MA0-104 試験問題を無料オンラインアクセス

The McAfee SIEM baselines daily events over

• A.nine days
• B.seven days
• C.five days
• D.three days

Event Aggregation is performed on which of the following fields?

• A.Signature ID, Source IP, User ID
• B.Signature ID, Destination IP, User ID
• C.Signature ID, Source IP, Destination IP
• D.Source IP, Destination IP, User ID

While investigating beaconing Malware, an analyst can narrow the search quickly by using which of the
following watchlists in the McAfee SIEM?

• A.GTI Suspicious and Malicious
• B.MTI Suspicious and Malicious
• C.TSI Suspicious and Malicious
• D.MTIE Suspicious and Malicious

The analyst has created a correlation rule to correlate events from Anti-Virus (AV>, Network Intrusion
Prevention (NIPS) and the firewall. While reviewing just firewall events, the analyst notices a large spike
in outbound Command and Control traffic, however, the correlation rule is not triggering The analyst then
looks at the Network IPS and the Anti-Virus views and notices there are no alerts for this traffic. Which of
the following features of NIPS and AV are most likely turned off?

• A.Automatic DAT updates
• B.Alerting
• C.Advanced Persistent Threats (APT)
• D.Heuristics

The McAfee Enterprise Log Manager (ELM) offers three levels of compression (Low, Medium, and High).
By default, the ELM compression level is set to Low. Which of the following is the compression ratio for
the Medium level?

• A.14:1
• B.20:1
• C.10:1
• D.17:1