Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. McAfee
  3. ISCPS SIEM
  4. MA0-104
  5. Intel Security Certified Product Specialist Questions and Answers

MA0-104 Sample Questions Answers

Questions 4

The McAfee Enterprise Security Manager (ESM) system clock is set to

Options:

A.

International Date Line West.

B.

Daylight Savings Offset.

C.

Greenwich Mean Time.

D.

Geo-Location.

Buy Now
Questions 5

The analyst has created a correlation rule to correlate events from Anti-Virus (AV>, Network Intrusion Prevention (NIPS) and the firewall. While reviewing just firewall events, the analyst notices a large spike in outbound Command and Control traffic, however, the correlation rule is not triggering The analyst then looks at the Network IPS and the Anti-Virus views and notices there are no alerts for this traffic. Which of the following features of NIPS and AV are most likely turned off?

Options:

A.

Alerting

B.

Heuristics

C.

Advanced Persistent Threats (APT)

D.

Automatic DAT updates

Buy Now
Questions 6

An organization notices an increasing number of ESM concurrent connection events. To mitigate risks related to concurrent sessions which action should the organization take?

Options:

A.

Increase the concurrent session alarm threshold

B.

Decrease the console timeout value

C.

Increase the number of the concurrent sessions allowed

D.

Customize the login page with the organization's logo

Buy Now
Questions 7

Which of the following is the minimum number of CPUs required to build a virtual image Enterprise Security Manager (ESM)?

Options:

A.

Two units

B.

Four units

C.

Six units

D.

Eight units

Buy Now
Questions 8

Which of the following statements about Client Data Sources is TRUE?

Options:

A.

They will have VIPS, Policy and Agent rights.

B.

They will be d splayed on the Receiver Properties > Data Sources table.

C.

They will appear on the System Navigation tree.

D.

They can have independent time zones.

Buy Now
Questions 9

Which of the following ports is the correct choice for use when configuring the database properties of a McAfee Network Security Platform (NSP) Device Data Source?

Options:

A.

1433

B.

5432

C.

9001

D.

3306

Buy Now
Questions 10

What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances from unauthorized communications?

Options:

A.

Iptables

B.

McAfee Host Intrusion Prevention System (HIPS)

C.

Linux Firewall

D.

Access Control List (ACL)

Buy Now
Questions 11

Which of the following operations is NOT an available selection when using Multi-Device Management?

Options:

A.

Reboot

B.

Update

C.

start

D.

Disable

Buy Now
Questions 12

In the Default Summary view on the Enterprise Security manager (ESM). which of the following panels shows the baseline averages?

Options:

A.

Event Summary

B.

Normalized Event Summary

C.

Event Distribution

D.

Baseline Average

Buy Now
Questions 13

The McAfee Advanced Correlation Engine (ACE) can t>e deployed in one of two modes which are.?

Options:

A.

Threshold and Anomaly.

B.

Prevention and Detection.

C.

Stateful and Stateless.

D.

Historical and Real-Time.

Buy Now
Questions 14

Which authentication methods can be configured to control alarm management privileges?

Options:

A.

SNMP

B.

SSH Key Pair

C.

Active Directory

D.

Access Groups

Buy Now
Questions 15

The historical ACE function allows the user to perform retrospective correlations on older data. In which of the following devices is the data located that the historical correlation engine uses?

Options:

A.

ELM

B.

REC

C.

ADM

D.

ESM

Buy Now
Questions 16

One or more storage allocations, which together specify a total amount of storage, coupled with a data retention time that specifies the maximum number of days a log is to be stored, is known as a

Options:

A.

Storage Volume.

B.

Storage Pool.

C.

Storage Device.

D.

Storage Area Network (SAN).

Buy Now
Questions 17

With regard to Data Source configuration and event collection what does the acronym CEF stand for?

Options:

A.

Correlation Event Framing

B.

Common Event Format

C.

Common Event Framing

D.

Condition Event Format

Buy Now
Questions 18

When viewing the Policy Tree, what four columns are displayed within the Rules Display pane?

Options:

A.

Action, Seventy, Aggregation, Copy Packet

B.

Action, Seventy, Normalization, Copy Packet

C.

Action, Seventy, Aggregation, Drop Packet

D.

Enable, Severity, Aggregation, Copy Packet

Buy Now
Questions 19

When displaying baseline averages using the automatic time range option, baseline data is correlated by using the same time period that is being used for the current query for which of the following past number of intervals?

Options:

A.

Three

B.

Seven

C.

Five

D.

Ten

Buy Now
Questions 20

Which options within the Receiver properties should be selected to configure the device to respond to ICMP echo requests?

Options:

A.

Receiver ManagementAUpdate Device

B.

Receiver Configuration\lnterface

C.

Connedion\Status

D.

Key Management Key Device

Buy Now
Questions 21

Which of the following two appliances contain Event databases?

Options:

A.

ELM and REC

B.

ESM and ELM

C.

ESM and REC

D.

REC and ADM

Buy Now
Exam Code: MA0-104
Exam Name: Intel Security Certified Product Specialist
Last Update: Nov 20, 2024
Questions: 70
$64  $159.99
$48  $119.99
$40  $99.99
buy now MA0-104