Podcast
Questions and Answers
Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?
Which of the following fields can a Trellix ePO administrator use when creating exclusions for Dynamic Application Containment?
- Rule
- MD5 hash (correct)
- File version
- Certificate
For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?
For a user to immediately meet the VPN connector's policy if virus scan definitions are older than seven days, which of the following should the administrator enable?
- "Update now" button (correct)
- Managed custom tasks
- Proxy server
- Default client update task schedule
If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?
If you change the Client Interface Language on the Trellix Endpoint Security client, what will happen to the language used in the ENS log files?
- You can only change the language for the log files by changing the policy on the Trellix ePolicy Orchestrator
- The log files are changed to the language selected for the Client Interface Language only if the language is available in the system locale
- The selected client language does not affect the log files.Log files always appear in the language specified by the default system locale (correct)
- The log files are changed to the language selected for the Client Interface Language setting
A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?
A user navigates to a new unrated website by Trellix ENS Web Control. How will Trellix ENS Web Control handle this request by default?
If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?
If a Trellix TIE server is unavailable, which component can the Adaptive Threat Protection leverage for reputation decisions when connected to the Internet?
Is there a notification bubble displayed in the system notification area?
Is there a notification bubble displayed in the system notification area?
Has the endpoint emitted a notification/alert sound?
Has the endpoint emitted a notification/alert sound?
What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?
What does the blue color indicate within the toolbar when a small blue square is around an "M" in the upper-right corner of the Chrome browser?
What type of migration is recommended for a large network with more than 250 managed systems and complex settings?
What type of migration is recommended for a large network with more than 250 managed systems and complex settings?
In which of the following ways does Dynamic App Containment protect against malware?
In which of the following ways does Dynamic App Containment protect against malware?
Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?
Which Endpoint Security module acts as a filter between an endpoint computer and the network or the Internet?
What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?
What Trellix product is an optional component of an Endpoint Security deployment that stores information about file and certificate reputations and then passes that information to other systems?
Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?
Which policy setting within the Trellix ENS Common Options policy could be used to temporarily allow admin rights to the local client?
When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?
When configuring the Adaptive Threat Protection Options policy, which rule assignment group needs to be selected to accommodate an environment with high-change systems?
In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?
In Web Control, what describes the result if a user enters a restricted site with 'Enable Web Category blocking of restricted content' enforced?
What groups of legacy products can be migrated to Trellix ENS 10.7?
What groups of legacy products can be migrated to Trellix ENS 10.7?
Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?
Which feature of Trellix ENS 10.7 can be used to make users aware of potentially malicious links?
Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?
Where should the Trellix ePO administrator configure FTP traffic for a recently approved application to allow FTP traffic only?
Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?
Which installation tool is used to create a custom package using existing Trellix Endpoint Security settings or customized settings on a client system?
How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?
How can an administrator install all modules silently in Trellix ENS 10.7 within the desktop imaging process?
What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?
What action should be taken if Endpoint Migration Assistant is not visible on the Trellix ePolicy Orchestrator?
What logs should be checked if a user reports a functional issue with the Trellix ENS client?
What logs should be checked if a user reports a functional issue with the Trellix ENS client?
What is the role of a cloud-based Real Protect scanner?
What is the role of a cloud-based Real Protect scanner?
Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?
Which Trellix product facilitates bidirectional communication between Trellix Endpoint Security modules and the Trellix Threat Intelligence Exchange server?
What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?
What will be displayed on the Trellix Endpoint Security Client user interface Status page if the Firewall module is disabled by policy from the ePO?
When defining a trusted network in the firewall policy, what is the result?
When defining a trusted network in the firewall policy, what is the result?
In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?
In which type of Endpoint Security deployment will the administrator create and send an installation URL to users for installation on local systems?
How are Exploit Prevention signatures updated in Trellix Endpoint Security?
How are Exploit Prevention signatures updated in Trellix Endpoint Security?
What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?
What is the main benefit of using Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)?
Study Notes
Trellix ePO Administration
- A Trellix ePO administrator can use Certificate, Rule, MD5 hash, or File version when creating exclusions for Dynamic Application Containment.
- To meet the VPN connector's policy, the administrator should enable the "Update now" button to ensure the user's virus scan definitions are up-to-date.
Client Interface Language
- If the Client Interface Language is changed on the Trellix Endpoint Security client, the log files will not be affected.
Web Control
- By default, when a user navigates to an unrated website, Trellix ENS Web Control will block the site.
- Web Control displays safety ratings and reports for websites during online browsing and web searching.
Threat Intelligence
- Trellix Global Threat Intelligence is a comprehensive, real-time, cloud-based threat intelligence service that enables Trellix products to protect customers against cyber threats across all vectors.
- If a Trellix TIE server is unavailable, Adaptive Threat Protection can leverage Trellix Global Threat Intelligence for reputation decisions.
Endpoint Security
- To prevent applications from executing software locally from the browser or email client, the administrator should implement the rule "Running files from common user folders by common programs".
- If Trellix Host IPS Firewall is installed and enabled, the Endpoint Security Firewall will be disabled even if it is enabled in the Endpoint Security policy settings.
Installation and Logging
- The install log files are stored in
%programdata%\mcafee\datreputation\logsby default. - The administrator can find the backups of detected files in
%deflogfir%\Quarantine.
Firewall Policy
- In Observe Mode, the firewall policy allows communication flows to be monitored and logged without blocking them.
- To dynamically create firewall rules required for the environment, the administrator should use Adaptive Mode.
Exploit Prevention
- To stop malware from exploiting vulnerabilities and executing arbitrary code, the administrator should enable Exploit Prevention.
- To add executables that are monitored with the Exploit Prevention engine, the administrator should add them to the Application Protection rules.
Adaptive Threat Protection
- Adaptive Threat Protection allows a suspicious application to run in a container with restrictions.
- Real Protect scanner sends potentially malicious code to the cloud for analysis.
Web Safety
- Web Control displays a toolbar with a rating icon in the browser.
- The administrator can configure Web Control to block, warn, or allow access to websites based on their rating.
Migration and Policy
-
Automatic Migration is recommended for networks with fewer than 250 managed systems and little customization from the default settings.
-
The Endpoint Migration Assistant tool can migrate dashboards, Host IPS catalog, server tasks, and deployment tasks.### Firewall Module Status
-
If the Firewall is still enabled by the client, there will be no change to the Firewall Module on the Status page.
-
If the Firewall is disabled, the Firewall module will be displayed with the status "Disabled".
-
If the Firewall is removed from the Trellix ENS Client, the Firewall module will be removed from the Status page.
Trusted Network in Firewall Policy
- Defining a trusted network in the firewall policy results in an inbound directional allow rule for that remote network.
Endpoint Security Deployment
- In a Trellix ePolicy Orchestrator - SaaS deployment, the administrator creates and sends an installation URL to users for installation on local systems.
Exploit Prevention Signatures Update
- Exploit Prevention signatures are updated when the Exploit Prevention content file is updated.
Trellix Threat Intelligence Exchange (TIE) and Trellix Data Exchange Layer (DXL)
- The main benefit of using TIE and DXL is that they store and pass file reputation to managed endpoints and Trellix products.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge of Trellix ePO administration, including creating exclusions and configuring VPN connectors. Identify the correct fields and settings for a secure system.
