PSE-ENDPOINT Online Practice Questions and Answers

To ensure that the Traps VDI tool can obtain verdicts for all unknown files what are the things that needs to be checked? Assuming ESM Console and ESM Server are on different servers. (Choose two.)

A. ESM Server can access WildFire Server

B. Endpoint can access WildFire Server

C. ESM Console can access WildFire Server

D. Endpoint can access ESM Server

The administrator has added the following whitelist to the WildFire Executable Files policy.

*\mysoftware.exe

What will be the result of this whitelist?

A. users will not be able to run mysoftware.exe.

B. mysoftware.exe will be uploaded to WildFire for analysis

C. mysoftware.exe will not be analyzed by WildFire regardless of the file location.

D. mysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

A. USB port version of the victim host

B. Speed and make of the victim's RAM

C. software version of the target application

D. platform, architecture, and patch level of the victim host

An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment. Which two troubleshooting actions are relevant to this investigation? (Choose two.)

A. Check that the servers xml file has been cleared on the migrated endpoints.

B. Check that the ClientInfoHash tag has been cleared on the migrated endpoints.

C. Check that the actions xml file has not been cleared on the migrated endpoints.

D. Check that the WildFire cache has been cleared on the migrated endpoints.

Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)

A. Conditions

B. Processes

C. ESM Server

D. Target Objects

E. Features

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.

D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

A company is using a Web Gateway/Proxy for all outbound connections. The company has deployed Traps within the domain and in testing, discovered that the ESM Servers are unable to communicate with WildFire. All other Traps features are working.

What is the most likely cause of the issue?

A. The administrator needs to configure WildFire proxy settings in each Agent Console.

B. The administrator needs to configure WildFire proxy settings in the ESM Console and in each Agent Console.

C. The Administrator needs to purchase the additional site license required for WildFire.

D. The Administrator needs to configure WildFire proxy settings in the ESM Console.

Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?

A. msiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1

B. msiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1

C. msiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1

D. msiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1

Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

A. File Recovery

B. Server Authentication

C. Client Authentication

D. Key Recovery

An administrator has decided to test Traps functionality using malware samples in an isolated nonproduction environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

A. A sample with a low number of hits in Virus Total.

B. An MS Office document which contains a ransomware macro.

C. A sample known to be flagged as grayware by Traps.

D. A freeware video application which spawns malicious processes.

E. A sample known to generate false positives in the production environment.