DLP 9.4 - MA0-103

Question 1

Name the 5 tabs of the Classification page. C MC RD WT D

Answer 1

Classification Manual Classification Registered Documents Whitelist Text Definitions

Question 2

Name the first 5 Client configuration policy options, A-C. AC AFAP CP CT CC

Answer 2

Advanced configuration Application File Access Protection Clipboard Protection Content Tracking Corporate Connectivity

Question 3

Name the DLPe Agent file name.

Answer 3

fcag.exe

Question 4

Name the DLPe Endpoint Service file name.

Answer 4

fcags.exe

Question 5

Name the DLPe Endpoint Service WatchDog file name.

Answer 5

fcagswd.exe

Question 6

Name the DLPe Text Extractor file name.

Answer 6

fcagte.exe

Question 7

Name the DLPe Email Storage Crawler file name.

Answer 7

fcpst.exe

Question 8

Name the 6 definition types for DLP Discover. What x2? Where x2? When? How?

Answer 8

Data: —File Extensions —File Information Other: —Credentials —Scheduler Repository: —File Server (CIFS) —Share Point

Question 9

Name the 5 tabs found on Menu | Data Protection | DLP Discover page. DS SO DA DI D

Answer 9

Discover Servers Scan Operations Data Analytics Data Inventory Definitions

Question 10

Name the 2 Endpoint Discovery Rules.

Answer 10

Local File System Local Email

Question 11

Name the 2 Network Discovery Rules.

Answer 11

SharePoint File Server

Question 12

Name the 6 Device Control Rules. CXDR FHDR PaPDR RSDR RSFAR TDR

Answer 12

Citrix XenApp Device Rule Fixed Hard Drive Rule Plug and Play device Rule Removable Storage Device Rule Removable Storage File Access Rule TrueCrypt Device Rules

Question 13

Name the 9 Data Protection Rules. AFAP CP CP EP NCP NSP PP RSP WP

Answer 13

Application File Access Protection Clipboard Protection Cloud Protection Email Protection Network Communication Protection Network Share Protection Printer Protection Removable Storage Protection Web Protection

Question 14

Name 3 rule types that Allow for justification to be requested.

Answer 14

Cloud Protection Printing Protection Web Host Protection

Question 15

Name 3 locations that are used to store persistent tagging data.

Answer 15

Alternate data streams Extended file attributes ODB$ folder

Question 16

Discovery Scan General Steps

Answer 16

Create and Define Classification Create and define Discovery Rule Schedule Definitions Setup scan Parameters

Question 17

Where do you define email destinations in DLP 9.4?

Answer 17

Policy Manager | Definitions | Source/Destination

Question 18

Name the 5 tabs in the Incident Manager. E R C AL C

Answer 18

Evidence Rules Classifications Audit Log Comments

Question 19

Which processes can trigger an automated memory dump if selected in the policy?

Answer 19

DLP Agent Email Storage Crawler Text Extractor

Question 20

Name the 4 license options for DLP?

Answer 20

Device Control for Enterprise Full Data Loss Prevention Enterprise Data Loss Prevention Discovery Device Control for Small to Medium Business

Question 21

Where is the maximum memory used per process setting found in DLP 9.4?

Answer 21

Policy Catalog | Client Configuration | Content Tracking

Question 22

Name the 4 tabs of the fully configured DLPe Client Interface

Answer 22

Discovery Events History About Tasks

Question 23

Default max number of files linked to an event in the database?

Answer 23

100

Question 24

What 2 tabs are in each operational event?

Answer 24

Comments Audit Log

Question 25

Tags can be applied based on what criteria?

Answer 25

Location Web Application Application

Question 26

Where do you generate client bypass keys?

Answer 26

Help Desk Actions

Question 27

How many people are required to release redacted data when using Best Practices and why?

Answer 27

2 to prevent misuse of redacted data

Question 28

Which ePO user interface contains definitions?

Answer 28

Classifications DLP Policy Manager Discovery

Question 29

Name the first 7 reactions available. A RM P B C E M NA Q

Answer 29

Apply RM Policy Block Copy Encrypt Move No Action Quarantine

Question 30

Name the 4 process strategies. What type of application?

Answer 30

Editor Explorer Trusted Archiver

Question 31

Name the Classification \> Definitions \> Data category. AP D DP FE FI TFT

Answer 31

Advanced Pattern Dicitonary Document Properties File Extension File Information True File Type

Question 32

Name the Classification Definations Source/Destination Category

Answer 32

Application Template End-user group Network Share URL list

Question 33

Name the middle 5 Client configuration policy options, D-O. D and L D EP ECS OM and M

Answer 33

Debugging and Logging Discovery Email Protection Evidence Copy Service Operational Mode and Modules

Question 34

Name the last 6 Client configuration policy options, P-W. PP Q RSP SC UI WP

Answer 34

Printing Protection Quarantine Removable Storage protection Screen Capture User Interface Web Protection

Question 35

Name the last 7 reactions available. RO RI RJ S S T UN

Answer 35

Read-Only Report Incident Request Justification Show File in DLPe Console Store Original File Tag User Notification

Question 36

What actions can be taken by a Discovery Scan?

Answer 36

Encrypt Quarantine Tag

Question 37

Where are justifications configured?

Answer 37

Policy Manager \> Definitions

Question 38

Where are privileged users defined?

Answer 38

Policy Catalog \> DLP Policy

Question 39

What rules can be configured to block as a reaction? EP NSP PP RS

Answer 39

Email Protection Network Share Protection Printing Protection Removable storage Web post protection

Question 40

Which rules have the ability to perform a block action added in dlpe?

Answer 40

Cloud Protection Rules Plug and Play device Rules for iPhone 4 or later Application File Access Protection Rules

Question 41

What placeholder is used to display the classifications that triggered the event?

Answer 41

%c

Question 42

What placeholder is used to display the rule set that triggered the event?

Answer 42

%r

Question 43

What placeholder is used to display the vector (email protection, web protection, and so forth) that triggered the event?

Answer 43

%v

Question 44

What placeholder is used to display the action that triggered the event?

Answer 44

%a

Question 45

What placeholder is used to display the string value?

Answer 45

%s

Question 47

1. You want to prevent unauthorized distribution of tagged data. Which DLPe rule type best meets your requirements? A Classification rule B Data rule C Protection rule D Tagging rule

Answer 47

C Protection rule

Question 48

2. Which of the following are valid actions for managing content that is no longer relevant? A Add content to the evidence folder B Add content to the data-at-rest folder C Add content to the data-at-motion folder D Add content to the whitelist folder

Answer 48

D Add content to the whitelist folder

Question 49

3. Which of the following DLP components protects removable media and storage devices? A DLP Endpoint Agent B DLP Device Control C DLP Incident Manager D DLP Service WatchDog

Answer 49

B DLP Device Control

Question 50

4. To configure the client software for full protection in Safe Mode, set the functionality in the Agent Configuration: A On the Miscellaneous tab B On the Security tab C On the Advanced Configuration tab D On the File Tracking tab

Answer 50

C On the Advanced Configuration tab

Question 51

5. Which of the following steps is necessary to configure the DLP client software for full protection? A Enable On-the-Go protection B Enable Safe Mode option C Enable Universal protection D Enable WatchDog service

Answer 51

B Enable Safe Mode option

Question 52

6. To display the McAfee DLP icon in Microsoft Outlook, the Show Release from Quarantine Controls in Outlook option must be enabled in the Agent Configuration: A On the Miscellaneous tab B On the Security tab C On the Advanced Configuration D On the File Tracking tab

Answer 52

A On the Miscellaneous tab

Question 53

7. Which of the following features lets you temporarily suspend of blocking rules? A Agent bypass B Master release C Override key D Quarantine release

Answer 53

A Agent bypass

Question 54

8. Which of the following definitions are turned off (unavailable) in McAfee DLP Device Control software? Select two. A All Removable Storage Devices B Content encrypted by McAfee Endpoint Encryption C McAfee Encrypted USB D Rights Management E Web Destinations

Answer 54

D Rights Management E Web Destinations

Question 55

9. Which of the following folder paths and names are recommended initially for use as repository folders? Select all that apply. A c:\dlp\_resources\ B c:\dlp\_resources\evidence C c:\dlp\_resources\blacklist D c:\dlp\_resources\whitelist

Answer 55

A c:\dlp\_resources\ B c:\dlp\_resources\evidence D c:\dlp\_resources\whitelist

Question 56

10. Which of the following are characteristics of Dictionary Matching? Select all that apply. A Case-sensitive B Can match phrases C Can match substrings D Supports UTF-8

Answer 56

B Can match phrases C Can match substrings D Supports UTF-8