McAfee MA0-104 - Intel Security Certified Product Specialist Exam

Page:    1 / 14   
Total 70 questions

Which of the following is the name of the Dashboard View that shows correlated events for the selected Data Source?

  • A. Default Summary
  • B. Normalized Dashboard
  • C. Incidents Dashboard
  • D. Triggered Alarms


Answer : A

While investigating beaconing Malware, an analyst can narrow the search quickly by using which of the following watchlists in the McAfee SIEM?

  • A. MTIE Suspicious and Malicious
  • B. TSI Suspicious and Malicious
  • C. GTI Suspicious and Malicious
  • D. MTI Suspicious and Malicious


Answer : C

On the McAfee enterprise Security Manager (ESM), the default data Retention setting specifies that Event and Flow data should be maintained for

  • A. 365 days.
  • B. same value as configured on the ELM.
  • C. 90 Days
  • D. all data allowed by system


Answer : D

A security administrator is configuring the Enterprise Security Manager (ESM) to comply with corporate security policy and wishes to restrict access to the ESM to certain users and machines Which of the following actions would accomplish this?

  • A. Configure the Access Control List and setup user accounts
  • B. Define user groups and set permissions based on IP
  • C. Assign AD users to computer assignment groups
  • D. Setup local accounts based on IP Zones


Answer : A

When preparing to apply a patch to the Enterprise Security Manager (ESM) and completing the ESM checklist, the command cat/proc7mdstat has been issued to determine RAID functionally The system returns an active drive result identified as [U J What action should be taken?

  • A. Apply the patch, this is a properly functional RAID which can be upgraded.
  • B. Apply the patch, drive 1 is active and can be upgraded.
  • C. Apply the patch, drive 2 is active and can be upgraded.
  • D. Contact support before proceeding with the upgrade.


Answer : D

Page:    1 / 14   
Total 70 questions