McAfee MA0-104 - Intel Security Certified Product Specialist
Which of the following ports is the correct choice for use when configuring the database properties of a McAfee Network Security Platform (NSP) Device Data Source?
The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer
The possibility of both data source Network Interface Cards (NICs) using the shared IP and MAC address at the same time is eliminated by using which of the following?
By default, the McAfee Enterprise Security Manager (ESM) communicates with the McAfee Event Receiver (ERC) and McAfee Enterprise Log Manager (ELM) over port
Which of the following statements about Client Data Sources is TRUE?
When writing custom correlation rules, the analyst should focus on
Malware performing a network enumeration scan will be visible at the McAfee SIEM as
How often does the configuration and policy data from the primary Enterprise Security Manager (ESM) get synchronized with the redundant ESM?
If the SIEM Administrator deploys the Enterprise Security Manager (ESM) using the Federal Information Processing Standards (FIPS) encryption mode, which of the following types of user authentication will NOT be compliant with FIPS?
The analyst has created a correlation rule to correlate events from Anti-Virus (AV>, Network Intrusion Prevention (NIPS) and the firewall. While reviewing just firewall events, the analyst notices a large spike in outbound Command and Control traffic, however, the correlation rule is not triggering The analyst then looks at the Network IPS and the Anti-Virus views and notices there are no alerts for this traffic. Which of the following features of NIPS and AV are most likely turned off?
 
