MA0-104 試験問題を無料オンラインアクセス

The security Analyst notices that there has been a large spike for Secure Shell <SSH) drops in the
Network Intrusion Prevention System (NIPS). What other perimeter device will add more insight into what
is happening?

• A.McAfee ePolicy Orchestrator (ePO)
• B.The external switch
• C.The core switch
• D.The firewall

The fundamental purpose of the Receiver Correlation Subsystem (RCS) is

• A.to classify or categorize data from the Receiver into related types and sub-types.
• B.to analyze data from the ESM and detect matching patterns.
• C.to organize, retrieve and archive data from the Receiver into the SIEM database.
• D.to collect and consolidate identical data from the ESM into a single summary event.

Which of the following are the three compression ratios available for raw logs being handled by the ELM?

• A.10:1,14:1.19:1
• B.14:1,18:1,20:1
• C.14:1,17:1.21:1
• D.14:1,17:1,20:1

What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances from
unauthorized communications?

• A.Access Control List (ACL)
• B.lP tables
• C.Linux Firewall
• D.McAfee Host Intrusion Prevention System (HIPS]

A SIEM allows an organization the ability to correlate seemingly disparate streams of traffic into a central
console for analysis. This correlation, in many cases, can point out activities that might otherwise go
undetected This type of detection is also known as

• A.anomaly based detection
• B.heuristic based detection.
• C.signature based detection
• D.behavioral based detection.