1. Home
  2. Cisco
  3. 500-285

Cisco 500-285 Online Practice Questions and Exam Preparation

500-285 Exam Details

  • Exam Code
    :500-285
  • Exam Name
    :Securing Cisco Networks with Sourcefire Intrusion Prevention System
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :60 Q&As
  • Last Updated
    :Jan 12, 2026

Cisco 500-285 Online Questions & Answers

  • Question 1:

    What does packet latency thresholding measure?

    A. the total elapsed time it takes to process a packet
    B. the amount of time it takes for a rule to process
    C. the amount of time it takes to process an event
    D. the time span between a triggered event and when the packet is dropped

  • Question 2:

    A one-to-many type of scan, in which an attacker uses a single host to scan a single port on multiple target hosts, indicates which port scan type?

    A. port scan
    B. portsweep
    C. decoy port scan
    D. ACK scan

  • Question 3:

    Controlling simultaneous connections is a feature of which type of preprocessor?

    A. rate-based attack prevention
    B. detection enhancement
    C. TCP and network layer preprocessors
    D. performance settings

  • Question 4:

    Suppose an administrator is configuring an IPS policy and attempts to enable intrusion rules that require the operation of the TCP stream preprocessor, but the TCP stream preprocessor is turned off. Which statement is true in this situation?

    A. The administrator can save the IPS policy with the TCP stream preprocessor turned off, but the rules requiring its operation will not function properly.
    B. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the TCP stream preprocessor will be turned on for the IPS policy.
    C. The administrator will be prevented from changing the rule state of the rules that require the TCP stream preprocessor until the TCP stream preprocessor is enabled.
    D. When the administrator enables the rules and then attempts to save the IPS policy, the administrator will be prompted to accept that the rules that require the TCP stream preprocessor will be turned off for the IPS policy.

  • Question 5:

    Which feature of the preprocessor configuration pages lets you quickly jump to a list of the rules associated with the preprocessor that you are configuring?

    A. the rule group accordion
    B. a filter bar
    C. a link below the preprocessor heading
    D. a button next to each preprocessor option that has a corresponding rule

  • Question 6:

    Which statement represents detection capabilities of the HTTP preprocessor?

    A. You can configure it to blacklist known bad web servers.
    B. You can configure it to normalize cookies in HTTP headers.
    C. You can configure it to normalize image content types.
    D. You can configure it to whitelist specific servers.

  • Question 7:

    Which option is a remediation module that comes with the Sourcefire System?

    A. Cisco IOS Null Route
    B. Syslog Route
    C. Nmap Route Scan
    D. Response Group

  • Question 8:

    Which list identifies the possible types of alerts that the Sourcefire System can generate as notification of events or policy violations?

    A. logging to database, SMS, SMTP, and SNMP
    B. logging to database, SMTP, SNMP, and PCAP
    C. logging to database, SNMP, syslog, and email
    D. logging to database, PCAP, SMS, and SNMP

  • Question 9:

    Which statement is true when network traffic meets the criteria specified in a correlation rule?

    A. Nothing happens, because you cannot assign a group of rules to a correlation policy.
    B. The network traffic is blocked.
    C. The Defense Center generates a correlation event and initiates any configured responses.
    D. An event is logged to the Correlation Policy Management table.

  • Question 10:

    What does the whitelist attribute value "not evaluated" indicate?

    A. The host is not a target of the whitelist.
    B. The host could not be evaluated because no profile exists for it.
    C. The whitelist status could not be updated because the correlation policy it belongs to is not enabled.
    D. The host is not on a monitored network segment.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 500-285 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.