Podcast
Questions and Answers
Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?
Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?
For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?
For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?
If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?
If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?
A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?
A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?
Signup and view all the answers
If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?
If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?
Signup and view all the answers
Is there a notification bubble displayed in the system notification area?
Is there a notification bubble displayed in the system notification area?
Signup and view all the answers
Has the endpoint emitted a notification/alert sound?
Has the endpoint emitted a notification/alert sound?
Signup and view all the answers
What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?
What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?
Signup and view all the answers
What type of migration is recommended for a large network with more than 250 managed systems and complex settings?
What type of migration is recommended for a large network with more than 250 managed systems and complex settings?
Signup and view all the answers
In which of the following ways does Dynamic App Containment protect against malware?
In which of the following ways does Dynamic App Containment protect against malware?
Signup and view all the answers
Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?
Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?
Signup and view all the answers
What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?
What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?
Signup and view all the answers
Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?
Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?
Signup and view all the answers
When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?
When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?
Signup and view all the answers
In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?
In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?
Signup and view all the answers
What groups of legacy products can be migrated to Trellix ENS 10.7?
What groups of legacy products can be migrated to Trellix ENS 10.7?
Signup and view all the answers
Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?
Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?
Signup and view all the answers
Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?
Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?
Signup and view all the answers
Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?
Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?
Signup and view all the answers
How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?
How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?
Signup and view all the answers
What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?
What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?
Signup and view all the answers
What logs should be checked if a user reports a functional issue with the Trellix ENS client?
What logs should be checked if a user reports a functional issue with the Trellix ENS client?
Signup and view all the answers
What is the role of a cloud-based Real Protect scanner?
What is the role of a cloud-based Real Protect scanner?
Signup and view all the answers
Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?
Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?
Signup and view all the answers
What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?
What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?
Signup and view all the answers
When defining a trusted network in the firewall policy, what is the result?
When defining a trusted network in the firewall policy, what is the result?
Signup and view all the answers
In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?
In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?
Signup and view all the answers
How are Exploit Prevention signatures updated in Trellix Endpoint Security?
How are Exploit Prevention signatures updated in Trellix Endpoint Security?
Signup and view all the answers
What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?
What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?
Signup and view all the answers
Study Notes
Trellix ePO Administration
- A Trellix ePO administrator can use Certificate, Rule, MD5 hash, or File version when creating exclusions for Dynamic Application Containment.
- To meet the VPN connector's policy, the administrator should enable the "Update now" button to ensure the user's virus scan definitions are up-to-date.
Client Interface Language
- If the Client Interface Language is changed on the Trellix Endpoint Security client, the log files will not be affected.
Web Control
- By default, when a user navigates to an unrated website, Trellix ENS Web Control will block the site.
- Web Control displays safety ratings and reports for websites during online browsing and web searching.
Threat Intelligence
- Trellix Global Threat Intelligence is a comprehensive, real-time, cloud-based threat intelligence service that enables Trellix products to protect customers against cyber threats across all vectors.
- If a Trellix TIE server is unavailable, Adaptive Threat Protection can leverage Trellix Global Threat Intelligence for reputation decisions.
Endpoint Security
- To prevent applications from executing software locally from the browser or email client, the administrator should implement the rule "Running files from common user folders by common programs".
- If Trellix Host IPS Firewall is installed and enabled, the Endpoint Security Firewall will be disabled even if it is enabled in the Endpoint Security policy settings.
Installation and Logging
- The install log files are stored in
%programdata%\mcafee\datreputation\logs
by default. - The administrator can find the backups of detected files in
%deflogfir%\Quarantine
.
Firewall Policy
- In Observe Mode, the firewall policy allows communication flows to be monitored and logged without blocking them.
- To dynamically create firewall rules required for the environment, the administrator should use Adaptive Mode.
Exploit Prevention
- To stop malware from exploiting vulnerabilities and executing arbitrary code, the administrator should enable Exploit Prevention.
- To add executables that are monitored with the Exploit Prevention engine, the administrator should add them to the Application Protection rules.
Adaptive Threat Protection
- Adaptive Threat Protection allows a suspicious application to run in a container with restrictions.
- Real Protect scanner sends potentially malicious code to the cloud for analysis.
Web Safety
- Web Control displays a toolbar with a rating icon in the browser.
- The administrator can configure Web Control to block, warn, or allow access to websites based on their rating.
Migration and Policy
-
Automatic Migration is recommended for networks with fewer than 250 managed systems and little customization from the default settings.
-
The Endpoint Migration Assistant tool can migrate dashboards, Host IPS catalog, server tasks, and deployment tasks.### Firewall Module Status
-
If the Firewall is still enabled by the client, there will be no change to the Firewall Module on the Status page.
-
If the Firewall is disabled, the Firewall module will be displayed with the status "Disabled".
-
If the Firewall is removed from the Trellix ENS Client, the Firewall module will be removed from the Status page.
Trusted Network in Firewall Policy
- Defining a trusted network in the firewall policy results in an inbound directional allow rule for that remote network.
Endpoint Security Deployment
- In a Trellix ePolicy Orchestrator - SaaS deployment, the administrator creates and sends an installation URL to users for installation on local systems.
Exploit Prevention Signatures Update
- Exploit Prevention signatures are updated when the Exploit Prevention content file is updated.
Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)
- The main benefit of using TIE and DXL is that they store and pass file reputation to managed endpoints and Trellix products.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge of Trellix ePO administration, including creating exclusions and configuring VPN connectors. Identify the correct fields and settings for a secure system.