Intel Security Certified Product Specialist-SIEM (MA0-104) Free Practice Test

Question 1

When the automated system backup is configured to include events, flows and log data, the first backup
will capture all events, flows and logs

A. in the ESM database older than what is currently held in the Receivers.

B. in the ESM database from the current day.

C. inserted in the ESM database on the most recent Receiver poll.

D. in the ESM database.

Correct Answer: B

Question 2

The normalization value assigned to each data-source event allows

A. the McAfee ESM database to retain fewer events overall.

B. quicker ELM searches

C. more efficient parsing of each event by the McAfee SIEM Receiver.

D. increased usability via views based on category rather than signature ID

Correct Answer: D

Question 3

A security administrator is configuring the Enterprise Security Manager (ESM) to comply with corporate
security policy and wishes to restrict access to the ESM to certain users and machines
Which of the following actions would accomplish this?

A. Setup local accounts based on IP Zones

B. Define user groups and set permissions based on IP

C. Configure the Access Control List and setup user accounts

D. Assign AD users to computer assignment groups

Correct Answer: C

Question 4

Event Aggregation is performed on which of the following fields?

A. Signature ID, Source IP, Destination IP

B. Source IP, Destination IP, User ID

C. Signature ID, Source IP, User ID

D. Signature ID, Destination IP, User ID

Correct Answer: A

Question 5

The McAfee Advanced Correlation Engine (ACE) ca n t >e deployed in one of two modes which are.?

A. Prevention and Detection.

B. Historical and Real-Time.

C. Stateful and Stateless.

D. Threshold and Anomaly.

Correct Answer: B

Question 6

When preparing to apply a patch to the Enterprise Security Manager (ESM) and completing the ESM
checklist, the command cat/proc7mdstat has been issued to determine RAID functionally The system
returns an active drive result identified as [U J What action should be taken?

A. Apply the patch, this is a properly functional RAID which can be upgraded.

B. Apply the patch, drive 2 is active and can be upgraded.

C. Apply the patch, drive 1 is active and can be upgraded.

D. Contact support before proceeding with the upgrade.

Correct Answer: D

Question 7

When displaying baseline averages using the automatic time range option, baseline data is correlated by
using the same time period that is being used for the current query for which of the following past number
of intervals?

A. Ten

B. Seven

C. Three

D. Five

Correct Answer: D

Welcome to TestSimulate

McAfee Intel Security Certified Product Specialist-SIEM (MA0-104) Free Practice Test