Certified Professional: Kaspersky Next XDR Expert (048.1.

1)
Total Questions
31.55 / 55
Evaluation Score
57.36%
Passing Score
70%
1.What needs to be specified in the installation command?
Path to the Kaspersky NEXT XDR Expert distribution
Path to the file with installation parameters
Path to the Kaspersky NEXT XDR Expert license key
--accept-eula parameter
Path to the KUMA inventory file
2.Which operating system does a Central Node run?
CentOS
Kaspersky Secure OS
Ubuntu
Debian
3.The address of which node of a Central Node cluster can you use to open the
KATA Platform web interface?
Storage node
Any node
Processing node
First storage node
4.Which port do you need to specify in the browser address bar to open the
Sandbox web interface?
None, it is sufficient to type https://
8443
443
A Sandbox server does not have a web interface
5.How can you analyze a system memory dump obtained using a Kaspersky EDR
task?
By uploading the file to the Analytics section of the KATA Platform web interface
Using third-party software
Using SCP to upload the file to the Analytics section of the KATA Platform web interface
Using the Tasks section of the KATA Platform web interface
6.Can TAA rules analyze chains of events?
Yes; but built-in rules only
Yes, both built-in and custom rules can serve this purpose
No
7.What happens if a storage node fails in a Central Node cluster?
The telemetry stored there will be lost
The stored telemetry will not be lost, but you will need to restore it
A processing node will change its role to storage node
None of the above
8.What types of assets are there in Kaspersky NEXT XDR Expert?
Users
Devices (hosts)
Secrets
Clusters
Services
9.Is it true that SELinux must be disabled on servers where non-cluster KUMA
services will be installed?
Yes
No
10.How many alerts can an incident contain (maximum)?
1
200
5
25
100
500
Unlimited
11.Which of the following methods can you use to specify the Central Node
certificate for Endpoint Agents?
ServiceConnectionPoint object in Active Directory
Endpoint Agent policy in Kaspersky Security Center
Endpoint Agent command line utility
Copy the certificate file to the folder where EndpointAgent.msi is located before the installation
12.Which of the following Kaspersky Endpoint Agent installation parameters can
you specify in the settings of a Kaspersky Endpoint Security installation package
in KSC?
The address and port for connecting to Central Node
The certificate for connecting to the Central Node
Activation key
The components to be installed
13.Is it true that XDR products are state-of-the-art, simple and easy-to-use
solutions for organizations that cannot afford to hire qualified specialists?
Yes
No
14.What function does the Switch construct perform in a playbook algorithm?
Runs a set of identical actions in parallel
Runs a step or set of steps based on a condition
Runs different sets of actions in parallel
Describes a reusable executable block that can be called from different execution steps of the
playbook
Allows you to add arbitrary data to the playbook
15.Which of the following threat detection technologies are implemented in
Central Node?
Anti-Malware Engine
TAA (Targeted Attack Analyzer)
Sandboxing (running files within a virtual machine)
YARA
16.Is it true that before deploying Kaspersky NEXT XDR Expert it is recommended
to deploy and configure a ClickHouse cluster to store events?
Yes
No
17.Is it true that before installing Kaspersky NEXT XDR Expert you need to
prepare a configuration file and specify the administrator account password in it?
Yes
No
18.What component of a dedicated Sensor detects threats using periodically
downloaded updates?
URL Reputation
IDS (Suricata)
Redis Slave
None of the above
19.Is it true that before deploying Kaspersky NEXT XDR Expert you need to install
Docker, but only on the operator server?
Yes
No
20.Which of the following roles can servers have in the KATA Platform?
Database server
Sandbox
Central Node
(Network) Sensor
Network Attack Analyzer
21.Which task types are available in KEDR Expert?
Get file
Delete file
Stop process
Get list of host users
Get drive contents by sector number
22.Which of the following is required when installing Kaspersky Sandbox?
Two RAID arrays: for the operating system and for virtual machines
A physical server (rather than a virtual machine)
An Intel processor (rather than AMD)
An AMD processor (rather than Intel)
23.What is the minimum number of nodes in a Central Node cluster?
2
4
5
24.Which of the following do you need to prepare to connect a third-party system
as an external sensor that can send requests to KATA Platform via REST API?
Create a public certificate and private key pair for the external sensor
Create an identifier in the UUID format for the external sensor
In KATA, create an account from which requests will be sent
Enable support for external sensors in the Central Node web interface
25.How many Endpoint Agents can you connect to a secondary Central Node?
Up to 5000
Up to 20000
Up to 10000
Up to 15000
26.How can an incident be created? Select the correct answers.
Manually in the Kaspersky NEXT XDR Expert console
Automatically using segmentation rules
By increasing an alert's severity level to critical
27.Is it true that Kaspersky NEXT XDR Expert has a microservice architecture and
you need to install a Kubernetes cluster before deploying the product?
Yes
No, the KDT utility will do it automatically
28.Where will a file requested using a ‘Get file’ task from the Central Node web
console be stored?
Storage
A protected area on the computer
Sandbox
29.Which of the following KATA Platform servers can act as a proxy to relay
telemetry data that Endpoint Agents send to Central Node?
Any Windows computer where the Endpoint Sensor Proxy component is installed
(Network) Sensor
Sandbox
Another Central Node
30.Which account can you use to configure storage on a server in KATA
Platform?
Administrator
Configurator
admin
sso
31.How often does Kaspersky Endpoint Agent synchronize tasks, isolation and
execution prevention settings with Central Node (under the default
configuration)?
Continuously (maintains a permanent connection and instantly learns about configuration changes)
Every 5 minutes
Once a minute
Every 15 minutes
32.Which node of a Central Node cluster must be installed after you install the
first storage node?
Storage node
Processing node
Storage node or processing node
33.What does Central Node do?
Sends objects to Sandbox for scanning
Informs Sensors about the available license
Proxies Sensor requests to KSN/KPSN
Scans files using various threat detection technologies
34.How many servers are required to deploy Kaspersky NEXT XDR Expert in a
minimal configuration, including the operator server?
1
2
4
5
35.Some routes are specified as Static Routes in the management network
interface settings on a Sandbox server. Which operations are they used in?
Downloading updates
Accessing KSN
Providing access to the internet from within virtual machines
Sending scanning results to Central Node
36.Select the correct option for deploying Kaspersky NEXT XDR Expert:
On a k0s cluster created automatically during installation
Either of the above
On an existing Kubernetes cluster
37.Which of the following can result in an error when you connect a Central Node
to a Sandbox server?
Central Node is already connected to another Sandbox server
The UTC time differs on the servers
Another Central Node is already connected to the Sandbox server
A license is not installed on Central Node
38.What function does the Subflow construct perform in a playbook algorithm?
Runs a set of identical actions in parallel
Describes a reusable executable block that can be called from different execution steps of the
playbook
Runs different sets of actions in parallel
Runs a step or set of steps based on a condition
Allows you to add arbitrary data to the playbook
39.What is the maximum number of Endpoint Agents that can be supported by an
installation with one Central Node and two dedicated network Sensors?
5000
20000
10000
15000
40.Which command can you use to collect Kaspersky NEXT XDR Expert logs if
Kaspersky NEXT XDR Expert was deployed using KDT?
./kdt logs get
./kdt collect
./kdt k0s logs get
41.Is it true that several incidents can be merged into one?
Yes
No
42.A DNS server was specified in the Sandbox installation wizard. Which
operation will it be used in?
Downloading updates
Providing access to the internet from within virtual machines
Sending scanning results to Central Node
Accessing KSN
43.Which port do you need to specify in the browser address bar to open the web
interface of a Sensor?
None, it is sufficient to type https://
8443
443
A Sensor does not have a web interface
44.Which of the following exclusions can you configure in endpoint isolation
parameters available in the web console of Kaspersky EDR Expert Central Node?
Connections from the specified executable file
Outbound connections to the specified address
Inbound connections from the specified address
Inbound and outbound ICMP packets (but not packets of other protocols)
45.Which node must be installed first in a Central Node cluster?
Storage node
Processing node
Sandbox
46.What types of observables are there in Kaspersky NEXT XDR Expert?
Hash
URL
Domain
Account name
Connection port
IP address
Service
Host name
Secret
47.Which access limitations can you specify for a senior security officer account
in a distributed KEDR installation?
Permit access to the information of specific companies only
Permit access to the information of specific Central Nodes only
Prohibit logging on to the consoles of secondary Central Nodes of the company
Prohibit logging on to the console of the primary Central Node
48.Is it true that XDR is a complex product that requires a team of qualified
specialists to use effectively?
Yes
No
49.Is it true that an alert can contain events?
Yes
No
50.Select the correct statement:
An alert can be created manually
All of the above
An alert is created automatically when correlation rules are triggered
51.Where are the files stored that have been quarantined by the Quarantine file
task through the Central Node web console?
In a centralized storage on Central Node
In local storages on the respective computers
In a centralized storage on the KSC server
In an anonymized storage in the KSN cloud
52.Which operating system versions are used on virtual machines within
Sandbox?
Windows XP
Windows 10
Windows Server 2012 R2
Centos 7.8
Windows 7
53.Which parameter can you use to download a file from a computer for analysis
by the ‘Get file’ task in the Central Node web console?
The file’s full path
A path mask
The file’s checksum (without the path)
The file’s creation date (without the path)
54.Which of the listed products does Kaspersky NEXT XDR Expert officially
support integration with?
Microsoft Active Directory
All of the above
Kaspersky Security Center
Kaspersky Anti Targeted Attack Platform
Kaspersky Threat Intelligence Portal
Kaspersky Open Threat Intelligence Portal
Kaspersky Automated Security Awareness Platform
Kaspersky Industrial CyberSecurity for Networks
55.Which types of custom rules can you import into KATA Platform settings?
Rules for Anti-Malware Engine
YARA rules
TAA rules (in OpenIOC format)
Detection rules for Sandbox
Certified Professional: Kaspersky Next XDR Expert (048.1.1)
Total Questions
36 / 55
Evaluation Score
65.45%
Passing Score
70%
1.Which command can you use to collect Kaspersky NEXT XDR Expert logs if
Kaspersky NEXT XDR Expert was deployed using KDT?
./kdt logs get
./kdt collect
./kdt k0s logs get
2.Which of the following is important when connecting KATA Platform servers to
each other?
Databases must be updated on both servers
The same UTC time must be set on the servers
Both servers must be connected to KSN
An activation key must be installed on both servers
3.Select the correct statements about the transformation of the Central Node
settings when upgrading to version 6.1.
Filters that have been applied to alerts and events will be reset
Installed activation keys will NOT be retained (you will have to reactivate reactivate Central Node)
Data of the Sensor and Sandbox components will be preserved
4.You’ve sent a connection request from Central Node to Sandbox. What should
you do to complete the connection?
Just wait for approximately a minute for Central Node to complete the connection automatically
Open the Sandbox web interface and accept the request
Open the Sandbox text interface via SSH and accept the request
5.Is it true that several incidents can be merged into one?
Yes
No
6.Which actions are available when you need to kill a process via the Central
Node web console deployed as part of KEDR Expert based on KATA Platform?
Kill process based on the full path of the executable (all processes related to this file will be
terminated)
Kill process based on the executable path and parent process ID (all processes that meet these
criteria will be terminated)
Kill process based on the executable path and parent process name (all processes that meet these
criteria will be terminated)
Kill process based on the executable path and process ID
7.Which of the following KATA Platform servers can distribute updates to other
KATA servers?
Sandbox
Central Node
Sensor
Any of the above
None of the above
8.Select the correct statement:
A playbook can be run for an alert
All of the above
A playbook can be run for an incident
9.Which of the following schedules can you specify for an IOC scan task in the
Central Node web console of Kaspersky EDR Expert?
Daily at a specified time
Hourly, or once every several hours
Indicators can only be searched for manually
You cannot specify a schedule; the search is performed daily at 02:00
10.Which of the following can you specify in the installation wizard when
installing Kaspersky Endpoint Agent locally?
The address and port for connecting to Central Node
The certificate for connecting to Central Node
The address and port for connecting to the Sandbox component
None of the above
11.Is it true that Kaspersky NEXT XDR Expert does not include SIEM functionality
and that to add it you need to configure integration with Kaspersky Unified and
Analysis XDR Expert?
Yes
No
12.Which KATA Platform server roles support upgrade to version 6.1 without
reinstalling the server?
All the three
Central Node and Sensor
Central Node only
Sandbox only
13.Which of the following roles can servers have in the KATA Platform?
Database server
Sandbox
Central Node
(Network) Sensor
Network Attack Analyzer
14.Where must the connection between Central Node and Sandbox be initiated
from when exchanging certificates for IPsec authentication?
From Central Node
From Sandbox
From any side
You do not need to do anything of the kind
15.Which of the following DBMSs can Kaspersky NEXT XDR Expert use to store
data?
Microsoft SQL Server
ClickHouse
PostgreSQL
MariaDB
16.Which of the following does the Kaspersky Endpoint Agent update task
download?
IOC rules for scanning the endpoint for indicators of compromise
IDS rules for detecting attacks in the endpoint traffic
YARA rules for scanning the endpoint for known indicators of targeted attacks
Event filters for collecting telemetry to be transmitted to Central Node
17.Is it true that several alerts can be merged into one?
Yes
No
18.Which of the following operating systems does Kaspersky NEXT XDR Expert
support on servers with non-cluster KUMA components installed?
Ubuntu
Debian
Red Hat Linux
Oracle Linux
19.Select the correct statement about TAA (IOA) technology.
TAA analysis is applied to events in real time, as soon as they arrive
TAA analysis is applied in the background to all events stored in the Threat Hunting database
TAA analysis is applied on schedule once a day to all events stored in the Threat Hunting database
TAA analysis is only applied at a security officer’s request
20.Is it true that Kaspersky NEXT XDR Expert does not provide the ability to
inventory assets, but allows integration with other solutions that provide this
functionality?
Yes
No
21.Which Kaspersky NEXT XDR Expert components can be deployed outside the
k0s cluster?
Kaspersky NEXT XDR Expert database
Grafana
KUMA core
Longhorn
All KUMA services except the core
22.Which operating system does a Central Node run?
CentOS
Kaspersky Secure OS
Ubuntu
Debian
23.What types of assets are there in Kaspersky NEXT XDR Expert?
Users
Devices (hosts)
Secrets
Clusters
Services
24.How many alerts can an incident contain (maximum)?
1
200
5
25
100
500
Unlimited
25.What is the minimum number of disks required for Ceph storage of a Central
Node cluster storage node?
1
3
2
4
26.Is it true that it is recommended to deploy and configure a PostgreSQL or
PostgreSQL Pro cluster before deploying Kaspersky NEXT XDR Expert, rather
than deploying databases inside the k0s cluster?
Yes
No
27.How many passwords for scanning protected archives can you specify in the
settings of a KATA Central Node?
Central Node does not have these settings
Up to 1024
Up to 50
As many as necessary
28.An analyst has configured scanning for indicators of compromise on the
network endpoints to start at 02:00. Which time zone does this time refer to?
The Central Node’s time zone
The time zone of the computer on which the web console was running while the schedule was set up
UTC
The time zone of the computer where scanning for indicators will run
29.You have received two ISO images for KATA deployment: kata-cn-6.1.0-324-
inst.x86_64_en-ru-zh.iso and Sandbox-6.1.0-768-inst.x86_64_en-ru-zh.iso. How
can you install a dedicated Sensor?
From the Sandbox installation image
From the Central Node installation image
From a special image that you need to request from the technical support
30.Is it true that the names of all Kaspersky NEXT XDR Expert servers must be
resolved to IP addresses strictly through DNS and that name resolution via
‘hosts’ files is not supported?
Yes
No
31.How often does Kaspersky Endpoint Agent synchronize tasks, isolation and
execution prevention settings with Central Node (under the default
configuration)?
Continuously (maintains a permanent connection and instantly learns about configuration changes)
Every 5 minutes
Once a minute
Every 15 minutes
32.What is the minimum number of nodes in a Central Node cluster?
2
4
5
33.Which operations are implemented in REST API of Central Node version 6.1?
Create a file scan task for the Sandbox component
Create a network isolation task
Get a list of alerts with all details
Create a task for connecting a specific Sensor
Create a request to delete scanning results
34.Which of the following threat detection technologies are implemented on a
Sensor?
Anti-Malware Engine
URL reputation (KSN)
IDS (Suricata)
TAA (Targeted Attack Analyzer)
35.Which task types are available in KEDR Expert?
Get file
Delete file
Stop process
Get list of host users
Get drive contents by sector number
36.Which of the following technologies are used on a Sandbox server for
analyzing file execution results within a virtual machine?
Scanner (anti-malware and static analysis)
YARA
IDS (Suricata)
File reputation (KSN)
37.Is it true that a playbook can be run even if a trigger is not specified?
Yes
No
38.Which file operations can prevention rules block in KEDR Expert?
Running an executable file or script
Creating a file in the specified folder
Running an executable file or script under a particular user account
Changing the specified file in any program
39.Which file types can be transferred for analysis to a Sandbox server?
Windows executables
Microsoft Office and Adobe Acrobat documents
Linux executables
Android executables
40.Which access limitations can you specify for a senior security officer account
in a distributed KEDR installation?
Permit access to the information of specific companies only
Prohibit logging on to the consoles of secondary Central Nodes of the company
Permit access to the information of specific Central Nodes only
Prohibit logging on to the console of the primary Central Node
41.Which of the listed products does Kaspersky NEXT XDR Expert officially
support integration with?
Microsoft Active Directory
All of the above
Kaspersky Security Center
Kaspersky Anti Targeted Attack Platform
Kaspersky Threat Intelligence Portal
Kaspersky Open Threat Intelligence Portal
Kaspersky Automated Security Awareness Platform
Kaspersky Industrial CyberSecurity for Networks
42.How can you edit settings of the preprocessor module?
Edit the file var/opt/kaspersky/apt-preprocessor/preprocessor.conf using the vim or nano utility
Use the console-settings-updater utility
In the Central Node web interface
Only the user who has the ‘local’ administrator role can edit them in the Central Node web interface
43.Is it true that an alert cannot be deleted using standard tools in Kaspersky
NEXT XDR Expert?
Yes
No
It can only be deleted via the API
44.Select the correct option for deploying Kaspersky NEXT XDR Expert:
On a k0s cluster created automatically during installation
On an existing Kubernetes cluster
Either of the above
45.Why might there be no sections with alerts and incidents in the Kaspersky
NEXT XDR Expert console?
Kaspersky NEXT XDR Expert was installed incorrectly. You need to specify the range of IP
addresses of the k0s cluster gateway in the configuration file and re-install the solution
You need to create a new tenant where Kaspersky NEXT XDR Expert resources will be located
You need to add a Kaspersky NEXT XDR Expert license key
You need to add a KUMA license key
The password specified in the installation configuration file must be changed, because it was
specified in plain text and its use is not secure
46.Which KATA Platform server role must be present in any KEDR installation?
Sensor
Central Node
Sandbox
None of the above is a must
47.What objects are created when a correlation rule is triggered? Select the
correct statements.
Correlation event
Alert
Audit event
Monitoring event
Report
48.Can TAA rules analyze chains of events?
Yes; but built-in rules only
Yes, both built-in and custom rules can serve this purpose
No
49.Which of the following can a Central Node do?
Scan uploaded files using the Anti-Malware Engine
Search telemetry received from Endpoint Agents for indicators of attack
Start virtual machines for file analysis
Act as a proxy for Endpoint Agents connected to another Central Node
50.What needs to be specified in the installation command?
Path to the Kaspersky NEXT XDR Expert distribution
Path to the file with installation parameters
Path to the Kaspersky NEXT XDR Expert license key
--accept-eula parameter
Path to the KUMA inventory file
51.From which previous versions of KATA Platform can you upgrade a Central
Node to version 6.1 without reinstalling it?
5.1 or later
6.0.2 only
4.1 or later
Central Node does not support upgrade to version 6.1
52.Which operating system versions are used on virtual machines within
Sandbox?
Windows XP
Windows 7
Windows 10
Centos 7.8
Windows Server 2012 R2
53.What is the name of the Kaspersky Endpoint Agent main service process?
agent.exe
soyuz.exe
avp.exe
endpointagent.exe
54.What should you do if you need to upgrade a Secondary Central Node?
It cannot be upgraded, you will have to reinstall it
Change its role from a Secondary Central Node to a Primary Central Node and upgrade it
Change its role from a Secondary Central Node to a stand-alone Central Node server
55.What does it mean when a user account is not displayed as an asset? Select
the correct statements:
Integration with Kaspersky Security Center hasn’t been configured
Integration with Microsoft Active Directory hasn’t been configured
Enrichment is not configured in the collector
It is an external user that does not belong to the integrated Microsoft Active Directory
Certified Professional: Kaspersky Next XDR Expert (048.1.1)
Total Questions
41.17 / 55
Evaluation Score
74.85%
Passing Score
70%
1.What is the minimum number of disks required for Ceph storage of a Central
Node cluster storage node?
1
3
2
4
2.Is it true that it is recommended to deploy and configure a PostgreSQL or
PostgreSQL Pro cluster before deploying Kaspersky NEXT XDR Expert, rather
than deploying databases inside the k0s cluster?
Yes
No
3.Select the correct statement:
A playbook can only be run for either alerts or incidents
The same playbook can be run for alerts and incidents
4.What address will the Kaspersky NEXT XDR Expert web console be available at
after installation?
xdr.yourdomain.com:443
console.smp.local:7220
console.smp.local:443
xdr.yourdomain.com:7220
xdr.smp.local:443
5.How can an incident be created? Select the correct answers.
Manually in the Kaspersky NEXT XDR Expert console
Automatically using segmentation rules
By increasing an alert's severity level to critical
6.What function does the Switch construct perform in a playbook algorithm?
Runs a set of identical actions in parallel
Runs a step or set of steps based on a condition
Runs different sets of actions in parallel
Describes a reusable executable block that can be called from different execution steps of the
playbook
Allows you to add arbitrary data to the playbook
7.Is it true that before deploying Kaspersky NEXT XDR Expert it is recommended
to deploy and configure a ClickHouse cluster to store events?
Yes
No
8.Which component of KATA/KEDR sends objects for scanning to a Sandbox
server?
Sensor
Central Node
Endpoint Agent
EXTERNAL Sensor via API
9.What component of a dedicated Sensor detects threats using periodically
downloaded updates?
URL Reputation
IDS (Suricata)
Redis Slave
None of the above
10.What is smp.local in the installation configuration file?
An internal service domain of the Kubernetes cluster; it should not be changed
A domain that needs to be replaced with the domain where Kaspersky NEXT XDR Expert servers
will be deployed
11.What condition must be met for a correlator to apply rules to events coming
from different tenants?
The correlator must belong to all tenants from which it receives events for processing
The correlator must belong to the Shared tenant
The correlator must belong to the Root tenant
The correlator must belong to the Main tenant
12.From which previous versions of KATA Platform can you upgrade a Central
Node to version 6.1 without reinstalling it?
5.1 or later
6.0.2 only
4.1 or later
Central Node does not support upgrade to version 6.1
13.What utility is used to deploy Kaspersky NEXT XDR Expert?
KDT
MDT
UDT
OSMP
14.Which of the following KATA Platform servers can distribute updates to other
KATA servers?
Sandbox
Central Node
Sensor
Any of the above
None of the above
15.What happens if a storage node fails in a Central Node cluster?
The telemetry stored there will be lost
The stored telemetry will not be lost, but you will need to restore it
A processing node will change its role to storage node
None of the above
16.Some routes are specified as Static Routes in the management network
interface settings on a Sandbox server. Which operations are they used in?
Downloading updates
Providing access to the internet from within virtual machines
Accessing KSN
Sending scanning results to Central Node
17.How can you analyze a system memory dump obtained using a Kaspersky
EDR task?
By uploading the file to the Analytics section of the KATA Platform web interface
Using the Tasks section of the KATA Platform web interface
Using third-party software
Using SCP to upload the file to the Analytics section of the KATA Platform web interface
18.Which parameter can you use to download a file from a computer for analysis
by the ‘Get file’ task in the Central Node web console?
The file’s full path
A path mask
The file’s checksum (without the path)
The file’s creation date (without the path)
19.How many alerts can an incident contain (maximum)?
1
200
5
25
100
500
Unlimited
20.Which options are available if you need to configure a trusted connection
between Endpoint Agent and Central Node in KATA Platform?
Non-secure connection
A secure connection where only Central Node verifies the Endpoint Agent’s certificate
A secure connection with mutual authentication when both Endpoint Agent and Central Node verify
certificates
A secure connection where only Endpoint Agent verifies the Central Node’s certificate
21.Which node must be installed first in a Central Node cluster?
Storage node
Processing node
Sandbox
22.What types of assets are there in Kaspersky NEXT XDR Expert?
Users
Devices (hosts)
Secrets
Clusters
Services
23.How many hierarchy levels can there be in a distributed KATA installation?
All Central Nodes work independently in KATA architecture
Two: a primary node and secondary nodes
Central Nodes can be joined into a structure, but there will be no hierarchy; all servers will be peers
There are no limits: any Central Node can be secondary to another node and simultaneously primary
to other nodes
24.Which of the following schedules can you specify for an IOC scan task in the
Central Node web console of Kaspersky EDR Expert?
Daily at a specified time
Hourly, or once every several hours
Indicators can only be searched for manually
You cannot specify a schedule; the search is performed daily at 02:00
25.What objects are created when a correlation rule is triggered? Select the
correct statements.
Correlation event
Alert
Audit event
Monitoring event
Report
26.Which of the following KATA Platform servers can you integrate with SIEM?
Central Node
Sensor
Sandbox
27.Which operating system does a Central Node run?
CentOS
Ubuntu
Kaspersky Secure OS
Debian
28.What types of observables are there in Kaspersky NEXT XDR Expert?
Hash
URL
Host name
Domain
Account name
IP address
Service
Secret
Connection port
29.Where are the files stored that have been quarantined by the Quarantine file
task through the Central Node web console?
In a centralized storage on Central Node
In local storages on the respective computers
In a centralized storage on the KSC server
In an anonymized storage in the KSN cloud
30.Select the correct statements about the transformation of the Central Node
settings when upgrading to version 6.1.
Filters that have been applied to alerts and events will be reset
Data of the Sensor and Sandbox components will be preserved
Installed activation keys will NOT be retained (you will have to reactivate reactivate Central Node)
31.How can you edit settings of the preprocessor module?
Edit the file var/opt/kaspersky/apt-preprocessor/preprocessor.conf using the vim or nano utility
Use the console-settings-updater utility
In the Central Node web interface
Only the user who has the ‘local’ administrator role can edit them in the Central Node web interface
32.Which types of events will be sent to SIEM if you enable SIEM integration in
the Central Node web interface?
Alerts about detected threats
Component statuses (heartbeats)
Information about user actions in the web interface
All telemetry from Endpoint Agents
33.What address will the KUMA web console be available at after installation?
kuma.yourdomain.com:443
kuma.smp.local:7220
kuma.smp.local:443
kuma.yourdomain.com:8080
xdr.smp.local:8081
34.Which parameters must be specified when installing Endpoint Agent from the
command line?
SERVER
EULA
PRIVACYPOLICY
LICENSEKEYPATH
35.Is it true that SELinux must be disabled on servers where non-cluster KUMA
services will be installed?
Yes
No
36.Select the correct statement:
An alert can be created manually
All of the above
An alert is created automatically when correlation rules are triggered
37.How many Sandbox servers (maximum) can you connect a Central Node to?
0 (a Central Node cannot be connected to a Sandbox server)
1
2
None of the above
38.Which of the following technologies are used on a Sandbox server for
analyzing file execution results within a virtual machine?
Scanner (anti-malware and static analysis)
IDS (Suricata)
YARA
File reputation (KSN)
39.Which of the following restrictions does Kaspersky NEXT XDR Expert impose
on the running of custom scripts used to respond to alerts or incidents?
Only Bash scripts
None of the above
Only PowerShell scripts
Only Python scripts
Only scripts that can be run on Linux
40.Select the correct statements:
For devices to appear as assets in alerts, you need to set up integration with Microsoft Active
Directory and import computer accounts
For devices to appear as assets in alerts, you need to configure the import of device information
from the KSC that is part of Kaspersky NEXT XDR Expert or an external standalone KSC
Device information can be entered manually, and then the device will appear as an asset in the alert
41.For whom are XDR products most relevant?
Small and medium-sized organizations that do not have adequate resources to build processes for
detecting and responding to cyberthreats
Organizations that understand the risks and potentially huge damage from complex attacks and are
ready to invest in security, specialists and tools.
Large organizations with complex infrastructure
42.What is a ‘company’ in a distributed KEDR installation?
A range of IP addresses to which a threat may be related
An organizational unit to which one or more Central Nodes can be assigned
An organizational unit to which one or more secondary Central Nodes can be assigned
A mail domain to which threats may be related
43.How can you add indicators of attack (TAA rules) that are used for analyzing
events received from Endpoint Agents?
Save from a manually created search in Threat Hunting
Import from a file in OpenIOC format
Receive from KSN
Receive along with updates
44.Which of the following roles can servers have in the KATA Platform?
Database server
Sandbox
Central Node
(Network) Sensor
Network Attack Analyzer
45.In which format can you import indicators of attack to search computers for
them using Kaspersky EDR?
YARA
OpenIOC
STIX
None of the above, Kaspersky EDR uses a proprietary format for indicators of compromise
46.A network Sensor can act as a proxy for Endpoint Agents. How many Endpoint
Agents (maximum) does a Sensor acting as a proxy support?
1000
10000
5000
15000
47.Is it true that XDR is a complex product that requires a team of qualified
specialists to use effectively?
Yes
No
48.The address of which node of a Central Node cluster can you use to open the
KATA Platform web interface?
Storage node
Any node
Processing node
First storage node
49.Which of the following processes belong to Kaspersky Endpoint Agent?
sputnik.exe
soyuz.exe
proton.exe
atom.exe
50.How many servers are required to deploy Kaspersky NEXT XDR Expert in a
minimal configuration, including the operator server?
1
4
2
5
51.Which KATA Platform server role must be present in any KEDR installation?
Sensor
Central Node
Sandbox
None of the above is a must
52.Which operating system versions are used on virtual machines within
Sandbox?
Windows XP
Windows 7
Windows 10
Centos 7.8
Windows Server 2012 R2
53.Select the correct statement about the need to specify the company name for a
Central Node in a distributed KATA Platform installation.
You do not need to specify a company name for the primary Central Node
The company name is a must for any Central Node in a distributed installation
The company name is optional for any Central Node in a distributed installation
You do not need to specify a company name for secondary Central Nodes
54.How often does Kaspersky Endpoint Agent synchronize tasks, isolation and
execution prevention settings with Central Node (under the default
configuration)?
Continuously (maintains a permanent connection and instantly learns about configuration changes)
Every 5 minutes
Once a minute
Every 15 minutes
55.An analyst has configured scanning for indicators of compromise on the
network endpoints to start at 02:00. Which time zone does this time refer to?
The Central Node’s time zone
The time zone of the computer on which the web console was running while the schedule was set up
UTC
The time zone of the computer where scanning for indicators will run