Trellix ePO Administrator Quiz
29 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?

  • Rule
  • MD5 hash (correct)
  • File version
  • Certificate
  • For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?

  • "Update now" button (correct)
  • Managed custom tasks
  • Proxy server
  • Default client update task schedule
  • If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?

  • You can only change the language for the log files by changing the policy on the Trellix ePolicy Orchestrator
  • The log files are changed to the language selected for the Client Interface Language only if the language is available in the system locale
  • The selected client language does not affect the log files.Log files always appear in the language specified by the default system locale (correct)
  • The log files are changed to the language selected for the Client Interface Language setting
  • A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?

    <p>Warn</p> Signup and view all the answers

    If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?

    <p>Trellix Global Threat Intelligence</p> Signup and view all the answers

    Is there a notification bubble displayed in the system notification area?

    <p>Yes</p> Signup and view all the answers

    Has the endpoint emitted a notification/alert sound?

    <p>Yes</p> Signup and view all the answers

    What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?

    <p>Web Control is disabled</p> Signup and view all the answers

    What type of migration is recommended for a large network with more than 250 managed systems and complex settings?

    <p>Manual Migration</p> Signup and view all the answers

    In which of the following ways does Dynamic App Containment protect against malware?

    <p>It limits the actions unknown applications can take on the system</p> Signup and view all the answers

    Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?

    <p>Firewall</p> Signup and view all the answers

    What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?

    <p>Trellix Threat Intelligence Exchange</p> Signup and view all the answers

    Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?

    <p>Unlock Client Interface Password</p> Signup and view all the answers

    When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?

    <p>Adaptive</p> Signup and view all the answers

    In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?

    <p>The pop-up color is red, and access is denied</p> Signup and view all the answers

    What groups of legacy products can be migrated to Trellix ENS 10.7?

    <p>Trellix Host Intrusion Prevention (HIPS), SiteAdvisor Enterprise (SAE), and Trellix Data Loss Prevention (DLP)</p> Signup and view all the answers

    Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?

    <p>Rating Actions</p> Signup and view all the answers

    Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?

    <p>Create an allow rule within the Rules policy for inbound/outbound on port 21 and the executable for the software</p> Signup and view all the answers

    Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?

    <p>Endpoint Security Package Designer</p> Signup and view all the answers

    How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?

    <p>setupEP.exe ADDLOCAL=&quot;tp,fw,wc,atp&quot;</p> Signup and view all the answers

    What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?

    <p>Reinstall the Trellix Endpoint Security extensions on the ePO server</p> Signup and view all the answers

    What logs should be checked if a user reports a functional issue with the Trellix ENS client?

    <p>EndpointSecurityPlatform_Errors.log</p> Signup and view all the answers

    What is the role of a cloud-based Real Protect scanner?

    <p>It sends potentially malicious code to the cloud for analysis</p> Signup and view all the answers

    Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?

    <p>Trellix Data Exchange Layer</p> Signup and view all the answers

    What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?

    <p>The Firewall module will be displayed with the status Disabled</p> Signup and view all the answers

    When defining a trusted network in the firewall policy, what is the result?

    <p>An inbound directional allow rule for that remote network</p> Signup and view all the answers

    In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?

    <p>Self-managed System deployment</p> Signup and view all the answers

    How are Exploit Prevention signatures updated in Trellix Endpoint Security?

    <p>Signatures are updated when the Exploit Prevention content file is updated</p> Signup and view all the answers

    What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?

    <p>They store and pass file reputation to managed endpoints and Trellix products</p> Signup and view all the answers

    Study Notes

    Trellix ePO Administration

    • A Trellix ePO administrator can use Certificate, Rule, MD5 hash, or File version when creating exclusions for Dynamic Application Containment.
    • To meet the VPN connector's policy, the administrator should enable the "Update now" button to ensure the user's virus scan definitions are up-to-date.

    Client Interface Language

    • If the Client Interface Language is changed on the Trellix Endpoint Security client, the log files will not be affected.

    Web Control

    • By default, when a user navigates to an unrated website, Trellix ENS Web Control will block the site.
    • Web Control displays safety ratings and reports for websites during online browsing and web searching.

    Threat Intelligence

    • Trellix Global Threat Intelligence is a comprehensive, real-time, cloud-based threat intelligence service that enables Trellix products to protect customers against cyber threats across all vectors.
    • If a Trellix TIE server is unavailable, Adaptive Threat Protection can leverage Trellix Global Threat Intelligence for reputation decisions.

    Endpoint Security

    • To prevent applications from executing software locally from the browser or email client, the administrator should implement the rule "Running files from common user folders by common programs".
    • If Trellix Host IPS Firewall is installed and enabled, the Endpoint Security Firewall will be disabled even if it is enabled in the Endpoint Security policy settings.

    Installation and Logging

    • The install log files are stored in %programdata%\mcafee\datreputation\logs by default.
    • The administrator can find the backups of detected files in %deflogfir%\Quarantine.

    Firewall Policy

    • In Observe Mode, the firewall policy allows communication flows to be monitored and logged without blocking them.
    • To dynamically create firewall rules required for the environment, the administrator should use Adaptive Mode.

    Exploit Prevention

    • To stop malware from exploiting vulnerabilities and executing arbitrary code, the administrator should enable Exploit Prevention.
    • To add executables that are monitored with the Exploit Prevention engine, the administrator should add them to the Application Protection rules.

    Adaptive Threat Protection

    • Adaptive Threat Protection allows a suspicious application to run in a container with restrictions.
    • Real Protect scanner sends potentially malicious code to the cloud for analysis.

    Web Safety

    • Web Control displays a toolbar with a rating icon in the browser.
    • The administrator can configure Web Control to block, warn, or allow access to websites based on their rating.

    Migration and Policy

    • Automatic Migration is recommended for networks with fewer than 250 managed systems and little customization from the default settings.

    • The Endpoint Migration Assistant tool can migrate dashboards, Host IPS catalog, server tasks, and deployment tasks.### Firewall Module Status

    • If the Firewall is still enabled by the client, there will be no change to the Firewall Module on the Status page.

    • If the Firewall is disabled, the Firewall module will be displayed with the status "Disabled".

    • If the Firewall is removed from the Trellix ENS Client, the Firewall module will be removed from the Status page.

    Trusted Network in Firewall Policy

    • Defining a trusted network in the firewall policy results in an inbound directional allow rule for that remote network.

    Endpoint Security Deployment

    • In a Trellix ePolicy Orchestrator - SaaS deployment, the administrator creates and sends an installation URL to users for installation on local systems.

    Exploit Prevention Signatures Update

    • Exploit Prevention signatures are updated when the Exploit Prevention content file is updated.

    Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)

    • The main benefit of using TIE and DXL is that they store and pass file reputation to managed endpoints and Trellix products.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of Trellix ePO administration, including creating exclusions and configuring VPN connectors. Identify the correct fields and settings for a secure system.

    More Like This

    Use Quizgecko on...
    Browser
    Browser