McAfee Certified Product Specialist - DLPE v7.0 (MA0-103)

Page:    1 / 5   
Total 77 questions

How can the use of USB drives be identified?

  • A. Enable plug and play device rule to monitor USB plugs
  • B. Enable unmanageable device classes to monitor USB plugs
  • C. Enable fixed hard drive rule to monitor USB plugs
  • D. Enable removable file storage access to monitor USB plugs


Answer : A

Following production deployment the DLP Endpoint Administrator begins to receive an increasing number of calls related to credit card number content detection false positives.
Which of the following can the administrator do to reduce false positives?

  • A. Turn on verbose logging
  • B. Increase dictionary weights
  • C. Increase text pattern thresholds
  • D. Use regular expression validators


Answer : D

Which of the following proactively helps prevent data loss?
Removable Storage Devices with a file system, when connected to a computer

  • A. notify the user of potential data loss.
  • B. send an email to the user's manager.
  • C. generate an incident that is reported to the security team.
  • D. are blocked.


Answer : D

Which of the following is used to control the ability to modify policies in DLPe for non ePO
Global Admins?

  • A. An Active Directory GPO
  • B. An ePO Permission Set
  • C. Restricted access to the Evidence Share
  • D. Restricted access to the Whitelist Share


Answer : B

Which of the following DLP features could be used to target suspicious activity during the first phase of an attack at the hardware layer?

  • A. Removable Storage device rules
  • B. Unmanageable device class
  • C. File system protection rules
  • D. Network communication protection rules


Answer : A

There is a known virus spreading using removable media. What action should be taken to mitigate this risk?

  • A. Monitor all removable media devices
  • B. Enable McAfee endpoint encryption controls
  • C. Block all removable media devices
  • D. Make plug and play devices read only


Answer : C

Which of the following is NOT a DLPe incident task?

  • A. Mail notification task
  • B. Purge task
  • C. Set reviewer task
  • D. Purge client task


Answer : D

An executive sends merger documents to legal counsel. Policy dictates the documents should be encrypted, but they are being sent in plain text. What is the appropriate action to configure in such a case using DLPe protection rules?

  • A. Monitor the activity using a File System Protection Rule, store the evidence and notify the user.
  • B. Verify the violation and send an alert to the administrator.
  • C. An Email Protection Rule should be used to block the email unless the documents are encrypted.
  • D. Do nothing.


Answer : C

What is the recommended rule to block Removable Storage Devices?

  • A. Plug and Play Device Rule
  • B. Removable Storage Device Rule
  • C. Removable Storage File Access Rule
  • D. Removable Storage Protection Rule


Answer : B

How long must the operational events be stored in the ePO database before purging?

  • A. As defined by the Acceptable Use Policy
  • B. As defined by the Risk Management Framework
  • C. As defined by the Auditor
  • D. As defined by the Data Retention Policy


Answer : D

A manufacturing organization needs to protect the transfer of sensitive design documents by prohibiting write access to USB devices. They do not want to limit their employee's ability to read files from these devices. To meet the organization's requirement, which type of rule can be implemented?

  • A. Plug and Play Device Rule
  • B. Removable Storage Protection Rule
  • C. Removable Storage Device Rule (supports Mac)
  • D. Removable Storage File Access Rule


Answer : C

Which of the following is an indication of potential data loss?

  • A. Removable Storage Device rule triggers a lot of incidents for one user
  • B. Removable Storage File Access rule triggers a lot of incidents for one user
  • C. Discovery rule triggers a lot of incidents for one user
  • D. Removable Storage Protection rule triggers a lot of incidents for one user


Answer : D

An employee attempts to upload company data in violation of corporate security policy using a secure HTTPS connection. The DLPe Administrator has configured rules with a blocking reaction and Content Classification. Can the data be prevented from being uploaded over HTTPS?

  • A. No, location Based Tagging Rules need to be configured
  • B. No, content posted over HTTPS cannot be inspected
  • C. Yes, a protection rule with a block reaction has been configured
  • D. Yes, Content Classification has occurred


Answer : C

Which encryption type is NOT available when creating a file system discovery rule?

  • A. Oracle Digital Rights Management
  • B. McAfee Endpoint Encryption
  • C. Adobe LiveCycle Rights Management Encryption
  • D. Not encrypted


Answer : A

How does McAfee DLPe classify sensitive content?

  • A. Using DLP monitor reaction in rules
  • B. Using Tags and Content categories
  • C. Using File Extensions
  • D. Using Information Protection


Answer : B

Page:    1 / 5   
Total 77 questions