Endpoint Security Essentials v1.0

Page:    1 / 3   
Exam contains 41 questions
Expand All

DRAG DROP -
On which Security dashboard can you find this information?



Answer :

When ThreatSync is enabled for an endpoint account in WatchGuard Cloud, all managed endpoints automatically send data to ThreatSync for correlation.

  • A. True
  • B. False


Answer : B

With Vulnerability Assessment, you can: (Choose two.)

  • A. Deploy patches
  • B. Identify endpoints with active malware infections
  • C. Identify end-of-life programs installed on your endpoints
  • D. Identify endpoints that are missing patches
  • E. Identify endpoints that do not have antivirus protection


Answer : CD

You receive an alert for a new malware detection and look at the Security dashboard to investigate Based on this image what is true about this detection? (Choose two.)

  • A. The detected threat did not make external connections.
  • B. Admin was the logged-m user when the threat was detected.
  • C. The detected threat accessed data on the computer.
  • D. The file path for the detected threat is W32/Exploit.gen.
  • E. WIN-DESKTOP-10 is the computer where the threat was detected.


Answer : AB

Which endpoint detections generate an incident in ThreatSync? (Choose two.)

  • A. Indicators of Compromise (IOC)
  • B. Indicators of Attack (IOA)
  • C. Risks
  • D. Malware
  • E. Web Access Control


Answer : AB

By default, Endpoint Security automatically scans all managed endpoints every 8 hours.

  • A. True
  • B. False


Answer : B

You have received an alert for detected malware on one of your endpoints. You review the Security dashboard in WatchGuard Cloud and discover the following information. Based on the image what is true about this detection? (Choose two.)

  • A. WIN-SERVER-10 is the computer where the threat was detected.
  • B. The detected threat made external connections.
  • C. The detected threat is Trj/RnkBend.A.
  • D. The detected threat ran on this computer
  • E. Admin was the logged-in user when the threat was detected.


Answer : CD

You receive an alert for a detected exploit on one of your endpoints You review the Security dashboard in WatchGuard Cloud and discover the following information. Based on the image what is true about this detection'? (Choose two.)

  • A. The Anti-Exploit protection was configured in Block mode on this endpoint.
  • B. WIN-SERVER-1 is the computer where the exploit was detected.
  • C. The detected exploit ran on the computer.
  • D. The compromised program is psSuspiciousCommand.
  • E. Admin was the logged-in user when the exploit was detected.


Answer : BC

DRAG DROP -
Match these features in WatchGuard Endpoint Security with the functions they perform.



Answer :

When you add an authorized software rule, what is the expected behavior?

  • A. The programs you add are always allowed regardless of content.
  • B. The programs you add are allowed to run and other programs are removed.
  • C. The programs you add are locked until they are authorized by a user account.
  • D. The programs you add receive automatic updates through Patch Management.
  • E. The programs you add are not blocked while they are being classified.


Answer : E

DRAG DROP -
Match the three WatchGuard EPDR Advanced Protection operating modes for Windows with their function.



Answer :

From WatchGuard EPDR, you can view the file system of a managed endpoint and restore a deleted file from a shadow copy.

  • A. True
  • B. False


Answer : B

A level 5 risk is detected on one of your endpoints Based on the automation policies shown below, what actions could ThreatSync take? (Choose two.)

  • A. Archive
  • B. Kill Malicious Process
  • C. Isolate Device
  • D. Block Threat Origin IP
  • E. Delete File


Answer : BE

What action is taken when an Indicator of Attack (IOA) is generated because a high number of failed logins are detected through an RDP connection?

  • A. RDP Attack Containment Mode is enabled for the endpoint.
  • B. The affected endpoint is isolated.
  • C. The affected endpoint is automatically shut down
  • D. The source IP address of the RDP connections is added to the IOA deny list.
  • E. The affected user account is locked.


Answer : A

After WatchGuard EPDR classifies a process as a threat, the administrator can allow the process or event to run.

  • A. True
  • B. False


Answer : A

Page:    1 / 3   
Exam contains 41 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy