MA0-104 Exam - Free McAfee Questions and Answers

Question #1 (Topic: )

Which of the following is the name of the Dashboard View that shows correlated events for
the selected Data Source?

A. Default Summary B. Normalized Dashboard C. Incidents Dashboard D. Triggered Alarms

Answer: A

Question #2 (Topic: )

While investigating beaconing Malware, an analyst can narrow the search quickly by using
which of the following watchlists in the McAfee SIEM?

A. MTIE Suspicious and Malicious B. TSI Suspicious and Malicious C. GTI Suspicious and Malicious D. MTI Suspicious and Malicious

Answer: C

Question #3 (Topic: )

On the McAfee enterprise Security Manager (ESM), the default data Retention setting
specifies that Event and Flow data should be maintained for

A. 365 days. B. same value as configured on the ELM. C. 90 Days D. all data allowed by system

Answer: D

Question #4 (Topic: )

A security administrator is configuring the Enterprise Security Manager (ESM) to comply
with corporate security policy and wishes to restrict access to the ESM to certain users and
machines Which of the following actions would accomplish this?

A. Configure the Access Control List and setup user accounts B. Define user groups and set permissions based on IP C. Assign AD users to computer assignment groups D. Setup local accounts based on IP Zones

Answer: A

Question #5 (Topic: )

When preparing to apply a patch to the Enterprise Security Manager (ESM) and completing
the ESM checklist, the command cat/proc7mdstat has been issued to determine RAID
functionally The system returns an active drive result identified as [U J What action should
be taken?

A. Apply the patch, this is a properly functional RAID which can be upgraded. B. Apply the patch, drive 1 is active and can be upgraded. C. Apply the patch, drive 2 is active and can be upgraded. D. Contact support before proceeding with the upgrade.

Answer: D

McAfee MA0-104 - Intel Security Certified Product Specialist Exam