Filters
Question type
Study Flashcards

The historical ACE function allows the user to perform retrospective correlations on older data. In which of the following devices is the data located that the historical correlation engine uses?


A) ELM
B) REC
C) ADM
D) ESM

Correct Answer

verifed

verified

The normalization value assigned to each data-source event allows


A) increased usability via views based on category rather than signature ID.
B) more efficient parsing of each event by the McAfee SIEM Receiver.
C) quicker ELM searches.
D) the McAfee ESM database to retain fewer events overall.

Correct Answer

verifed

verified

Which of the following is the minimum amount of disk space required to install the McAfee Enterprise Security Manager (ESM) as a virtual machine?


A) 100 GB
B) 250 GB
C) 500 GB
D) 1 TB

Correct Answer

verifed

verified

The McAfee SIEM baselines daily events over


A) three days
B) five days
C) seven days
D) nine days

Correct Answer

verifed

verified

On the McAfee enterprise Security Manager (ESM) , the default data Retention setting specifies that Event and Flow data should be maintained for


A) 365 days.
B) same value as configured on the ELM.
C) 90 Days.
D) all data allowed by system.

Correct Answer

verifed

verified

Which of the following are the Boolean logic functions that can be used to create Correlation Rules?


A) NOR and AND
B) AND and SET
C) OR and SET
D) OR and AND

Correct Answer

verifed

verified

Which options within the Receiver properties should be selected to configure the device to respond to ICMP echo requests?


A) Receiver Management\Update Device
B) Receiver Configuration\Interface
C) Connection\Status
D) Key Management\ Key Device

Correct Answer

verifed

verified

In the context of McAfee SIEM, the local protected network address space is a variable referred to as


A) TRUSTED_NET
B) INTERNAL_NET
C) EXTERNAL_NET
D) HOME_NET

Correct Answer

verifed

verified

While investigating beaconing Malware, an analyst can narrow the search quickly by using which of the following watchlists in the McAfee SIEM?


A) MTIE Suspicious and Malicious
B) TSI Suspicious and Malicious
C) GTI Suspicious and Malicious
D) MTI Suspicious and Malicious

Correct Answer

verifed

verified

The fundamental purpose of the Receiver Correlation Subsystem (RCS) is


A) to analyze data from the ESM and detect matching patterns.
B) to collect and consolidate identical data from the ESM into a single summary event.
C) to classify or categorize data from the Receiver into related types and sub-types.
D) to organize, retrieve and archive data from the Receiver into the SIEM database.

Correct Answer

verifed

verified

By default, the McAfee Enterprise Security Manager (ESM) communicates with the McAfee Event Receiver (ERC) and McAfee Enterprise Log Manager (ELM) over port


A) 21.
B) 443.
C) 22.
D) 23.

Correct Answer

verifed

verified

The security Analyst notices that there has been a large spike for Secure Shell (SSH) drops in the Network Intrusion Prevention System (NIPS) . What other perimeter device will add more insight into what is happening?


A) McAfee ePlocy Orchestrator (ePO)
B) The core switch
C) The external switch
D) The firewall

Correct Answer

verifed

verified

Which of the following is the name of the Dashboard View that shows correlated events for the selected Data Source?


A) Default Summary
B) Normalized Dashboard
C) Incidents Dashboard
D) Triggered Alarms

Correct Answer

verifed

verified

The fundamental purpose of the Receiver Correlation Subsystem (RCS) is


A) to analyze data from the ESM and detect matching patterns.
B) to collect and consolidate identical data from the ESM into a single summary event.
C) to classify or categorize data from the Receiver into related types and sub-types.
D) to organize, retrieve and archive data from the Receiver into the SIEM database.

Correct Answer

verifed

verified

The security Analyst notices that there has been a large spike for Secure Shell (SSH) drops in the Network Intrusion Prevention System (NIPS) . What other perimeter device will add more insight into what is happening?


A) McAfee ePlocy Orchestrator (ePO)
B) The core switch
C) The external switch
D) The firewall

Correct Answer

verifed

verified

A McAfee Event Receiver (ERC) will allow for how many Correlation Data Sources to be configured?


A) 1
B) 3
C) 5
D) 10

Correct Answer

verifed

verified

Which of the following is the Primary function of the Event Receiver (ERC) in relation to the Enterprise Security Manager (ESM) ?


A) Collect and parse events before the ESM pulls them form the ERC
B) Collect and parse the events before the receiver forwards them to the ESM
C) Collect and store the events before they are forwarded to the ESM for parsing
D) Collect and parse the events before forwarding them to the ELM

Correct Answer

verifed

verified

If the SIEM Administrator deploys the Enterprise Security Manager (ESM) using the Federal Information Processing Standards (FIPS) encryption mode, which of the following types of user authentication will NOT be compliant with FIPS?  


A) Windows Active Directory
B) Radius
C) Lightweight Directory Access Protocol (LDAP)
D) Local Authentication

Correct Answer

verifed

verified

Which authentication methods can be configured to control alarm management privileges?


A) SNMP
B) SSH Key Pair
C) Active Directory
D) Access Groups

Correct Answer

verifed

verified

A SIEM can be effectively used to identify active threats from internal systems by monitoring/correlating events that occur


A) when no one is logged in; for example, after hours or on weekends.
B) across an unusual range of ports or destinations; for example, all high ports.
C) irregularly; for example, only on Fridays, or only at end-of-quarter.
D) in accordance with expected systems use.

Correct Answer

verifed

verified

Showing 21 - 40 of 85

Related Exams

Exam 1

Certified McAfee Security Specialist - Epo

188 Questions

Exam 2

Certified McAfee Security Specialist - NSP

54 Questions

Show Answer