Filters
Question type
Study Flashcards

The Global Blacklist feature can be used to block specific traffic from which of the following devices?


A) Corporate Firewall
B) Application Data Monitor (ADM)
C) Event Receiver (ERC)
D) Nitro IPS

Correct Answer

verifed

verified

Malware performing a network enumeration scan will be visible at the McAfee SIEM as


A) data -source events.
B) Application Data Monitor (ADM) events.
C) Database Event Monitor (DEM) events.
D) Enhanced Log manager (ELM) entries.

Correct Answer

verifed

verified

The McAfee Enterprise Log Manager (ELM) offers three levels of compression (Low, Medium, and High) . By default, the ELM compression level is set to Low. Which of the following is the compression ratio for the Medium level?


A) 17:1
B) 20:1
C) 10:1
D) 14:1

Correct Answer

verifed

verified

Analysts can effectively use the McAfee SIEM to identify threats by


A) focusing on aggregated and correlated events data.
B) disabling aggregation, so all data are visible.
C) studying ELM archives, to analyze the original data.
D) use the streaming event viewer to analyze data.

Correct Answer

verifed

verified

To correlate known vulnerabilities to devices that are currently exposed to such vulnerabilities, which of the following must be selected on the Receiver?


A) Auto Download VulnEvents
B) Enable Vulnerability Event Correlation
C) Generate Vulnerability Events
D) Enable VA Source

Correct Answer

verifed

verified

Showing 81 - 85 of 85

Related Exams

Exam 1

Certified McAfee Security Specialist - Epo

188 Questions

Exam 2

Certified McAfee Security Specialist - NSP

54 Questions

Show Answer