mcafee ma0-104 practice test

Which of the following are the three default users defined within the Users and Groups option in the
ESM properties?

• A. NGCP, POLICY, REPORT
• B. NGCP, BACKUP, REPORT
• C. ADMIN, POLICY, REPORT
• D. NGCP, SYSTEM, REPORT

When displaying baseline averages using the automatic time range option, baseline data is
correlated by using the same time period that is being used for the current query for which of the
following past number of intervals?

• A. Three
• B. Seven
• C. Five
• D. Ten

When the automated system backup is configured to include events, flows and log data, the first
backup will capture all events, flows and logs

• A. in the ESM database.
• B. in the ESM database older than what is currently held in the Receivers.
• C. inserted in the ESM database on the most recent Receiver poll.
• D. in the ESM database from the current day.

Event Aggregation is performed on which of the following fields?

• A. Signature ID, Destination IP, User ID
• B. Source IP, Destination IP, User ID
• C. Signature ID, Source IP, Destination IP
• D. Signature ID, Source IP, User ID

Alarms using field match as the condition type allow for selected Actions to be taken when the Alarm
condition is met. Which of the following McAfee ePolicy Orchestrator (ePO) Actions can be selected
when creating such Alarm?

• A. Send Events
• B. Collect and Send Properties
• C. Agent Uninstall
• D. Assign Tag with ePO

A SIEM can be effectively used to identify active threats from internal systems by
monitoring/correlating events that occur

• A. when no one is logged in; for example, after hours or on weekends.
• B. across an unusual range of ports or destinations; for example, all high ports.
• C. irregularly, for example, only on Fridays, or only at end-of-quarter
• D. in accordance with expected systems use.

While investigating beaconing Malware, an analyst can narrow the search quickly by using which of
the following watchlists in the McAfee SIEM?

• A. MTIE Suspicious and Malicious
• B. TSI Suspicious and Malicious
• C. GTI Suspicious and Malicious
• D. MTI Suspicious and Malicious

A backup of the ELM management database captures

• A. ELM configuration settings
• B. ELM configuration settings, and the ELM archive index
• C. ELM configuration settings, the ELM archive index, and all archived ELM contents.
• D. ELM configuration settings, the ELM archive index, and all archived ELM contents up to the ESM database retention limit.

Which of the following is the name of the Dashboard View that shows correlated events for the
selected Data Source?

• A. Default Summary
• B. Normalized Dashboard
• C. Incidents Dashboard
• D. Triggered Alarms

The McAfee SIEM solution satisfies which of the following compliance requirements?

• A. Continuous monitoring, Log retention
• B. Personally Identifiable Information (Pll) protection
• C. Payment Card Industry/ Data Security Standard {PCI/ DSS) protection
• D. Patch management automation