File information is sent to the Sourcefire Collective Security Intelligence Cloud using which format?
A. MD5
B. SHA-1
C. filenames
D. SHA-256
When discussing the FireAMP product, which term does the acronym DFC represent?
A. It means Detected Forensic Cause.
B. It means Duplicate File Contents.
C. It means Device Flow Correlation.
D. It is not an acronym that is associated with the FireAMP product.
What is the default clean disposition cache setting?
A. 3600
B. 604800
C. 10080
D. 1 hour
Which statement represents a best practice for deploying on Windows servers?
A. You should treat Windows servers like any other host in the deployment.
B. You should obtain the Microsoft TechNet article that describes the proper exclusions for Windows servers.
C. You should never configure exclusions for Windows servers.
D. You should deploy FireAMP connectors only alongside existing antivirus software on Windows servers.
Incident responders use which policy mode for outbreak control?
A. Audit
B. Protect
C. Triage
D. Emergency
What is the default command-line switch configuration, if you run a connector installation with no parameters?
A.
B.
C.
D.
Which type of activity is shown in the Device Trajectory page?
A. the IP addresses of hosts on which a file was seen
B. the activity of the FireAMP console users
C. the hosts that are in the same group as the selected host
D. file creation
How can customers feed new intelligence such as files and hashes to FireAMP?
A. by uploading it to the FTP server
B. from the connector
C. through the management console
D. by sending it via email
For connector-to-FireAMP Private Cloud communication, which port number is used for lower- overhead communication?
A. 22
B. 80
C. 443
D. 32137
Where does an administrator go to get a copy of a fetched file?
A. the Business Defaults page
B. the File menu, followed by Downloads
C. the File Repository
D. the Search selection in the Analysis menu