MA0-104 McAfee Security Information and Event Management (SIEM) Exam Dumps

MA0-104 McAfee Security Information and Event Management (SIEM) exam is one of McAfee Certified Product Specialist certification exams. It validates knowledge and experience in working with McAfee security information and event management products and helps you prove yourself in your career. MA0-104 exam dumps contains real exam questions and answers, which guarantees you pass MA0-104 McAfee Product Specialist—SIEM exam successfully.

Check MA0-104 McAfee Product Specialist—SIEM Free Dumps

1. The security Analyst notices that there has been a large spike for Secure Shell <SSH) drops in the Network Intrusion Prevention System (NIPS). What other perimeter device will add more insight into what is happening?

2. By default, the McAfee Enterprise Security Manager (ESM) communicates with the McAfee Event Receiver (ERC) and McAfee Enterprise Log Manager (ELM) over port

3. Malware performing a network enumeration scan will be visible at the McAfee SIEM as

4. The possibility of both data source Network Interface Cards (NICs) using the shared IP and MAC address at the same time is eliminated by using which of the following?

5. To correlate known vulnerabilities to devices that are currently exposed to such vulnerabilities, which of the following must be selected on the Receiver?

6. A security administrator is configuring the Enterprise Security Manager (ESM) to comply with corporate security policy and wishes to restrict access to the ESM to certain users and machines Which of the following actions would accomplish this?

7. With regard to Data Source configuration and event collection what does the acronym CEF stand for?

8. The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer

9. Which of the following features of the Enterprise Log Manager (ELM) can alert the user if any data has been modified?

10. A SIEM allows an organization the ability to correlate seemingly disparate streams of traffic into a central console for analysis. This correlation, in many cases, can point out activities that might otherwise go undetected This type of detection is also known as

11. If the SIEM Administrator deploys the Enterprise Security Manager (ESM) using the Federal Information Processing Standards (FIPS) encryption mode, which of the following types of user authentication will NOT be compliant with FIPS?

12. Which of the following two appliances contain Event databases?

13. Reports can be created by selecting the ESM System Properties window, the Reports Icon in the top right of the ESM screen or by which of the following other method selecting the ESM System Properties window, the Reports Icon in the top right of the ESM screen or by which of the following other methods within Alarm Creation?

14. The Global Blacklist feature can be used to block specific traffic from which of the following devices?

15. The ESM supports five Authentication methods. The default login option uses the standard Username and Password format. Which of the following are the other four methods available?

16. If the maximum size for the Policy Change History log is reached, which of the following happens to new entries?

17. In the context of McAfee SIEM, the local protected network address space is a variable referred to as.

18. Which of the following ports is the correct choice for use when configuring the database properties of a McAfee Network Security Platform (NSP) Device Data Source?

19. Which of the following is the minimum number of CPUs required to build a virtual image Enterprise Security Manager (ESM)?

20. Which options within the Receiver properties should be selected to configure the device to respond to ICMP echo requests?


 

McAfee Product Specialist—NSP MA0-101 Exam Questions

Add a Comment

Your email address will not be published. Required fields are marked *