EMT Practice Test
1. Question Content...
Question6: Analysts can effectively use the McAfee SIEM to identify threats by
Question8: McAfee's SIEM provides awareness of illicit behavior across multiple internal systems via
Question9: The McAfee SIEM solution satisfies which of the following compliance requirements?
Question11: Malware performing a network enumeration scan will be visible at the McAfee SIEM as
Question18: When writing custom correlation rules, the analyst should focus on
Question24: Which of the following two appliances contain Event databases?
Question25: A backup of the ELM management database captures
Question32: Where can the ESM event database archive inactive partitions?
Question33: The fundamental purpose of the Receiver Correlation Subsystem (RCS) is
Question39: Internet perimeter firewall data-sources provide excellent visibility into
Question42: Be default, events in McAfee SIEM are aggregated on which of the following three fields?
Question43: Zones allow a user to group devices and the events they generate by
Question45: The normalization value assigned to each data-source event allows
Question49: Which of the following statements about Client Data Sources is TRUE?
Question50: The McAfee SIEM baselines daily events over
Question51: When a Correlation Rule successfully triggers, this occurs at the
Question52: The ESM database is unavailable for use during
Question53: The McAfee Enterprise Security Manager (ESM) system clock is set to
Question55: Which authentication methods can be configured to control alarm management privileges?
Question56: Flow Aggregation is based on which of the following?
Question67: Event Aggregation is performed on which of the following fields?