Intel Security Certified Product Specialist v7.0 (MA0-104)

Page:    1 / 5   
Total 76 questions

The McAfee SIEM baselines daily events over

  • A. three days
  • B. five days
  • C. seven days
  • D. nine days


Answer : A

The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer

  • A. one for inspection.
  • B. three for inspection.
  • C. five for inspection.
  • D. seven for inspection.


Answer : D

With regard to Data Source configuration and event collection what does the acronym CEF stand for?

  • A. Correlation Event Framing
  • B. Common Event Format
  • C. Common Event Framing
  • D. Condition Event Format


Answer : B

The security Analyst notices that there has been a large spike for Secure Shell <SSH) drops in the Network Intrusion Prevention System (NIPS). What other perimeter device will add more insight into what is happening?

  • A. McAfee ePIocy Orchestrator (ePO)
  • B. The core switch
  • C. The external switch
  • D. The firewall


Answer : D

The ESM database is unavailable for use during

  • A. a configuration backup.
  • B. a full backup.
  • C. archiving of inactive partitions
  • D. synchronization with the redundant ESM.


Answer : D

Zones allow a user to group devices and the events they generate by

  • A. Geographical location and IP reputation
  • B. Geographical reputation and IP Address
  • C. Geographical location and IP Address
  • D. Geographical location and File reputation


Answer : C

A McAfee Event Receiver (ERC) will allow for how many Correlation Data Sources to be configured?

  • A. 1
  • B. 3
  • C. 5
  • D. 10


Answer : A

To correlate known vulnerabilities to devices that are currently exposed to such vulnerabilities, which of the following must be selected on the Receiver?

  • A. Auto Download VulnEvents
  • B. Enable Vulnerability Event Correlation
  • C. Generate Vulnerability Events
  • D. Enable VA Source


Answer : D

Which of the following operations is NOT an available selection when using Multi-Device
Management?

  • A. Reboot
  • B. Update
  • C. start
  • D. Disable


Answer : D

When viewing the Policy Tree, what four columns are displayed within the Rules Display pane?

  • A. Action, Seventy, Aggregation, Copy Packet
  • B. Action, Seventy, Normalization, Copy Packet
  • C. Action, Seventy, Aggregation, Drop Packet
  • D. Enable, Severity, Aggregation, Copy Packet


Answer : A

Which authentication methods can be configured to control alarm management privileges?

  • A. SNMP
  • B. SSH Key Pair
  • C. Active Directory
  • D. Access Groups


Answer : D

What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances from unauthorized communications?

  • A. Iptables
  • B. McAfee Host Intrusion Prevention System (HIPS)
  • C. Linux Firewall
  • D. Access Control List (ACL)


Answer : A

The fundamental purpose of the Receiver Correlation Subsystem (RCS) is

  • A. to analyze data from the ESM and detect matching patterns.
  • B. to collect and consolidate identical data from the ESM into a single summary event.
  • C. to classify or categorize data from the Receiver into related types and sub-types.
  • D. to organize, retrieve and archive data from the Receiver into the SIEM database.


Answer : A

McAfee's SIEM provides awareness of illicit behavior across multiple internal systems via

  • A. default data-source events.
  • B. default correlation events
  • C. default alerts.
  • D. default reports.


Answer : C

One or more storage allocations, which together specify a total amount of storage, coupled with a data retention time that specifies the maximum number of days a log is to be stored, is known as a

  • A. Storage Volume.
  • B. Storage Pool.
  • C. Storage Device.
  • D. Storage Area Network (SAN).


Answer : B

Page:    1 / 5   
Total 76 questions