NSP- MA0-101 Flashcards by Brandon L

Which port needs to be opened for Alert Channel comunication between Sensor and Manager through a firewall?

A. 8501 B. 8502 C. 8503 D. 8555

B. 8502

How well did you know this?

Not at all

Perfectly

What is the CLI command that enables the output of the MAC/IP address mapping table to the sensor debug files? A. arp.spoof status B. arp spoof enable C. arp dump D. arp flush

C. arp dump

How well did you know this?

Not at all

Perfectly

Performance debugging mode can be enabled on a sensor for a specified time duration by issuing which of the following CLI commands?

A. sensor perf-debug 100

B. sensor perf-debug on 100

C. sensor perf-debug interface all 100

D. sensor perf-debug assert 100

A. sensor perf-debug 100

How well did you know this?

Not at all

Perfectly

What type of encryption is used for file transfers between the Sensor and the Manager?

A. SSL with RCA

B. SSL with MDS

C. SSL with RC4 and MD5

D. DES

How well did you know this?

Not at all

Perfectly

Setting a threshold to allow and IPS to react when traffic volume exceeds the set limit is an example of what type of detection method?

A. Signature based

B. Pattern matching

C. Denial of Service

D. Remediation

C. Denial of Service

How well did you know this?

Not at all

Perfectly

When placed in Layer3 mode, a Sensor detects a Layer2 device based on which of the following?

B. IP address

How well did you know this?

Not at all

Perfectly

“Pass Any Exam.Any time.”www.actualtests.com 3 McAfee MA0-101 Exam DoS detection is implemented in which of the following modes? A. Learning mode B. Configuration mode C. Threshold mode D. Biridectional mode E. Inbound mode

A. Learning mode C. Threshold mode

How well did you know this?

Not at all

Perfectly

Which port needs to be opened for Packet Log Channel communication between Sensor and Manager through a firewall? A. 8501 B. 8502 C. 8503 D. 8555

C. 8503

How well did you know this?

Not at all

Perfectly

Which port is correctly defined for the Alert Channel on the Network Security Manager? A.8500 B. 8501 C. 8503 D. 8555

C. 8503

How well did you know this?

Not at all

Perfectly

In double VLAN tagging , a second VLAN tag is inserted into the frame is referred to as which of the following? A. Customer Identification tag (CD) B. VLAN Identification tag (VID) C. Outer Identification tag (OID) D. Inner Identification tag (HD)

A. Customer Identification tag (CD)

How well did you know this?

Not at all

Perfectly

Which of the following information is unique to Host Prevention alerts? A. Destination IP B. User C. Source IP D. Agent IP E. Agent name

B. User D. Agent IP E. Agent name

How well did you know this?

Not at all

Perfectly

Which mode is used when certain hosts are located on the same network as a sensor and other hosts enter through a router or VPN? A. Mixed B. Hybrid C. Enforcement D. Prevention

A. Mixed

How well did you know this?

Not at all

Perfectly

Which mode needs to be set to redirect an unmanaged system to the guest portal? A. Audit B. Simulation C.. Enforcement D. Prevention

C. Enforcement

How well did you know this?

Not at all

Perfectly

Which attyacj cabbit be blocked when the sensor has been set for in-line mode? A. TCP Control Anomaly B. ICMP Echo Anomaly C. Too many Inbound Syn D. SCADA Attacks

A. TCP Control Anomaly

How well did you know this?

Not at all

Perfectly

Which database is supported for Network Security Manager? A. MSSQL B. Oracle C. MySQL D. Sybase

C. MySQL

How well did you know this?

Not at all

Perfectly

Which of the following is the correct extension for a Sensor image imported into the Manager? A. ext B. .opt C. jar D. mfe

C. jar

How well did you know this?

Not at all

Perfectly

Which CLI command is used to copy sensor SSL certificates from external flash when replacing a failed sensor? A. Exportsensorcerts B. Importsensorcerts C. Exportcerts D. Importcerts

B. Importsensorcerts

How well did you know this?

Not at all

Perfectly

Which of the following deployment modes is not included in standard NAC? A. System Health based NAC B. DHCP based NAC C. L2 based NAC D. L3 based NAC

B. DHCP based NAC

How well did you know this?

Not at all

Perfectly

The network Security Manager provides the following built-in Network Access Zones A. Allow DNS Access B. Allow Full Access C. Public Network Only D. Allow DHCP Access E. Allow Intranet Access

A. Allow DNS Access B. Allow Full Access C. Public Network Only

How well did you know this?

Not at all

Perfectly

A sensor will redirect the host to which of the following when McAfee NAC reports the Host status as “unmanaged with an Unknown Health Level”? A. Guest Client Portal B. NAC Client Portal C. Sensor Client Portal D. DNS Server Portal

A. Guest Client Portal

How well did you know this?

Not at all

Perfectly

If the Health level of a Host cannot be determined McAfee NAC assigns which of the following System Health levels to that Host? A. Fair B. Poor C. Serious D. Unknown

D. Unknown

How well did you know this?

Not at all

Perfectly

Reconnaissance Policies can be applied to which of the following sensor nodes? A. Sensor name mode only B. Sensor interface node only C. Sensor sub-interface node only D. Sensor name, interface and sub-interface node

A. Sensor name mode only

How well did you know this?

Not at all

Perfectly

Which command is used to manually download signature titles from the tftserver when connectivity to the Manager is not available? A. Loadimage WORD B. Loadconfig. WORD C. Loadconfiguration WORD D. Loadsigset WORD

C. Loadconfiguration WORD

How well did you know this?

Not at all

Perfectly

When the buffer on the alert cache has been filled, what happens to current incoming alerts? A. Incoming alerts are added to the cache and trhe oldest alerts are dropped B. Incoming alerts are not added to the cache and are dropped C. Incoming alerts are held in queue until cache space is cleared D. Incoming alerts are added to the database directly

A. Incoming alerts are added to the cache and trhe oldest alerts are dropped

How well did you know this?

Not at all

Perfectly

Which policy is assigned to a child domain by default? A. The default IDS policy B. The default IPS policy C. No default policy D. The policy of the parent domain

D. The policy of the parent domain

Which of the following modes can be used to implement DoS detection? (Choose two) A, Learning B. Threshold Mode C. Configuration Mode D. Adaptive Mode E. Transition Mode

A, Learning B. Threshold Mode

Which of the following methods are available for upgrading a Sensor image? A. TFTP and/or through the Manager B. PUTTY and/or through the Manager C. Console connection and/or through the Manager D. TFTP , console connection and/or through the Manager

A. TFTP and/or through the Manager

Which of the following deployment modes receives a copy of the packet from a mirrored switch port? A. Redundant B. SPAN C. TAP D. In-line

B. SPAN

Which of the following are the different operational modes of System Health based NAC? A. Audit B. Simulation C. Enforcement D. Prevention E. Quarantine

A. Audit B. Simulation C. Enforcement

Which of the following are considered part of the Operational mode of System Health -based NAC? A. Audit B. IPS C. TAP D. Simulation E. Enforcement F. SPAN

A. Audit D. Simulation E. Enforcement

Policies can be configured to drop packets when which of the following has been defined? A. The policy has been enabled B. The underlying rule set permits dropped packets C. The sensor is deployed in online mode D. The policy has been clonedj

C. The sensor is deployed in online mode

Setting a threshold on a sensor to react if traffic volume exceedfs the threshold limit is an example of what specific detection method? A. Signature based B. DHCP based C. Pattern matching D. Denial of Servicer (DoS)

D. Denial of Servicer (DoS)

Which logs are used to determine who was logged into the Manager the last time a signature set updatge was pushed from the Manager to the Sensor? A. Trace log B. Fault log C. Manager ems log D. User Activity Audit log

D. User Activity Audit log

Which type of NAC configuration allows a host to be subjected to both DHCP and IBAC based NAC when configured on different ports? A. Integrated B. DHCP C. Health-based D. Hybrid

D. Hybrid

Which step needs to be completed before a sensor can be configured? A. Sensor IP addressing must be set B. Sensor must be added to the Manager C. Sensor username and password must be set

B. Sensor must be added to the Manager

Which of the following rules do sub-interfaces inherit when they are created? A. ACL rules B. Sensor rules only C. Port rules only D. Sensor and port rules

D. Sensor and port rules

Which operating mode allows a sensor to prevent attacks from reaching their intended targets? A. Tap B. Span C. In-line D. Failover

C. In-line

Why would attacks not be blocked when the Sensor monitoring ports are configured in SPAN mode? A. Blocking of attacks only occurs when the Sensor is placed in in-line mode B. Blocking of attacks only occurs when the Sensor C. The sensor has not learned to identify these attacks D. Blocking of attacks only occurs when the Sensor has been configured for failover

A. Blocking of attacks only occurs when the Sensor is placed in in-line mode

How are packet logs vieweed from within the Manager? A. Push the packet log to the Sensor and open it from there B. Packet logs cannot be viewed from within the Manager C. Save and export the Packet log in order to open it D. Set the log to be viewable with Wireshark/Ehtereal

D. Set the log to be viewable with Wireshark/Ehtereal

Which command can be issued on a Sensor to check the health of the Sensor? A. show B. show settings C. status D. Check health

C. status

Which CLI command is used to determine that the Sensor has established trust with the Manager? A. config B. status C. trust D. show

B. status

Which of the following commands will reestablish the Alert and packet log channel connection between the sensor and manager? A. Connectalertandpktlogchannels B. Disconnectalertandptlogchannels C. reconnectalertandpktlogchannels D. deinstall

C. reconnectalertandpktlogchannels

What type of encryption is used for packet log transfers between the Sensor and the Manager? A. SSL with RC4 B. SSL with MD5 C. SSL with RC4 and MD5 D. DES

B. SSL with MD5

When creating policies, which of the following rule sets are available for selection within those policies? A. Only rule sets created using the Rule Set Editor B. Only rule sets imported from the Sensor C. Only rule sets created using the Rule Set Editor and Default rule sets D.Only default Rule sets

C. Only rule sets created using the Rule Set Editor and Default rule sets

Which port needs to be opened for install Channel communication between Sensor and Manager through a firewall? A. 8501 B. 8502 C. 8503 D. 8555

A. 8501

Which sensor action detectws and drop attacks in real-time? A. Drop further packets B. Host Quarantine action C. TCP reset D. ICMP host unreachable

A. Drop further packets

Malware Protection requires which of the following feature or features to be enabled? A. HTTP response scanning B. Attack Filters C. Performance Monitoring D. The "Default Inline IPS" policy

A. HTTP response scanning

\_\_\_\_\_\_\_\_\_allows a host to be subjected to both DHP based NAC and Identity Based Access Control when configured on different ports. A. Integrated NAC B. DHCP based NAC C. Hybrid NAC D. Health based NAC

C. Hybrid NAC

Which of the following actions can a Standby Manager of an MDR pair perform? A. Modify sensor configuration B. Policy configuration C. Signature update D. Configuration backup

D. Configuration backup

A. Sensor allows the option of Layer2 forwarding for which of the following? A. TCPO and UDP ports only B. UDP ports and VLAN interfaces only C. TCP ports and VLAN interfaces only D. TCP ports UDP ports and VLAN interfaces

D. TCP ports UDP ports and VLAN interfaces

Which port needs to be opened for Alert Viewer communication between Client and Manager through a firewall? A. 8501 B. 8502 C. 8503 D. 8555

D. 8555

Why is the DBAdmin toold considered a preferred method of performing system maintenance tasks that could be performed within the Manager? A. Saves additional workload on the Manager B. Reliability C. Speed D. Ease of use

A. Saves additional workload on the Manager

What is the command to enable the sensor to forward all traffic at Layer 2 if a failure occurs? A. Layer2 mode off B. Layer2 modeon C. Layer2 mode assert D. Layer2 mode deassert

B. Layer2 modeon

Which of the following is the proper step to take if and IP address change is made to the server where the Network Security Manager has been installed? A. Change the IP address in the Network Security Manager settings B. Change the IP address through a command-line statement C. Reinstall the Network Security Manager D. The IP address can never be changed on the Network Security Manager

C. Reinstall the Network Security Manager

Alert fillers can be applied to which of the following sensor nodes? A. Sensor name node only B. Sensor interface name node only C. Sensor sub-interface node only D. Sensor interface and sub-interface node

D. Sensor interface and sub-interface node

McAfee recommends which of the following methods to cable the heartbeat connection of a sensor failover pair? A. direct fiber connection with specified monitoring ports B. direct copper connection using response ports C. switched fiber connection D. direct copper connection using failopen port

A. direct fiber connection with specified monitoring ports

A sensor is placed in-line and is dropping traffic. This situation demands an immediate removal of the sensor from the network to let traffic flow uninterrupted. Which option will you use to verify whether the issue is due to senasor configuration or network congestion? A. Layer2modeon B.. Layer2 mode assert C. Layer2 mode deassert D. Layer2 mode off

A. Layer2modeon

Setting a threshold limit in order for the IPS to react if traffic volume exceeds this limit is an example of which type of detection method? A. Statistical anomaly B. Protocol anomaly C.Pattern matching A. Application anomaly

A. Statistical anomaly

Which sensor action allows the detection and dropping of attacks in real-time? A. Host Quarantine action B. ICMP Host unreachable C. TSP reset D. Drop further packets

D. Drop further packets

A Reconnaissance Policy can be applied to which of the following? A. Sensors B. Sensor Ports C. Sensors and sensor ports C. Specific Hosts

A. Sensors

Which NSP sensor models support SSL encryption? (Choose three) A. M-4050 B. M-1450 C. M-2750 D. M-1250 E. M-6050

A. M-4050 C. M-2750 E. M-6050

Which is the correct syntax for the 'set dosprevenbonseverity' command? A. Set dospreventionseverity tcp-rst 150 B. Set dospreventionseverity icmp-echo-reply enable 150 C. Set dospreventionseverity tcp-syn inbound 150 D. Set dospreventionseveriry ip-fragment inbound

C. Set dospreventionseverity tcp-syn inbound 150

-----------------are a set of Access Control List (ACL) rules that define network access provided to a host, subject to Network Access Control. A. Network Access Lists B. Network Acess Objects C. Network Access Zones D. Network Access Policy

C. Network Access Zones

Which command allows an off-line signature file download from a tfp server when connectivity to the Manager is unavailable? A. Loadimagee\> C. Loadconfiguration D. Loadsigset

C. Loadconfiguration

Which of the following are the methods used by NSP to recognize and react to Denial-of-Service (DoS) attacks? (Choose three) A. Blocking B. Shutting down the sensor C. Thresholds D. Self-learning E. Logging F. DDoS attack tool with exploit signatures

C. Thresholds D. Self-learning F. DDoS attack tool with exploit signatures

Which server type needs to be configured as a requirement before the Quarantined user classes and Quarantined DHCP server (s) are configured? A. Integrated DHCP server B. Wildcard DNS server C. WINS server D. Portal server

B. Wildcard DNS server

\_\_\_\_\_\_\_\_are required to be configured before configuring the quarantine/pre-admission user classes or the quarantine DHCP server. A. Integrated DHCP servers B. Wild Card DNS servers C. Wins Servers D. Portal Servers

B. Wild Card DNS servers

Which of the following cannot be configured at the sub-interface level? A. DoS Learning Mode B. Assigned Policy C. Attack Filters D. Interface Type

A. DoS Learning Mode

Which of the following CLI commands only removes trust between a sensor and manager? A. Resetconfig B. Deletesignatures C. Factorydefaults D. Deinstall

D. Deinstall

Which of the following items can an ACL not match? A. Source IP address B. Destination IP address C. MAc address D. Protocol

A. Source IP address

By default, sensors are configured to operatge in which operating mode? A. Source IP address B. Tap C. SPAN D. Failover

A. Source IP address

IPS Policies can be enforced at whcih of the following sensor nodes? A. Sensor name node only B. Sensor name and interface node only C. Sensor sub-interface node only D. Sensor name,interface and sub-interface node

D. Sensor name,interface and sub-interface node

Which of the following CLI commands will not cause an automatic reboot of the Sensor? A. resetconfig B. delete signatures C. factorydefaults D. deinstall

D. deinstall

If the Health Level of the host cannot be determined, which of the following System Health Levels would be assigned? A. Fair B. Poor C. Serious D. Unknown

D. Unknown

Which of the following CLI commands removes trust between a sensor and manager, removes signatures and restores deafult port settings, but retains IP configuration? A. Resetconfig B. Deletesignatures C. Factorydefaults D. Deinstall

A. Resetconfig

Identity Based Access Control cannot co-exist with which mode of NAC deployment on the same port? A. System Health -based NAC B.. DHCP NAC C. L2 & L3 Deployment modes D. Mixed Deployment modes

B.. DHCP NAC

What type of encryption is used for alert channel (control channel) communication between the Sensor and the Manager? A. SSL with RC4 B. SSL with MD5 C. SSL with RC4 and MD5 D. DES

C. SSL with RC4 and MD5

Where in the Network Security Manager console can you see a hierarchical view of all the installed applications currently deployed and the resources associated with each? A. Device List B. Resource Tree C. Details Pane D. System Links

A. Device List

In L3 mode, a sensor detect an L2 device based on which address? A. MAC B. IP C. Default Gateway D. DNS

B. IP

Which domains does a Super User have full rights to access? A. Super Users have full rights to all domains B. Super Users have full rights to only the domains in which they reside C. SuperUsers have full rights to only sensor configuration D. Super Users have full rights to only Parent domains

B. Super Users have full rights to only the domains in which they reside

Which of the following activities require a reboot of a sensor? A. Enabling/Dissabling SSL B. Enabling/Dissabling parsing and detection of attacks in IPv4 traffic C. Enabling/Dissabling parsing and detection of attacks in IPv6 traffic D. Sensor software upgrade E. Signature update

A. Enabling/Dissabling SSL C. Enabling/Dissabling parsing and detection of attacks in IPv6 traffic D. Sensor software upgrade

When McAfee NAC reports the host status as unmanaged with an Unknown Hearth Level, the sensor redirects the host to which of the following? A. Guest Client Portal B. NAC Client Portal C. Sensor Client Portal D. DNS Client Portal

A. Guest Client Portal

In double VLAN tagging, the second VLAN tag inserted into the frame is called the: A. Customer Identification tag (CD) B. VLAN Identifier tag (VID) C. Outer Identifier tag (OID) D. Inner Identifier tag (ID)

A. Customer Identification tag (CD

As a recommended best practice, what is the total number of sensors that should be managed through a single Network Security Manager installation? A. 25 B. 50 C. 75 D. 100

B. 50

Which of the following options is the best practive to use if you need to edit all attacks with a specific seventy number within an IPS policy? A. Use the Bulk Edit feature within the Policy Editor B. Create and run the appropriate database query C. Edit the attacks individua;lly D. Use the Bulk Edit feature within the Reconnaissance Editor

A. Use the Bulk Edit feature within the Policy Editor

Identity Based Access Control cannot-co-exist with which mode of NAC deployment on the same port? A. DHCP based NAC B. System Health based NAC C. L2 & L3 Deployment modes D. Mixed Deployment modes

A. DHCP based NAC

What is the command to force the sensor out of Lalyer 2 Passthru mode? A. Layer2 mode off B. Layer2 mode on. C.Layer2 modeassert D.Layer2 mode deassert

D.Layer2 mode deassert

Which of the following should be applied to policies in both and Outbound directions? A.Policy rules B. Reconnaissance rules C. Attack parameters D. Rule sets

D. Rule sets

Select the deployment method which enables the most effective Protection/Prevent on mode of operation. A. in-line B. SPAN C. TAP D. failopen

A. in-line

Which NSP sensor models support VLAN Bridging? (Choose three) A. M-1450 B. M-2850 C. M-3050 D. M-4050 E. M-6050

C. M-3050 D. M-4050 E. M-6050

Upon initial configuration, which of the following allows management connection to the Sensor? A RJ45 B RJ11 C Monitoring port D Console port

D Console port

Upon initial configuration, which of the following allows management connection to the Sensor? A RJ45 B RJ11 C Monitoring port D Console port

D Console port

D Manage | Maintenance | Alerts | Archiving

Why is the DBAdmin tool considered a preferred method of performing system maintenance tasks that could be performed within the NSM? A Saves additional workload on the Manager B Reliability C Speed D Ease of use

A. Saves additional workload on the Manager

Which step needs to be completed before a sensor can be configured? A Sensor IP addressing must be set B Sensor must be added to the Manager C Sensor username and password must be set D Sensor Gateway addressing must be set

B- Sensor must be added to the Manager

Which command can be issued on a Sensor to check the health of the Sensor? A show health sensor B show health status C show config D check health

A show health sensor

In the Policy Manager, a policy can be modified at the interface level unless that policy was initially created in a: A Parent Domain. B Child Domain. C Top Domain. D non-adjacent domain.

A Parent Domain.

A rule set cannot be applied to a policy with: A the same rule set applied to both traffic flows. B one rule set applied to all traffic. C different rule sets applied to each traffic flow. D two rule sets applied to each traffic flow.

D two rule sets applied to each traffic flow.

At the device level, the IPS policy cannot be modified to include/exclude: A Default McAfee Attacks. B Modified McAfee Attacks. C Custom McAfee Format Attacks. D Custom Snort Attacks.

B Modified McAfee Attacks.

9. On the NSP CLI, what is the command that enables the L2 mode feature? A layer2 mode off B layer2 mode on C layer2 mode assert D layer2 mode deassert

B layer2 mode on

If domain-level exception object settings are assigned at the Sensor level: A other resources using that object on that Sensor are not affected B other resources using that object on that Sensor are also affected C a Fault level of warning will be sent to the NSM to warn the administrators D the Sensor level settings will be ignored; domain-level settings always take precedence

B other resources using that object on that Sensor are also affected.