Scribd
Upload
523 views

Trellix Application Control For Windows Essentials

- The document contains questions and answers about Trellix Application Control for Windows Essentials. It covers topics like how Application Control works with other Trellix components to fetch file reputation information, the MER tool for troubleshooting, commands to manage Solidifier passwords and status, and other configuration and management aspects of Application Control, Change Control, and Integrity Monitoring.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
523 views

Trellix Application Control For Windows Essentials

- The document contains questions and answers about Trellix Application Control for Windows Essentials. It covers topics like how Application Control works with other Trellix components to fetch file reputation information, the MER tool for troubleshooting, commands to manage Solidifier passwords and status, and other configuration and management aspects of Application Control, Change Control, and Integrity Monitoring.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Trellix Application Control for Windows Essentials

urn:scormdriver:Course Exam Application Control works with TIE Server and GTI to fetch reputation
information for a file. (True %2F False) 0

Application Control works with TIE Server and GTI to fetch reputation information for a file. (True /
False)

Choice

urn:scormdriver:True

Correct

00:00:25

urn:scormdriver:Course Exam What tool collects everything from log files to registry entries specific
to the Solidcore products to assist with troubleshooting%3F 0

What tool collects everything from log files to registry entries specific to the Solidcore products to
assist with troubleshooting?

Choice

urn:scormdriver:MER

Correct

00:00:09.45

urn:scormdriver:Course Exam What functionality provides the ability to install Application Control,
Change Control, and %C2%A0Integrity Monitor on endpoints%3F 0

What functionality provides the ability to install Application Control, Change Control, and Integrity
Monitor on endpoints?

Choice

urn:scormdriver:Solidcore Extension

Incorrect

00:00:09.61

urn:scormdriver:Course Exam If you want to delete the Solidifier command line interface password,
what command would you use to accomplish this%3F%C2%A0 0

If you want to delete the Solidifier command line interface password, what command would you use
to accomplish this?

Choice

urn:scormdriver:sadmin passwd -d

Correct

00:00:07.46
urn:scormdriver:Course Exam Which ePO server log should be reviewed to troubleshoot why ACC
events are not processing correctly%3F 0

Which ePO server log should be reviewed to troubleshoot why ACC events are not processing
correctly?

Choice

urn:scormdriver:Stderr.log

Incorrect

00:00:14.83

urn:scormdriver:Course Exam What two components are considered part of the Change Control
%E2%80%9CTrust%E2%80%9D model%3F (SELECT TWO) 0

What two components are considered part of the Change Control “Trust” model? (SELECT TWO)

Choice

urn:scormdriver:Update Mode[,]urn:scormdriver:User[,]urn:scormdriver:Updater

Incorrect

00:00:05.72

urn:scormdriver:Course Exam What are the two components managing Application and Change
Control%3F (SELECT TWO) 0

What are the two components managing Application and Change Control? (SELECT TWO)

Choice

urn:scormdriver:McAfee Application and Change Control Extension[,]urn:scormdriver:McAfee


Application and Change Control Client

Correct

00:00:14.77

urn:scormdriver:Course Exam If you want to review information on executables and script files
present on an endpoint, where do you go in the ePO console to quickly review this information%3F 0

If you want to review information on executables and script files present on an endpoint, where do
you go in the ePO console to quickly review this information?

Choice

urn:scormdriver:Inventory page

Correct

00:00:31.55

urn:scormdriver:Course Exam Which Rule Groups tab allows you to define rules to override or bypass
the applied memory protection and other techniques%3F 0
Which Rule Groups tab allows you to define rules to override or bypass the applied memory
protection and other techniques?

Choice

urn:scormdriver:Exclusions

Correct

00:00:15.99

urn:scormdriver:Course Exam Which page serves as a central console to help ePO administrators
manage all observation and self-approval requests%3F 0

Which page serves as a central console to help ePO administrators manage all observation and self-
approval requests?

Choice

urn:scormdriver:Observe Mode

Incorrect

00:00:08.63

urn:scormdriver:Course Exam What two client tasks contain the option to start in Observe Mode%3F
%C2%A0(SELECT TWO) 0

What two client tasks contain the option to start in Observe Mode? (SELECT TWO)

Choice

sc: End Update Mode[,]sc: Begin Update Mode

Incorrect

00:00:16.81

urn:scormdriver:Course Exam If you want to verify that local command line access for an endpoint is
locked down, what command would you run to accomplish this%3F%C2%A0 0

If you want to verify that local command line access for an endpoint is locked down, what command
would you run to accomplish this?

Choice

urn:scormdriver:sadmin status

Correct

00:00:08.97

urn:scormdriver:Course Exam What ACC functionality provides security to a system when adding the
Application Control License%3F 0

What ACC functionality provides security to a system when adding the Application Control License?

Choice

urn:scormdriver:Read Protect
Incorrect

00:00:11.41

urn:scormdriver:Course Exam A group needs to install and run an application that is not part of the
gold standard. How can you accomplish this task securely%3F 0

A group needs to install and run an application that is not part of the gold standard. How can you
accomplish this task securely?

Choice

urn:scormdriver:Use the auth/attr –a command to authorize the applications to execute.

Correct

00:00:17.28

urn:scormdriver:Course Exam What is the default TCP port opened by McAfee Agents to receive
agent wake-up requests from the ePO server%3F 0

What is the default TCP port opened by McAfee Agents to receive agent wake-up requests from the
ePO server?

Choice

urn:scormdriver:8443

Incorrect

00:00:06.09

urn:scormdriver:Course Exam What two products must be installed and be fully operational before
deploying managed Application and Change Control%3F (SELECT TWO) 0

What two products must be installed and be fully operational before deploying managed Application
and Change Control? (SELECT TWO)

Choice

urn:scormdriver:Solidcore[,]urn:scormdriver:ePO

Incorrect

00:00:12.94

urn:scormdriver:Course Exam Select three File Reputation values available for Application Control.
(SELECT THREE) 0

Select three File Reputation values available for Application Control. (SELECT THREE)

Choice

urn:scormdriver:Trusted[,]urn:scormdriver:Malicious[,]urn:scormdriver:Unknown

Correct

00:00:08.82
urn:scormdriver:Course Exam What three dashboards are available for Solidcore in ePO%3F (SELECT
THREE) 0

What three dashboards are available for Solidcore in ePO? (SELECT THREE)

Choice

solidcore: Change Control[,]solidcore: Application Control[,]solidcore: Integrity Monitoring

Correct

00:00:14.24

urn:scormdriver:Course Exam Who %C2%A0can override the read and write protection rules%3F 0

Who can override the read and write protection rules?

Choice

urn:scormdriver:Updaters

Correct

00:00:08.36

urn:scormdriver:Course Exam Which Change Control feature stops unauthorized access to sensitive
files%3F 0

Which Change Control feature stops unauthorized access to sensitive files?

Choice

urn:scormdriver:Read protection

Correct

00:00:10.13

urn:scormdriver:Course Exam If you want to verify that local command line access for an endpoint is
locked down, what command would you run to accomplish this%3F%C2%A0 1

If you want to verify that local command line access for an endpoint is locked down, what command
would you run to accomplish this?

Choice

urn:scormdriver:sadmin status

Correct

00:00:40

urn:scormdriver:Course Exam What ACC functionality provides security to a system when adding the
Application Control License%3F 1

What ACC functionality provides security to a system when adding the Application Control License?

Choice
urn:scormdriver:Whitelisting

Correct

00:01:12.43

urn:scormdriver:Course Exam What are the two components managing Application and Change
Control%3F (SELECT TWO) 1

What are the two components managing Application and Change Control? (SELECT TWO)

Choice

urn:scormdriver:McAfee Application and Change Control Extension[,]urn:scormdriver:McAfee


Application and Change Control Client

Correct

00:00:29.42

urn:scormdriver:Course Exam What three dashboards are available for Solidcore in ePO%3F (SELECT
THREE) 1

What three dashboards are available for Solidcore in ePO? (SELECT THREE)

Choice

solidcore: Change Control[,]solidcore: Integrity Monitoring[,]solidcore: Application Control

Correct

00:00:38.32

urn:scormdriver:Course Exam What tool collects everything from log files to registry entries specific
to the Solidcore products to assist with troubleshooting%3F 1

What tool collects everything from log files to registry entries specific to the Solidcore products to
assist with troubleshooting?

Choice

urn:scormdriver:MER

Correct

00:00:13.86

urn:scormdriver:Course Exam What is the default TCP port opened by McAfee Agents to receive
agent wake-up requests from the ePO server%3F 1

What is the default TCP port opened by McAfee Agents to receive agent wake-up requests from the
ePO server?

Choice

urn:scormdriver:8081

Correct

00:00:12.67
urn:scormdriver:Course Exam Which Rule Groups tab allows you to define rules to override or bypass
the applied memory protection and other techniques%3F 1

Which Rule Groups tab allows you to define rules to override or bypass the applied memory
protection and other techniques?

Choice

urn:scormdriver:Exclusions

Correct

00:00:16.57

urn:scormdriver:Course Exam If you want to delete the Solidifier command line interface password,
what command would you use to accomplish this%3F%C2%A0 1

If you want to delete the Solidifier command line interface password, what command would you use
to accomplish this?

Choice

urn:scormdriver:sadmin passwd -d

Correct

00:00:11.23

urn:scormdriver:Course Exam Select three File Reputation values available for Application Control.
(SELECT THREE) 1

Select three File Reputation values available for Application Control. (SELECT THREE)

Choice

urn:scormdriver:Malicious[,]urn:scormdriver:Trusted[,]urn:scormdriver:Unknown

Correct

00:00:14.56

urn:scormdriver:Course Exam A group needs to install and run an application that is not part of the
gold standard. How can you accomplish this task securely%3F 1

A group needs to install and run an application that is not part of the gold standard. How can you
accomplish this task securely?

Choice

urn:scormdriver:Use the auth/attr –a command to authorize the applications to execute.

Correct

00:00:14.66

urn:scormdriver:Course Exam Which ePO server log should be reviewed to troubleshoot why ACC
events are not processing correctly%3F 1
Which ePO server log should be reviewed to troubleshoot why ACC events are not processing
correctly?

Choice

urn:scormdriver:S3Setup.log

Incorrect

00:00:23.06

urn:scormdriver:Course Exam What functionality provides the ability to install Application Control,
Change Control, and %C2%A0Integrity Monitor on endpoints%3F 1

What functionality provides the ability to install Application Control, Change Control, and Integrity
Monitor on endpoints?

Choice

urn:scormdriver:McAfee Agent

Incorrect

00:00:52.03

urn:scormdriver:Course Exam Who %C2%A0can override the read and write protection rules%3F 1

Who can override the read and write protection rules?

Choice

urn:scormdriver:Updaters

Correct

00:00:22.14

urn:scormdriver:Course Exam Which page serves as a central console to help ePO administrators
manage all observation and self-approval requests%3F 1

Which page serves as a central console to help ePO administrators manage all observation and self-
approval requests?

Choice

urn:scormdriver:Dashboards

Incorrect

00:01:02.95

urn:scormdriver:Course Exam Application Control works with TIE Server and GTI to fetch reputation
information for a file. (True %2F False) 1

Application Control works with TIE Server and GTI to fetch reputation information for a file. (True /
False)

Choice

urn:scormdriver:True
Correct

00:00:12.38

urn:scormdriver:Course Exam What two client tasks contain the option to start in Observe Mode%3F
%C2%A0(SELECT TWO) 1

What two client tasks contain the option to start in Observe Mode? (SELECT TWO)

Choice

sc: Enable[,]sc: Begin Update Mode

Incorrect

00:00:25.31

urn:scormdriver:Course Exam What two products must be installed and be fully operational before
deploying managed Application and Change Control%3F (SELECT TWO) 1

What two products must be installed and be fully operational before deploying managed Application
and Change Control? (SELECT TWO)

Choice

urn:scormdriver:ePO[,]urn:scormdriver:McAfee Agent

Correct

00:00:24.02

urn:scormdriver:Course Exam What two components are considered part of the Change Control
%E2%80%9CTrust%E2%80%9D model%3F (SELECT TWO) 1

What two components are considered part of the Change Control “Trust” model? (SELECT TWO)

Choice

urn:scormdriver:User[,]urn:scormdriver:Reviewer

Incorrect

00:00:31.86

urn:scormdriver:Course Exam If you want to review information on executables and script files
present on an endpoint, where do you go in the ePO console to quickly review this information%3F 1

If you want to review information on executables and script files present on an endpoint, where do
you go in the ePO console to quickly review this information?

Choice

urn:scormdriver:Inventory page

Correct

00:00:12.59

urn:scormdriver:Course Exam Which Change Control feature stops unauthorized access to sensitive
files%3F 1
Which Change Control feature stops unauthorized access to sensitive files?

Choice

urn:scormdriver:Read protection

Correct

00:00:12.05

You might also like