DLP 9.4 - MA0-103 Flashcards
Name the 5 tabs of the Classification page. C MC RD WT D
Classification Manual Classification Registered Documents Whitelist Text Definitions
Name the first 5 Client configuration policy options, A-C. AC AFAP CP CT CC
Advanced configuration Application File Access Protection Clipboard Protection Content Tracking Corporate Connectivity
Name the DLPe Agent file name.
fcag.exe
Name the DLPe Endpoint Service file name.
fcags.exe
Name the DLPe Endpoint Service WatchDog file name.
fcagswd.exe
Name the DLPe Text Extractor file name.
fcagte.exe
Name the DLPe Email Storage Crawler file name.
fcpst.exe
Name the 6 definition types for DLP Discover. What x2? Where x2? When? How?
Data: —File Extensions —File Information Other: —Credentials —Scheduler Repository: —File Server (CIFS) —Share Point
Name the 5 tabs found on Menu | Data Protection | DLP Discover page. DS SO DA DI D
Discover Servers Scan Operations Data Analytics Data Inventory Definitions
Name the 2 Endpoint Discovery Rules.
Local File System Local Email
Name the 2 Network Discovery Rules.
SharePoint File Server
Name the 6 Device Control Rules. CXDR FHDR PaPDR RSDR RSFAR TDR
Citrix XenApp Device Rule Fixed Hard Drive Rule Plug and Play device Rule Removable Storage Device Rule Removable Storage File Access Rule TrueCrypt Device Rules
Name the 9 Data Protection Rules. AFAP CP CP EP NCP NSP PP RSP WP
Application File Access Protection Clipboard Protection Cloud Protection Email Protection Network Communication Protection Network Share Protection Printer Protection Removable Storage Protection Web Protection
Name 3 rule types that Allow for justification to be requested.
Cloud Protection Printing Protection Web Host Protection
Name 3 locations that are used to store persistent tagging data.
Alternate data streams Extended file attributes ODB$ folder
Discovery Scan General Steps
Create and Define Classification Create and define Discovery Rule Schedule Definitions Setup scan Parameters
Where do you define email destinations in DLP 9.4?
Policy Manager | Definitions | Source/Destination
Name the 5 tabs in the Incident Manager. E R C AL C
Evidence Rules Classifications Audit Log Comments
Which processes can trigger an automated memory dump if selected in the policy?
DLP Agent Email Storage Crawler Text Extractor
Name the 4 license options for DLP?
Device Control for Enterprise Full Data Loss Prevention Enterprise Data Loss Prevention Discovery Device Control for Small to Medium Business
Where is the maximum memory used per process setting found in DLP 9.4?
Policy Catalog | Client Configuration | Content Tracking
Name the 4 tabs of the fully configured DLPe Client Interface
Discovery Events History About Tasks
Default max number of files linked to an event in the database?
100
What 2 tabs are in each operational event?
Comments Audit Log
Tags can be applied based on what criteria?
Location Web Application Application
Where do you generate client bypass keys?
Help Desk Actions
How many people are required to release redacted data when using Best Practices and why?
2 to prevent misuse of redacted data
Which ePO user interface contains definitions?
Classifications DLP Policy Manager Discovery
Name the first 7 reactions available. A RM P B C E M NA Q
Apply RM Policy Block Copy Encrypt Move No Action Quarantine
Name the 4 process strategies. What type of application?
Editor Explorer Trusted Archiver
Name the Classification > Definitions > Data category. AP D DP FE FI TFT
Advanced Pattern Dicitonary Document Properties File Extension File Information True File Type
Name the Classification Definations Source/Destination Category
Application Template End-user group Network Share URL list
Name the middle 5 Client configuration policy options, D-O. D and L D EP ECS OM and M
Debugging and Logging Discovery Email Protection Evidence Copy Service Operational Mode and Modules
Name the last 6 Client configuration policy options, P-W. PP Q RSP SC UI WP
Printing Protection Quarantine Removable Storage protection Screen Capture User Interface Web Protection
Name the last 7 reactions available. RO RI RJ S S T UN
Read-Only Report Incident Request Justification Show File in DLPe Console Store Original File Tag User Notification
What actions can be taken by a Discovery Scan?
Encrypt Quarantine Tag
Where are justifications configured?
Policy Manager > Definitions
Where are privileged users defined?
Policy Catalog > DLP Policy
What rules can be configured to block as a reaction? EP NSP PP RS
Email Protection Network Share Protection Printing Protection Removable storage Web post protection
Which rules have the ability to perform a block action added in dlpe?
Cloud Protection Rules Plug and Play device Rules for iPhone 4 or later Application File Access Protection Rules
What placeholder is used to display the classifications that triggered the event?
%c
What placeholder is used to display the rule set that triggered the event?
%r
What placeholder is used to display the vector (email protection, web protection, and so forth) that triggered the event?
%v
What placeholder is used to display the action that triggered the event?
%a
What placeholder is used to display the string value?
%s
- You want to prevent unauthorized distribution of tagged data. Which DLPe rule type best meets your requirements?
A Classification rule
B Data rule
C Protection rule
D Tagging rule
C Protection rule
- Which of the following are valid actions for managing content that is no longer relevant?
A Add content to the evidence folder
B Add content to the data-at-rest folder
C Add content to the data-at-motion folder
D Add content to the whitelist folder
D Add content to the whitelist folder
- Which of the following DLP components protects removable media and storage devices?
A DLP Endpoint Agent
B DLP Device Control
C DLP Incident Manager
D DLP Service WatchDog
B DLP Device Control
- To configure the client software for full protection in Safe Mode, set the functionality in the Agent Configuration:
A On the Miscellaneous tab
B On the Security tab
C On the Advanced Configuration tab
D On the File Tracking tab
C On the Advanced Configuration tab
- Which of the following steps is necessary to configure the DLP client software for full protection?
A Enable On-the-Go protection
B Enable Safe Mode option
C Enable Universal protection
D Enable WatchDog service
B Enable Safe Mode option
- To display the McAfee DLP icon in Microsoft Outlook, the Show Release from Quarantine Controls in Outlook option must be
enabled in the Agent Configuration:
A On the Miscellaneous tab
B On the Security tab
C On the Advanced Configuration
D On the File Tracking tab
A On the Miscellaneous tab
- Which of the following features lets you temporarily suspend of blocking rules?
A Agent bypass
B Master release
C Override key
D Quarantine release
A Agent bypass
- Which of the following definitions are turned off (unavailable) in McAfee DLP Device Control software? Select two.
A All Removable Storage Devices
B Content encrypted by McAfee Endpoint Encryption
C McAfee Encrypted USB
D Rights Management
E Web Destinations
D Rights Management
E Web Destinations
- Which of the following folder paths and names are recommended initially for use as repository folders? Select all that apply.
A c:\dlp_resources\
B c:\dlp_resources\evidence
C c:\dlp_resources\blacklist
D c:\dlp_resources\whitelist
A c:\dlp_resources\
B c:\dlp_resources\evidence
D c:\dlp_resources\whitelist
- Which of the following are characteristics of Dictionary Matching? Select all that apply.
A Case-sensitive
B Can match phrases
C Can match substrings
D Supports UTF-8
B Can match phrases
C Can match substrings
D Supports UTF-8
