerabiity scan flash scan, custom scan, ful scan none, because user-intiated scans are not alloned Question 2 ‘Which pair represents equvvalent processes wnose names afer, depenaing on the connector versicn that you are running? A 5 c. D. immunet_protect and tray agentere and sfc.exe ‘TETRAand SPERO ETHOS and SPERO cut FireaMP_Helpervbs script salite‘Question Set 4 ‘QuesTiON + Wich option represents a configuration step on frst use? A. Verity, Contain, and Protect B. User Account Setup CC. System Defauits Configuration D. Event Fittering Correct Answer: A question 2 \Wrich option describes a requirement for using Remote File Fetch? ‘A. Itmust be done from a private cloud console BB. It can be done only over port 32137. (C. The administrator must have two-step authentiction enabled, D. The feature is integrated into the product, so no specie requirements must be fulled. Correct Answer: C QUESTION 3 ‘Where is the File Fetch context menu option available? A. anywhere a filename or SHA256 hashis displayed ©. only fom he Filter Event View page CC. from the Audit Event page . ‘rom the configuration in the Business Defaults page Correct Answer: A ‘QUESTION + Where does an administrator goto get a copy ofa fetched fil? A. the Business Detaulis page BB. the File menu, folowed by Downleads CC. the File Repository D. the Search selection in ne Analysis menu Correct Answer: C ‘QUESTION 5 Wich FireAMP capability can tell you how malware has spread in a network? A. File Analysis B. Threat Root Cause C. File Trajectory D. Heat Map Correct Anewer: ©