MA0-104 Practice Exam Questions and Answers

The Global Blacklist feature can be used to block specific traffic from which of the following devices?

The analyst has created a correlation rule to correlate events from Anti-Virus (AV>, Network Intrusion Prevention (NIPS) and the firewall. While reviewing just firewall events, the analyst notices a large spike in outbound Command and Control traffic, however, the correlation rule is not triggering The analyst then looks at the Network IPS and the Anti-Virus views and notices there are no alerts for this traffic. Which of the following features of NIPS and AV are most likely turned off?

Which options within the Receiver properties should be selected to configure the device to respond to ICMP echo requests?

By default, the McAfee Enterprise Security Manager (ESM) communicates with the McAfee Event Receiver (ERC) and McAfee Enterprise Log Manager (ELM) over port

When displaying baseline averages using the automatic time range option, baseline data is correlated by using the same time period that is being used for the current query for which of the following past number of intervals?

Checkpoint firewalls provide logs to the McAfee SIEM Receiver in which of the following formats?

The historical ACE function allows the user to perform retrospective correlations on older data. In which of the following devices is the data located that the historical correlation engine uses?

McAfee's SIEM provides awareness of illicit behavior across multiple internal systems via

If the maximum size for the Policy Change History log is reached, which of the following happens to new entries?

What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances from unauthorized communications?