Uploaded by obim trence

gratisexam.com-McAfee.Passguide.MA0-104.v2016-11-30.by.Ethan.33q

advertisement
MA0-104.Passguide
Number: MA0-104
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
http://www.gratisexam.com/
PASSGUIDE MA0-104
Intel Security Certified Product Specialist
Version 1.0
http://www.gratisexam.com/
Exam A
QUESTION 1
A SIEM can be effectively used to identify active threats from internal systems by monitoring/correlating events that occur
http://www.gratisexam.com/
A. when no one is logged in; for example, after hours or on weekends.
B. across an unusual range of ports or destinations; for example, all high ports.
C. irregularly; for example, only on Fridays, or only at end-of-quarter.
D. in accordance with expected systems use.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
While investigating beaconing Malware, an analyst can narrow the search quickly by using which of the following watchlists in the McAfee SIEM?
A. MTIE Suspicious and Malicious
B. TSI Suspicious and Malicious
C. GTI Suspicious and Malicious
D. MTI Suspicious and Malicious
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
A backup of the ELM management database captures
http://www.gratisexam.com/
A. ELM configuration settings
B. ELM configuration settings, and the ELM archive index.
C. ELM configuration settings, the ELM archive index, and all archived ELM contents.
D. ELM configuration settings, the ELM archive index, and all archived ELM contents up to the ESM database retention limit.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Which of the following is the name of the Dashboard View that shows correlated events for the selected Data Source?
A. Default Summary
B. Normalized Dashboard
C. Incidents Dashboard
D. Triggered Alarms
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
The McAfee SIEM solution satisfies which of the following compliance requirements?
http://www.gratisexam.com/
A. Continuous monitoring, Log retention
B. Personally Identifiable Information (PII) protection
C. Payment Card Industry/ Data Security Standard (PCI/ DSS) protection
D. Patch management automation
http://www.gratisexam.com/
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
http://www.mcafee.com/uk/resources/solution-briefs/sb-compliance-made-easy.pdf
QUESTION 6
How often does the configuration and policy data from the primary Enterprise Security Manager (ESM) get synchronized with the redundant ESM?
A. Every 2 minutes
B. Every 5 minutes
C. Every 10 minutes
D. This is based on manual selection
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Which of the following are the three compression ratios available for raw logs being handled by the ELM?
A. 10:1, 14:1, 19:1
B. 14:1, 18:1, 20:1
C. 14:1, 17:1, 21:1
D. 14:1, 17:1, 20:1
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24719/en_US/esm_930_product%20guide_en-us.pdf Page:
121
http://www.gratisexam.com/
QUESTION 8
The McAfee Enterprise Log Manager (ELM) offers three levels of compression (Low, Medium, and High). By default, the ELM compression level is set to Low.
Which of the following is the compression ratio for the Medium level?
A. 17:1
B. 20:1
C. 10:1
D. 14:1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24719/en_US/esm_930_product%20guide_en-us.pdf Page:
121
QUESTION 9
Which of the following is the default port used to communicate between McAfee SIEM devices?
A. 22
B. 222
C. 21
D. 211
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/corporate/index?page=content&id=KB81957&actp=null&viewlocale=en_US
QUESTION 10
The McAfee SIEM baselines daily events over
http://www.gratisexam.com/
http://www.gratisexam.com/
A. three days
B. five days
C. seven days
D. nine days
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Where can the ESM event database archive inactive partitions?
A. Storage on the hard disk of the ESM itself
B. Storage on the hard disk of the backup ESM
C. Storage on the ELM
D. Remote storage connected to the ESM
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
When a Correlation Rule successfully triggers, this occurs at the
A. Correlation Element.
B. Correlation Processor.
C. Correlation Engine.
http://www.gratisexam.com/
D. Correlation Manager.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
The configuration of a receiver has recently been modified and issues occur. Which command will collect historical data?
A. htop
B. getstatsdata
C. snmpget
D. df
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Which of the following operations is NOT an available selection when using Multi-Device Management?
A. Reboot
B. Update
C. Start
D. Disable
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25226/en_US/esm_940_pg_en-us.pdf Page: 24
http://www.gratisexam.com/
QUESTION 15
The fundamental purpose of the Receiver Correlation Subsystem (RCS) is
A. to analyze data from the ESM and detect matching patterns.
B. to collect and consolidate identical data from the ESM into a single summary event.
C. to classify or categorize data from the Receiver into related types and sub-types.
D. to organize, retrieve and archive data from the Receiver into the SIEM database.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
The ESM database is unavailable for use during
A. a configuration backup.
B. a full backup.
C. archiving of inactive partitions.
D. synchronization with the redundant ESM.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
Which of the following statements about Client Data Sources is TRUE?
A. They will have VIPS, Policy and Agent rights
B. They will be displayed on the Receiver Properties > Data Sources table
C. They will appear on the System Navigation tree
D. They can have independent time zones
Correct Answer: C
http://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25748/en_US/esm_950_pg_0-00_en-us.pdf Page: 72
QUESTION 18
Zones allow a user to group devices and the events they generate by
A. Geographical location and IP reputation
B. Geographical reputation and IP Address
C. Geographical location and IP Address
D. Geographical location and File reputation
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
References:
https://community.mcafee.com/docs/DOC-6220
QUESTION 19
Which of the following are the Boolean logic functions that can be used to create Correlation Rules?
A. NOR and AND
B. AND and SET
C. OR and SET
D. OR and AND
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
The normalization value assigned to each data-source event allows
http://www.gratisexam.com/
http://www.gratisexam.com/
A. increased usability via views based on category rather than signature ID.
B. more efficient parsing of each event by the McAfee SIEM Receiver.
C. quicker ELM searches.
D. the McAfee ESM database to retain fewer events overall.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
Which authentication methods can be configured to control alarm management privileges?
A. SNMP
B. SSH Key Pair
C. Active Directory
D. Access Groups
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24394/en_US/9_2_0_McAfeeESMUserGuide.pdf Page: 79
QUESTION 22
On the McAfee enterprise Security Manager (ESM), the default data Retention setting specifies that Event and Flow data should be maintained for
A. 365 days.
B. same value as configured on the ELM.
http://www.gratisexam.com/
C. 90 Days.
D. all data allowed by system.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
Which of the following is the minimum amount of disk space required to install the McAfee Enterprise Security Manager (ESM) as a virtual machine?
A. 100 GB
B. 250 GB
C. 500 GB
D. 1 TB
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25749/en_US/esm_950_ig_0-00_en-us.pdf Page: 10
QUESTION 24
The possibility of both data source Network Interface Cards (NICs) using the shared IP and MAC address at the same time is eliminated by using which of the
following?
A. iSCSI Adapter
B. IPMI Card
C. PCI Adapter
D. SAN Card
Correct Answer: B
Section: (none)
Explanation
http://www.gratisexam.com/
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25226/en_US/esm_940_pg_en-us.pdf Page: 146
QUESTION 25
To correlate known vulnerabilities to devices that are currently exposed to such vulnerabilities, which of the following must be selected on the Receiver?
A. Auto Download VulnEvents
B. Enable Vulnerability Event Correlation
C. Generate Vulnerability Events
D. Enable VA Source
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
A security administrator is configuring the Enterprise Security Manager (ESM) to comply with corporate security policy and wishes to restrict access to the ESM to
certain users and machines. Which of the following actions would accomplish this?
A. Configure the Access Control List and setup user accounts
B. Define user groups and set permissions based on IP
C. Assign AD users to computer assignment groups
D. Setup local accounts based on IP Zones
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25748/en_US/esm_950_pg_0-00_en-us.pdf Page: 174
QUESTION 27
With regard to Data Source configuration and event collection what does the acronym CEF stand for?
A. Correlation Event Framing
http://www.gratisexam.com/
B. Common Event Format
C. Common Event Framing
D. Condition Event Format
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer
A. one for inspection.
B. three for inspection.
C. five for inspection.
D. seven for inspection.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
Which of the following features of the Enterprise Log Manager (ELM) can alert the user if any data has been modified?
A. Integrity Check
B. SNMP Trap
C. Log Audit
D. ELM Database Check
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://www.gratisexam.com/
QUESTION 30
A SIEM allows an organization the ability to correlate seemingly disparate streams of traffic into a central console for analysis. This correlation, in many cases, can
point out activities that might otherwise go undetected. This type of detection is also known as
http://www.gratisexam.com/
A. anomaly based detection.
B. behavioral based detection.
C. heuristic based detection.
D. signature based detection.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
If the SIEM Administrator deploys the Enterprise Security Manager (ESM) using the Federal Information Processing Standards (FIPS) encryption mode, which of the
following types of user authentication will NOT be compliant with FIPS?
A. Windows Active Directory
B. Radius
C. Lightweight Directory Access Protocol (LDAP)
D. Local Authentication
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
http://www.gratisexam.com/
Which of the following two appliances contain Event databases?
A. ELM and REC
B. ESM and ELM
C. ESM and REC
D. REC and ADM
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Reports can be created by selecting the ESM System Properties window, the Reports Icon in the top right of the ESM screen or by which of the following other
methods within Alarm Creation?
http://www.gratisexam.com/
A. Actions tab
B. Conditions tab
C. Escalation tab
D. Summary tab
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
References:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25349/en_US/
McAfee_SIEM_Best_Practices_for_Alarms.pdf Page: 10
http://www.gratisexam.com/
http://www.gratisexam.com/
Download