Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by halakukabaap

Kaspersky Endpoint Security Exam

advertisement 
KLCP 002.11 Answers
Note: All the options below against each question are correct answers and the Page number refers to
the student guide.
1- When does Network Agent connect to the Administration Server?
page 10
A) When a packet arrives to the Agent’s UDP port from the Server
B) When there is an event to be sent to the Server
C) Periodically (by default, once every 15 min)
2- Consider Kaspersky Security Center 10 and Kaspersky Endpoint Security 11 for Windows. You want to
import the Active Directory structure to the structure of managed computers. How to achieve this?
page 129
A) Web console | Devices | Edit Groups | Import
3- What is the purpose of virus scan tasks, if File Threat Protection is permanently running on the computers
with the default settings?
Page 159
4- The network is protected with Kaspersky Endpoint Security 11 and managed with Kaspersky Security
Center 10. Can you configure the system drive to be scanned for viruses only when the screensaver is on
or the Windows session is locked?
A) Yes, you can select the check box Scan when the computer is idling in the Kaspersky Endpoint Security
11 policy
5- How does Host Intrusion Prevention select a trust level for a program?
page 183
A) It uses information from Kaspersky Security Network
B) It takes explicitly specified trust levels from the policy, if any
6- Where can you find the list of computers blocked by the Network Threat Protection component?
page 201
A) In the local interface of Kaspersky Endpoint Security, in the Network Monitor window that you can
open from the Protection Components window
7- The administrator is trying to find a schedule for a virus scan task, but at any moment of time either a
large number of computers are off, or the users ask to disable scanning because it slows down the
computer. What would you advise?
A) Enable the mode Scan when the computer is idling in the task
8- How can you configure Host Intrusion Prevention to improve protection against ransomware?
page 185
A) Describe documents as a protected resource, and prohibit programs with bad (unknown) reputation
from performing Write and Delete operations
9- The administrator has found out that Kaspersky Endpoint Security conflicts with homeware, and added an
exclusion to the policy. How to make the exclusion work on the computers immediately after Kaspersky
Endpoint Security is installed rather than after computers download the policy?
page 65
A) Add a configuration file with the exclusion to the installation package of Kaspersky Endpoint Security
(you can export the settings on an already configured computer)
10- After completing the Quick Start wizard of the Kaspersky Security Center 10 Administration Server, the
administrator opens the policy of Kaspersky Endpoint Security 11 for Windows to configure Application
Control rules. It turns out that to set up the rules, you need to select application categories from the list,
which is empty. What should the administrator do to be able to create Application Control rules?
A) Create application categories in the Advanced | Application management | Application categories
node on the Administration Server
11- Which networks are trusted in the Firewall policy of Kaspersky Endpoint Security 11 under the default
settings?
page 199
A) None, There are no trusted networks in a policy by default, and Untrusted and High restricted
programs have no network access.
12- The administrator of Kaspersky Security Center 10 connects the console to the locally installed
Administration Server, creates an automatically filled application category, and specifies the С:\Program
Files\Microsoft\ folder as a parameter. Which executable files will get into this category?
Page 236
A) The files whose SHA-256 checksum coincides with the checksum of a file located in С:\Program
Files\Microsoft\ on the Administration Server
13- Which functions of Kaspersky Endpoint Security for Windows are NOT available under the KESB Select
license?
page 15
A) Encryption
14- Removable drives are blocked by device control in Kaspersky Endpoint Security 11 for Windows; however,
some users can still use their Apple iPhones as a USB mass storage device. What should be changed to
prohibit such possibility without affecting any other USB devices?
A) Block Portable devices (MTP) in Device Control
15- In which of the following situations you need NOT specify the administrator account in the remote
installation task?
Page 82
A) Network Agent is already installed on the computer and connected to the Server
B) The account of the Administration Server service has administrator permissions on the computer
C) The computer has been prepared with the RIPrep.exe utility
16- Which of the following components of Kaspersky Endpoint Security 11 for Windows provides proactive
defense against unknown threats by analyzing the sequence of actions performed by a program?
A) Behavior Detection
17- The administrator has selected to Assign Network Agent installation in the Active Directory group
policies in the remote installation task. How will the Network Agent installation files get on the computer?
page 99
A) Computers will download them from the shared folder on the Administration Server
18- There is a standard computer selection named Many viruses detected in the Kaspersky Security Center 10
Administration Console. What does “many” mean?
page 303
A) The number specified in the selection properties
19- Which components of Kaspersky Endpoint Security for Windows can be installed on a server operating
system?
Page 62
20- What happens when the extended KSN mode is enabled?
A) Select the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to send the
Kaspersky Security Network server statistical information that is obtained from application operation,
and to send files (or parts of files) that could be used by criminals to harm a computer or data to
Kaspersky for additional analysis.
B) Clear the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to use the
basic functions of Kaspersky Security Network.
21- The Administrator has configured the Kaspersky Endpoint Security 11 installation package to perform a
Basic installation. Which of the following components will be installed on workstations?
A)
22- Select the correct statements about tasks in Kaspersky Security Center
Page 14
23- Which of the following database servers can Kaspersky Security Center work with?
page 24
24- Which of the following task types pertain to Kaspersky Endpoint Security for Windows?
25- Consider a network protected with Kaspersky Endpoint Security 11 and managed through Kaspersky
Security Center 10. There is a group update task scheduled to start When new updates are downloaded
to the repository. The databases are regularly updated in the repository, but the group task starts on the
client computers only after a planned synchronization rather than immediately. Why?
page 315
A) That’s how it works
26- The update task of Kaspersky Endpoint Security for Windows has Update settings for local mode and
Update settings for mobile mode. Under which conditions are Update settings for mobile mode used?
A) Updating in mobile mode
Mobile mode is the mode of Kaspersky Endpoint Security operation, when a computer leaves the organization
network perimeter (offline computer). For more details about working with offline computers and out-of-office
users, refer to Kaspersky Security Center Help.
An offline computer outside of the organization's network cannot connect to the Administration Server to update
databases and application modules. By default, only Kaspersky update servers are used as update source for
updating databases and application modules in mobile mode. The use of a proxy server to connect to the Internet
is determined by a special out-of-office policy. The out-of-office policy must be created separately. When
Kaspersky Endpoint Security is switched to mobile mode, the update task is started every two hours.
To configure the update settings for mobile mode:
1. In the main window of Web Console, select Devices → Tasks.
The table with tasks opens.
2. Click the Update task for Kaspersky Endpoint Security.
The task properties window opens.
The Update task is created automatically by the Initial Configuration Wizard of Kaspersky Security Center 11 Web
Console.
Go to the Application settings section.
3. Go to the Mobile mode tab.
4. Configure the sources of updates. The sources of updates can be Kaspersky update servers, other FTP- and HTTP
servers, local folders, or network folders.
5. Click the Save button.
As a result, the databases and application modules will be updated on user computers when they switch to
mobile mode.
27- Installation on which of the following operating systems does Kaspersky Endpoint Security for Windows 11
support?
Page 57
28- Under which conditions does Kaspersky Endpoint Security switch to the out-of-office mode with the
default settings?
A) No conditions are specified by default
29- On which Windows Server 2012 editions can Kaspersky Security Center 10 Administration Server be
installed?
page 22
30- The administrator wants to configure Device Control settings in the policy of Kaspersky Endpoint Security
11 for Windows, but the control options are not displayed in the policy. How should the administrator fix
this?
A) Run a Change application components task and select the Standard installation type instead of the
Basic installation type
B) Load a Kaspersky Endpoint Security for Business Select license into Kaspersky Security Center
31- There is a standalone package on the Administration Server that installs Kaspersky Endpoint Security with
the standard set of components. How to make the package also install the BadUSB Attack Prevention
component?
A) Configure Installation package and recreate the package
32- Select the correct statements about the KL-AK- account created by the installation wizard of Kaspersky
Security Center Administration Server:
Page 40
33- You have found out that the Firewall hampers an application that belongs to the High Restricted group.
Which of the following measures can solve the issue?
page 200
A) Create allow packet rules for the application’s ports and protocols, and move them to the top of the
list of rules
B) Manually put the application’s executable files into the Low restricted or Trusted group in the
Kaspersky Endpoint Security policy
34- Consider group A that contains a policy of Kaspersky Endpoint Security 11. Group A has subgroup B, which
also contains a policy of Kaspersky Endpoint Security 11. Which settings can be edited in the policy of
group B?
A) None, open lock only allow modification in endpoint interface.
35- Where can you specify the conditions under which Kaspersky Endpoint Security 11 switches to the out-ofoffice policy?
A) In the policy of Kaspersky Endpoint Security
36- Consider Kaspersky Security Center 10. Which of the following conditions can make the backup copying
task return an error on the Administration Server?
page 342
A) The Administration Server account has no Write permissions for the backup target directory
B) The database server account has no Write permissions for the backup target directory
C) The drive where the backup directory is located lacks free space
37- During the installation of Kaspersky Security Center 11, the DNS name of the Administration Server was
specified for its connection address. Before deploying Kaspersky Network Agents, the administrator
decides that the Server’s IP address should be used for connections. How would you make this change?
page 37
A) Server connection address and ports can be changed in the properties of Network Agent installation
package
38- What is the minimum amount of RAM required to install Kaspersky Endpoint Security for Windows
(11.1.0) on a 32-bit Windows operating system
page 58
39- Which group tasks and policies does the Quick Start wizard create on the Administration Server if it is
started from the MMC console?
Page 54
40- Which of the following Administration Server parameters cannot be modified without reinstalling
Kaspersky Security Center?
page 41
A) Sql Server address
41- The administrator plans to use the SNMP protocol to receive messages from the Administration Server
and monitor statuses. However, the SNMP agent component is missing from the list of Administration
Server components in the installation wizard. Why?
page 28
A) SNMP Agent is not displayed if the SNMP service (a component of Windows operating system) is not
installed on the computer
The SNMP agent is necessary if you want the Administration Server to send notifications over SNMP.
This component requires the SNMP service (a Windows component) to be installed on the computer.
If the SNMP service is absent, the SNMP agent will not be shown in the list of Administration Server
components during the installation.
42- Which network polling methods are enabled by default in Kaspersky Security Center 11 Administration
Server?
43- Which of the following can be specified as the Administration Server connection address for Network
Agents in Kaspersky Security Center 11?
Page 36
A) IP address (IPv4 only), DNS or NetBIOS
44- You want to publish installation packages in Active Directory via the Kaspersky Security Center 11
Administration Server. Which installation packages can be published this way?
page 99
A) To publish the Network Agent package to a domain group policy, in the task (or in the installation
wizard), select Assign Network Agent installation in the Active Directory group policies.
B) This method is applicable to the Network Agent only, because after the Agent is installed, other
programs are supposed to be installed using the Agent.
45- Which level of permissions is required to be able to install Kaspersky Endpoint Security for Windows on
the computer?
page 82
A) Local Administrator
46- Which of the following ports must be opened in the firewall for the users to be able to download the
package using the automatically created link?
page 40
A) 8060, 8061
47- How does Host Intrusion Prevention react by default to the programs that start before Kaspersky Endpoint
Security 11.1?
page 183
A) Low restricted
48- Into which trust group does Host Intrusion Prevention move programs by default for which it cannot
receive information from KSN?
page 183
A) Low restricted
49- The administrator has decided to enable scanning for encrypted connections. Which components of
Kaspersky Endpoint Security will use it?
page 169
A) Encrypted traffic scanning is enabled by default and pertains to the following components:
— Web Threat Protection
— Mail Threat Protection
— Web Control
50- What does the Firewall do with a packet that meets conditions of several rules, including an allow rule for
packets and a block rule for applications? The block rule for applications is higher on the list than the allow
rule for packets.
A) Applies the rule that is higher in the list
B) Blocks the packet
51- .How will Web Threat Protection scan https traffic under the default settings if a website uses an EV
certificate?
A) At the first connection, the certificate will be substituted, https traffic will be scanned. At subsequent
connections, the certificate will NOT be substituted, https traffic will NOT be scanned
52- How can you disable the Background scan task on the client computers?
Page 160
A) To disable the Background scan task, in the properties of Kaspersky Endpoint Security policy, open
Application Settings | LocalTasks | Background scan and clear the check box Scan when the computer
is idling.
53- The user tries to connect to a website over https. Kaspersky Endpoint Security installed on the computer is
under the policy created by the Quick Start Wizard. An error occurs when scanning encrypted traffic. What
will happen in that case?
page 169
A) With the default settings, if errors arise when scanning a secure connection, the domain will be
automatically added to the list of Domains with scan errors and its whole traffic will be skipped
without scanning.
54- How can the administrator consult the list of domains with secure connection scan errors?
page 170
A) Only in the local interface of Kaspersky Endpoint Security on the user’s computer
55- In which of the following cases will Kaspersky Endpoint Security 11.1 for Windows consider a file to be
non-infected?
page 163
A) Signature or heuristic analysis returned the Infected verdict, while the KSN database considers the file to
be clean
56- Which of the following can the Mail Threat Protection component of Kaspersky Endpoint Security 11.1 for
Windows do?
Page 171
A) Scan MAPI traffic in Microsoft Office Outlook
B) Scan SMTP/POP3/IMAP/NNTP traffic
C) Filter email attachments
57- A computer running Windows 2012 Server is protected with Kaspersky Endpoint Security 11.1 having the
default settings. The administrator wants to use it as a print server, but no prints are being successful.
What would be the reason for this?
A) Firewall blocks network activity of the print server
58- Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners on the web pages
visited by the users. How can you achieve this?
A) Create a rule in the Web Control settings to block the content category Banners
59- A commercial license has expired in an organization, and the money for purchasing a new license will be
allocated only in a month. Which functions of Kaspersky Endpoint Security 11.1 for Windows will NOT
work until the new license is in place?
page 334
A) All components keep working, but update tasks will not start and KSN servers are inaccessible.
Protection level gradually decreases.
60- Consider Kaspersky Security Center 11. What data is included into a backup copy of the Administration
Server created with a dedicated Kaspersky Security Center task?
Page 340
A) A backup copy of the Kaspersky Security Center data includes all visible and invisible configuration
settings. This includes the event database (which contains more than just the events), administration
group structure, tasks and policies, report templates, installation packages, selections of computers
and events, the Administration Server certificate, and more. Updates are not included, because they
quickly become outdated, and there is no reason to keep an old copy.
61- Many computers have the Critical status with the Not scanned for a long time description in Kaspersky
Security Center 11 Administration Console. The administrator thinks that it is not a problem and does not
want this condition to influence computer statuses.
A) Modify the status change conditions in the administration groups’ properties
Related documents
Door & physical security
Door & physical security
jane alexandria smith - MyWeb at WIT
jane alexandria smith - MyWeb at WIT
Eugene V. Kaspersky CEO, Co-Founder of Kaspersky Lab
Eugene V. Kaspersky CEO, Co-Founder of Kaspersky Lab
Endpoint Security for Business
Endpoint Security for Business
ITU-IMPACT Regional Cybersecurity Forum - CLMV Philip Victor Director, Policy & International Cooperation
ITU-IMPACT Regional Cybersecurity Forum - CLMV Philip Victor Director, Policy & International Cooperation
Kaspersky Lab Fact Sheet
Kaspersky Lab Fact Sheet
Download
advertisement
Study collections