Trellix ePO Administrator Quiz

Questions and Answers

PDF Questions PDF Answers

Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?

Rule

MD5 hash (correct)

File version

Certificate

For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?

"Update now" button (correct)

Managed custom tasks

Proxy server

Default client update task schedule

If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?

You can only change the language for the log files by changing the policy on the Trellix ePolicy Orchestrator

The log files are changed to the language selected for the Client Interface Language only if the language is available in the system locale

The selected client language does not affect the log files.Log files always appear in the language specified by the default system locale (correct)

The log files are changed to the language selected for the Client Interface Language setting

A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?

Warn

If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?

Trellix Global Threat Intelligence

Is there a notification bubble displayed in the system notification area?

Yes

Has the endpoint emitted a notification/alert sound?

Yes

What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?

Web Control is disabled

What type of migration is recommended for a large network with more than 250 managed systems and complex settings?

Manual Migration

In which of the following ways does Dynamic App Containment protect against malware?

It limits the actions unknown applications can take on the system

Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?

Firewall

What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?

Trellix Threat Intelligence Exchange

Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?

Unlock Client Interface Password

When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?

Adaptive

In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?

The pop-up color is red, and access is denied

What groups of legacy products can be migrated to Trellix ENS 10.7?

Trellix Host Intrusion Prevention (HIPS), SiteAdvisor Enterprise (SAE), and Trellix Data Loss Prevention (DLP)

Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?

Rating Actions

Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?

Create an allow rule within the Rules policy for inbound/outbound on port 21 and the executable for the software

Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?

Endpoint Security Package Designer

How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?

setupEP.exe ADDLOCAL="tp,fw,wc,atp"

What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?

Reinstall the Trellix Endpoint Security extensions on the ePO server

What logs should be checked if a user reports a functional issue with the Trellix ENS client?

EndpointSecurityPlatform_Errors.log

What is the role of a cloud-based Real Protect scanner?

It sends potentially malicious code to the cloud for analysis

Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?

Trellix Data Exchange Layer

What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?

The Firewall module will be displayed with the status Disabled

When defining a trusted network in the firewall policy, what is the result?

An inbound directional allow rule for that remote network

In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?

Self-managed System deployment

How are Exploit Prevention signatures updated in Trellix Endpoint Security?

Signatures are updated when the Exploit Prevention content file is updated

What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?

They store and pass file reputation to managed endpoints and Trellix products

Study Notes

Trellix ePO Administration

• A Trellix ePO administrator can use Certificate, Rule, MD5 hash, or File version when creating exclusions for Dynamic Application Containment.
• To meet the VPN connector's policy, the administrator should enable the "Update now" button to ensure the user's virus scan definitions are up-to-date.

Client Interface Language

• If the Client Interface Language is changed on the Trellix Endpoint Security client, the log files will not be affected.

Web Control

• By default, when a user navigates to an unrated website, Trellix ENS Web Control will block the site.
• Web Control displays safety ratings and reports for websites during online browsing and web searching.

Threat Intelligence

• Trellix Global Threat Intelligence is a comprehensive, real-time, cloud-based threat intelligence service that enables Trellix products to protect customers against cyber threats across all vectors.
• If a Trellix TIE server is unavailable, Adaptive Threat Protection can leverage Trellix Global Threat Intelligence for reputation decisions.

Endpoint Security

• To prevent applications from executing software locally from the browser or email client, the administrator should implement the rule "Running files from common user folders by common programs".
• If Trellix Host IPS Firewall is installed and enabled, the Endpoint Security Firewall will be disabled even if it is enabled in the Endpoint Security policy settings.

Installation and Logging

• The install log files are stored in %programdata%\mcafee\datreputation\logs by default.
• The administrator can find the backups of detected files in %deflogfir%\Quarantine.

Firewall Policy

• In Observe Mode, the firewall policy allows communication flows to be monitored and logged without blocking them.
• To dynamically create firewall rules required for the environment, the administrator should use Adaptive Mode.

Exploit Prevention

• To stop malware from exploiting vulnerabilities and executing arbitrary code, the administrator should enable Exploit Prevention.
• To add executables that are monitored with the Exploit Prevention engine, the administrator should add them to the Application Protection rules.

Adaptive Threat Protection

• Adaptive Threat Protection allows a suspicious application to run in a container with restrictions.
• Real Protect scanner sends potentially malicious code to the cloud for analysis.

Web Safety

• Web Control displays a toolbar with a rating icon in the browser.
• The administrator can configure Web Control to block, warn, or allow access to websites based on their rating.

Migration and Policy

• Automatic Migration is recommended for networks with fewer than 250 managed systems and little customization from the default settings.

• The Endpoint Migration Assistant tool can migrate dashboards, Host IPS catalog, server tasks, and deployment tasks.### Firewall Module Status

• If the Firewall is still enabled by the client, there will be no change to the Firewall Module on the Status page.

• If the Firewall is disabled, the Firewall module will be displayed with the status "Disabled".

• If the Firewall is removed from the Trellix ENS Client, the Firewall module will be removed from the Status page.

Trusted Network in Firewall Policy

• Defining a trusted network in the firewall policy results in an inbound directional allow rule for that remote network.

Endpoint Security Deployment

• In a Trellix ePolicy Orchestrator - SaaS deployment, the administrator creates and sends an installation URL to users for installation on local systems.

Exploit Prevention Signatures Update

• Exploit Prevention signatures are updated when the Exploit Prevention content file is updated.

Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)

• The main benefit of using TIE and DXL is that they store and pass file reputation to managed endpoints and Trellix products.

Description

Test your knowledge of Trellix ePO administration, including creating exclusions and configuring VPN connectors. Identify the correct fields and settings for a secure system.