McAfee MA0-104 Exam Questions

Question 6 of 70

Which of the following security technologies sits inline on the network and prevents attacks based on signatures and behavioral analysis that can be configured as a data source within the SIEM?

Firewall

Email Gateway

Host Intrusion Prevention System

Network Intrusion Prevention System

Correct Answer: D

Question 7 of 70

Analysts can effectively use the McAfee SIEM to identify threats by

focusing on aggregated and correlated events data.

disabling aggregation, so all data are visible.

studying ELM archives, to analyze the original data.

use the streaming event viewer to analyze data.

Correct Answer: A

Question 8 of 70

If there is no firewall at the border of the network, which of the following could be used to simulate the protection a firewall provides?

Load balancer

Router Access Control List (ACL)

Switch port blocking

An email gateway

Correct Answer: B

Question 9 of 70

When viewing the Policy Tree, what four columns are displayed within the Rules Display pane?

Action, Severity, Aggregation, Copy Packet

Action, Severity, Normalization, Copy Packet

Action, Severity, Aggregation, Drop Packet

Enable, Severity, Aggregation, Copy Packet

Correct Answer: A

Question 10 of 70

An organization notices an increasing number of ESM concurrent connection events. To mitigate risks related to concurrent sessions which action should the organization take?

Increase the concurrent session alarm threshold

Decrease the console timeout value

Increase the number of the concurrent sessions allowed

Customize the login page with the organization’s logo

Correct Answer: B