Trellix Certified Specialist (ENS) - Dumps.pdf

Full Transcript

Which of the following fields can a Trellix ePO administrator
use when creating exclusions for Dynamic Application
Containment?

a) Certificate
b) Rule
c) MD5 hash
d) File version
The network operations team has configured the company’s
VPN connector to deny connectivity if virus scan definitions
are older than seven days. For a user to immediately meet
the VPN connector’s policy, which of the following should the
administrator enable?

a) Proxy server
b) Default client update task schedule
c) “Update now” button
d) Managed custom tasks
If you change the Client Interface Language on the Trellix
Endpoint Security client, what will happen to language used
in the ENS log files?

a) The log files are changed to the language selected for the
Client Interface Language setting
b) The selected client language does not affect the log files.
Log files always appear in the language specified by the
default system locale
c) You can only change the language for the log files by
changing the policy on the Trellix ePolicy Orchestrator
d) The log files are changed to the language selected for the
Client Interface Language only if the language is available
in the system locale
A user navigates to a new website that has not been rated by
Trellix ENS Web Control yet. In which of the following ways
will Trellix ENS Web Control handle this request by default?

a) Block
b) Allow
c) Delete
d) Warn
If a Trellix TIE server is unavailable and the system is
connected to the Internet, which of the following
components can the Adaptive Threat Protection leverage for
reputation decisions?

a) Trellix Global Threat Intelligence
b) Trellix Data Exchange Layer
c) Trellix Intelligent Sandbox
d) Event Security Manager
A security professional is configuring ENS for a client and
wants to ensure applications will be prevented from
executing software locally from the browser or email client.
Which of the following Trellix-defined rules should be
implemented?

a) Running files from common user folders by common
programs
b) Creating new executable files in the Windows folder
c) Installing browser helper objects or shell extensions
d) Registering programs to autorun
A Trellix ePO administrator is experiencing issues installing a
Trellix ENS module on a client machine and decides to
investigate by analyzing the install log. In which of the
following locations will the administrator find the install log,
assuming it is in its default location on the endpoint?

a) **\program files\mcafee\
b) %programdata%\mcafee\datreputation\logs
c) %programdata%\mcafee\Agent\logs
d) %temp%\mcafeelogs
In which of the following locations are the installation log files
stored by default on a Windows machine?

a) %USERDATA%\McAfeeLogFiles
b) %PROGRAMDATA%\McAfee\Logs
c) %PROGRAMFILES%\Common Files\McAfeeLogs
d) %TEMP%\McAfeeLogs
Which Endpoint Security module displays safety ratings and
reports for websites during online browsing and web
searching?

a) Threat Prevention
b) Adaptive Threat Protection
c) Web Control
d) Firewall
What Trellix product is a comprehensive, real-time, cloud-
based threat intelligence service that enables Trellix products
to protect customers against cyber threats across all vectors?

a) Trellix Threat Intelligence Exchange
b) Trellix Global Threat Intelligence
c) Trellix Data Exchange Layer
d) Trellix Host Intrusion Prevention
How many specific languages can be selected for the Client
Interface Language if we exclude "Automatic"?

a) 12
b) 14
c) 15
d) 20
What type of migration is recommended for network with
fewer than 250 managed systems with little customization
from the default settings?

a) Automatic Migration
b) Manual Migration
c) Policy Migration
d) Hybrid Migration
When viewing an item in the Quarantine on the Trellix
Endpoint Security client, what happens when you click the
"Learn more about this threat link"?

a) The Trellix Labs information about this threat is displayed
in a pop-up window that open on the system desktop
b) An email message containing Trellix Labs information
about this threat is sent to the configured address
c) A browser window opens with the Trellix Labs
information about this threat
d) Details about the threat are displayed in the lower panel
of the Quarantine Manager window
What will happen if Trellix Endpoint Security is installed on a
system where the Trellix Host Intrusion Prevention is
installed, and the HIPS Firewall is not migrated to the ENS
Firewall?

a) Trellix Host IPS Firewall is automatically disabled when
Trellix Endpoint Security Firewall is installed
b) Trellix Host IPS Firewall is automatically uninstalled when
Endpoint Security Firewall is installed
c) If Trellix Host IPS Firewall is installed and enabled, the
Endpoint Security Firewall will be enabled by default and
run side-by-side with the HIPS Firewall
d) If Trellix Host IPS Firewall is installed and enabled, the
Trellix Endpoint Security Firewall will be disabled even if it
is enabled in the Endpoint Security policy settings
Which of the following items are sent to the cloud when Real
Protect scanning is enabled on endpoints that are connected
to the Internet?

a) File reputation
b) Running process
c) Behavioral information
d) Telemetry information
When configuring the Threat Prevention module on the
Trellix Endpoint Security client, what feature can be enabled
to stop malware exploiting vulnerabilities and executing
arbitrary code?

a) Access Protection
b) On-Demand Scan
c) Exploit Prevention
d) On-Access Scan
A company’s security posture requires the Trellix ENS firewall
to be enabled; however, the team is unsure of
communication flows in the environment. In which of the
following modes should the ePO administrator deploy the
firewall policy to achieve flow awareness?

a) Adaptive Mode
b) Observe Mode
c) Interface Mode
d) Enforce Mode
A Trellix ENS administrator wants to dynamically create
firewall rules required for the environment. In Enable Firewall
Policies/Options, which of the following should be utilized?

a) Log all blocked traffic
b) Retain existing user added rules
c) Log all allowed traffic
d) Adaptive mode
For which of the following reasons does Trellix ENS 10 store
two previous versions of AMCore content?

a) To allow for choice of which content to scan a file against
b) To allow for comparison of detections between content
versions
c) To allow for content rollback if it is needed
d) To allow for backup when an Extra.DAT is deployed
After enabling a timed group in the firewall policy, in which of
the following ways does the user enable the group?

a) Moving the mouse to the upper-right corner of the
screen
b) From the Trellix system tray icon
c) Running MFEtime.exe from the start menu
d) Inside the Trellix ENS console
A user is unable to access a website. The Web Control
browser toolbar appears gray. Other websites are accessible.
Which of the following features of Trellix ENS Web Control
has been enabled and is causing the issue?

a) Block phishing pages for all sites
b) Block sites that are not verified by Trellix GTI
c) Block sites by default if the Trellix GTI ratings server is not
reachable
d) Block links to risky sites in the search results
Which of the following components can the Endpoint
Migration Assistant tool migrate?

a) Dashboards
b) Host IPS catalog
c) Server tasks
d) Deployment tasks
If the Trellix ePO server’s access to the Internet is allowed,
which of the following options would the administrator use
to check in the Trellix ENS Migration Assistant extension?

a) Master Repository
b) Server Client Package Install
c) Software Manager
d) Workstation Client Package Install
An administrator wants to add executables that are
monitored with the Exploit Prevention engine. To which of
the following policy sections should the executables be
added?

a) Signatures
b) Exclusions
c) Generic Privilege Escalation Prevention
d) Application Protection rules
Organizational security policy requires a host-based firewall
on endpoints. Some endpoints have applications where
documentation depicting network traffic flows is not readily
available. Which of the following Trellix ENS 10.7 firewall
features should be used to develop rules for their firewall
policy?

a) Trusted Networks
b) Adaptive Mode
c) Trusted Executables
d) Location-aware Groups
What Adaptive Threat Protection feature allow a suspicious
application to run in a container with restrictions?

a) Real Protect scanner
b) Quarantine Manager
c) Exploit Prevention
d) Dynamic Application Contaminant
Joe, an administrator, runs a policy-based, on-demand scan
on a system and notices that after the scan, a threat event
was created for what appears to be a false positive. Joe wants
to submit the file for analysis to Trellix Labs; but every time
he accesses the file, it is detected. In which of the following
default locations can Joe find the backups of the detected
files?

a) %deflogfir%\Quarantine
b) C:\Quarantine
c) C:\Windows\Temp\Quarantine
d) %ProgramData%\McAfee\Common
Framework\AgentEvents
A user goes to four different websites, each with a different
rating. One of the four sites is blocked and unable to be
accessed. Using default configuration to determine the rating,
which of the following ratings does this site have?

a) Green
b) Yellow
c) Red
d) Gray
A Trellix ENS administrator wants the end user to be able to
view the web safety information. In addition to enabling Web
Control, which of the following describes the requirements
for this?

a) The Web Control Plug-in must be enabled in the browser
and the client browser toolbar must be enabled
b) Content Action settings must be configured to specify the
action to apply according to the site rating
c) The Web Control Plug-in site report must be enabled on
the browser toolbar
d) The Web Control Plug-in must be enabled in the browser
and “Warn” must be selected in Action Enforcement
When creating an exploit prevention process exclusion, at
least one identifier must be specified. Which of the following
is an identifier?

a) DEP
b) MD5 hash
c) API
d) Caller module
When performing a manual uninstallation of Trellix Endpoint
Security on a self-managed system with Adaptive Threat
Protection installed, which Trellix product software must be
first?

a) Trellix Endpoint Security Web Control
b) Trellix Endpoint Security Threat Prevention
c) Trellix Endpoint Security Firewall
d) Trellix Endpoint Security Adaptive Threat Protection
A new Trellix ENS policy has been created and deployed and a
user contacts the help desk stating that a site is no longer
accessible. Which of the following Trellix ENS Web Control
policy categories are responsible?

a) Options
b) Content Actions
c) Browser Control
d) Enforcement Messaging
If you are performing an Automatic Migration with Trellix
VirusScan Enterprise policies, which type of policy must be
selected first?

a) Workstation and Server policies can be migrated at the
same time
b) Workstation policies must be migrated first
c) Select Workstation or Server; migrate one type now and
then the other type later
d) Server policies must be migrated first
What type of scan can be configured to run whenever files,
folders, or programs are accessed?

a) On-Demand scan
b) Real Protect scan
c) Right-click scan
d) On-Access scan
The Trellix ePO administrator sees that the Trellix ENS firewall
has been disabled on an endpoint in ePO. The end user states
that no changes were made to the Trellix products on the
endpoint in question. Which of the following questions
should the administrator ask the end user about the Trellix
icon to validate that the Trellix ENS firewall might be
disabled?

a) Is the icon flashing/blinking?
b) Is the icon a color gray with a red/white exclamation
mark?
c) Is there a notification bubble displayed in the system
notification area?
d) Has the endpoint emitted a notification/alert sound (e.g.,
an error sound)?
A user navigates to a website and notices a small blue square
around an “M” in the upper-right corner of the Chrome
browser. Which of the following does the blue color indicate
within the toolbar?

a) No rating is available
b) Web Control is disabled
c) It is an internal website
d) It is a phishing website
Which of the following describes the difference in
functionality between Real Protect cloud-based and Real
Protect client-based?

a) The location where the centralized management server
and policies are managed
b) The location where malware is quarantined on the
managed system
c) The location from which AMCore content updates are
pulled before on-demand scans
d) The location where the scanning is conducted on file
attributes and behavior
What type of migration is recommended for a large network
with more than 250 managed systems and complex settings?

a) Automatic Migration
b) Manual Migration
c) Policy Migration
d) Hybrid Migration
In which of the following ways does Dynamic App
Containment protect against malware?

a) It checks for spyware, unwanted programs, and viruses
based on known patterns
b) It monitors communication between the computer and
the network
c) It limits the actions unknown applications can take on the
system
d) It detects malicious files and activities using machine-
learning techniques
Which Endpoint Security module acts as a filter between an
endpoint computer and the network or the Internet?

a) Adaptive Threat Protection
b) Threat Prevention
c) Web Control
d) Firewall
What Trellix product is an optional component of an Endpoint
Security deployment that stores information about file and
certificate reputations and then passes that information to
other systems?

a) Trellix Data Exchange Layer
b) Trellix Host Intrusion Prevention
c) Trellix Threat Intelligence Exchange
d) Trellix Global Threat Intelligence
A help desk technician needs to gain admin rights to the
Trellix ENS local client interface for troubleshooting. Which of
the following is a policy setting within the Trellix ENS
Common Options policy that could be used to temporarily
allow admin rights to the local client?

a) Standard Access
b) Time-based Password
c) One-time Password
d) Unlock Client Interface Password
When configuring the Adaptive Threat Protection Options
policy, which of the following is a rule assignment group that
needs to be selected to accommodate an environment
consisting of high-change systems with frequent installations
and updates of trusted software?

a) Productivity
b) Balanced
c) Adaptive
d) Security
An ePO administrator wants to enable script scanning in the
environment; however, the administrator wants to exclude
several custom scripts from being scanned. Which of the
following is the BEST practice for script scan exclusions?

a) Ensure wildcard characters are fully supported
b) Keep the URL short
c) Use fully qualified domain names and NetBIOS names
d) Include port numbers if they are part of the address
In Web Control, “Enable Web Category blocking of restricted
content” is enforced. Which of the following describes the
result if a user enters a restricted site?

a) The pop-up color is red, and access is denied
b) The color is orange and access is denied
c) The color is gray, and access is denied
d) The pop-up color is blue and access denied
Which of the following groups of legacy products can be
migrated to Trellix ENS 10.7?

a) Trellix Host Intrusion Prevention (HIPS), SiteAdvisor
Enterprise (SAE), and Trellix Data Loss Prevention (DLP)
b) Trellix VirusScan Enterprise (VSE), Trellix Host Intrusion
Prevention (HIPS), and SiteAdvisor Enterprise (SAE)
c) Trellix Host Intrusion Prevention (HIPS), SiteAdvisor
Enterprise (SAE), and Trellix Application Control
d) Trellix VirusScan Enterprise (VSE), Trellix Host Intrusion
Prevention (HIPS), and Trellix Data Loss Prevention (DLP)
Organizational security policy has recently mandated users be
made aware of potentially malicious links. Which of the
following features of Trellix ENS 10.7 can be used to
accomplish this task?

a) Rating Actions
b) Event Logging
c) Browser Control
d) Sensitivity Level
While tuning the firewall policy, the Trellix ePO administrator
notices unauthorized traffic is being initiated by a file transfer
utility application. If this is a recently approved application, in
which of the following locations should this be configured to
allow FTP traffic only with this application?

a) Add a new rule within the Access Protection policy to
block port 21 and exclude the executable for the software
b) Exclude the process associated with the software within
the On Access Scan policy’s Low-Risk Processes section
c) Put a new rule in the Exploit Prevention policy to include
the executable for the software for additional protection
d) Create an allow rule within the Rules policy for
inbound/outbound on port 21 and the executable for the
software
Which installation tool is an optional standalone software
application that you can use to create a custom package using
existing Trellix Endpoint Security settings or customized
settings on a client system?

a) Trellix GetSusp tool
b) ESConfigTool
c) Endpoint Security Package Designer
d) Trellix GetClean
The organization’s desktop engineering team wants to
include Trellix ENS 10.7 within their desktop imaging process.
They would like to install all modules silently. Which of the
following is the correct command-line syntax to accomplish
this task?

a) setupEP.exe ADDLOCAL="tp,fw,wc,atp"
b) setupEP.exe ADDLOCAL=”fwr,tp,wc” /qb!
c) setupEP.exe LOCAL=”fw,tp,wc” /qn
d) setupEP.exe ADD=”all” /qn
What action must be taken if Endpoint Migration Assistant is
not visible on the Trellix ePolicy Orchestrator?

a) Reinstall the Trellix Endpoint Security extensions on the
ePO server
b) Upgrade the Trellix ePO software to version 5.9 or higher
c) Upgrade the Trellix Endpoint Security software on the
ePO server to version 10.7
d) Install the Endpoint Migration Assistant extensions on the
ePO server
A user is reporting a functional issue with the Trellix ENS
client. Which of the following logs should be checked?

a) OnDemandScan_Debug.log
b) ExploitPrevention_Debug.log
c) AdaptiveThreatProtection_Debug.log
d) EndpointSecurityPlatform_Errors.log
In which type of Endpoint Security deployment will the
administrator install product components on the
management server, configure feature settings and then
deploy the client software to multiple managed systems using
deployment client tasks?

a) Self-managed System deployment
b) Trellix ePolicy Orchestrator - SaaS deployment
c) Endpoint Migration Assistant deployment
d) Trellix ePolicy Orchestrator On-premises deployment
Which of the following describes the role of a cloud based
Real Protect scanner?

a) It sends potentially malicious code to the cloud for
analysis
b) It sends personally identifiable information to the cloud
for analysis
c) It sends behavior information to the cloud for analysis
d) It sends environmental variables to the cloud for analysis
What Trellix product consists of clients and brokers that
enable bidirectional communication between Trellix Endpoint
Security modules and the Trellix Threat Intelligence Exchange
server?

a) Trellix Host Intrusion Prevention
b) Trellix Threat Intelligence Exchange
c) Trellix Data Exchange Layer
d) Trellix Global Threat Intelligence
What will be displayed on the Trellix Endpoint Security Client
user interface Status page if the Trellix ENS Firewall module is
disabled by policy from the ePO?

a) There will be no change to the Firewall Module on the
Status page because Firewall is still enabled by the client
b) The Firewall module will be displayed with the status
Disabled
c) The Firewall module will be removed from the Trellix ENS
Client
d) There will be no change to the Firewall module on the
Status page but the Firewall Settings page will not be
available
A Trellix ePO administrator decides to define a trusted
network in the firewall policy. This will result in:

a) A bidirectional allow rule for that remote network
b) A bidirectional deny rule for that remote network
c) An outbound directional allow rule for that remote
network
d) An inbound directional allow rule for that remote
network
In which type of Endpoint Security deployment will the
administrator create and send an installation URL to users for
installation on local systems?

a) Trellix ePolicy Orchestrator On-premises deployment
b) Self-managed System deployment
c) Endpoint Migration Assistant deployment
d) Trellix ePolicy Orchestrator - SaaS deployment
How are Exploit Prevention signatures updated in Trellix
Endpoint Security?

a) Signatures are updated when the Adaptive Threat
Protection content file is updated
b) Signatures are updated when the Threat Prevention
content file is updated
c) Signatures are updated when the Exploit Prevention
content file is updated
d) Signatures are updated when the AMCore content file is
updated
Which of the following is the MAIN benefit of using Trellix
Threat Intelligence Exchange (TIE) and Trellix Data Exchange
Layer (DXL)?

a) They conduct scanning of files on managed systems for
threats
b) They enable centralized management of adaptive-threat-
protection policies
c) They distribute signature-based content to managed
systems
d) They store and pass file reputation to managed endpoints
and Trellix products