Create Next App

Exam contains 67 questions

Page 7 of 12

Question 37 🔥

A McAfee Event Receiver (ERC) will allow for how many Correlation Data Sources to be configured?

Which database solution meets these requirements?

A. 1

Highly voted

B. 3

Highly voted

C. 5

Highly voted

D. 10

Highly voted

Discussion of the question

Question 38 🔥

Be default, events in McAfee SIEM are aggregated on which of the following three fields?

Which database solution meets these requirements?

A. Signature ID, Source IP, Source Port

Highly voted

B. Signature ID, Source IP, Destination IP

Highly voted

C. Signature ID, Destination IP, Source User

Highly voted

D. Signature ID, Event ID, Source IP

Highly voted

Discussion of the question

Question 39 🔥

Which of the following is the Primary function of the Event Receiver (ERC) in relation to the Enterprise Security Manager (ESM)?

Which database solution meets these requirements?

A. Collect and parse events before the ESM pulls them form the ERC

Highly voted

B. Collect and parse the events before the receiver forwards them to the ESM

Highly voted

C. Collect and store the events before they are forwarded to the ESM for parsing

Highly voted

D. Collect and parse the events before forwarding them to the ELM

Highly voted

Discussion of the question

Question 40 🔥

Internet perimeter firewall data-sources provide excellent visibility into

Which database solution meets these requirements?

A. backbone Intrusion Prevention System (IPS) detections.

Highly voted

B. server misbehavior.

Highly voted

C. inbound port scans.

Highly voted

D. client patch level.

Highly voted

Discussion of the question

Question 41 🔥

Checkpoint firewalls provide logs to the McAfee SIEM Receiver in which of the following formats?

Which database solution meets these requirements?

A. Syslog

Highly voted

B. Open Platform for Security (OPSEC)

Highly voted

C. McAfee Event Format (MEF)

Highly voted

D. Common Event Format (CEF)

Highly voted

Discussion of the question

Question 42 🔥

When writing custom correlation rules, the analyst should focus on

Which database solution meets these requirements?

A. multiple security controls and events specific to the environment.

Highly voted

B. any one specific high-quality indicator of compromise.

Highly voted

C. malware alerts announced by industry security groups.

Highly voted

D. firewall events, as they provide the first indication of a compromise.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

mcafee MA0_104

Exam contains 67 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us