EMT Practice Test

1. Question Content...


Question List

Question1: Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

Question2: To ensure that the Traps VDI tool can obtain verdicts for all unknown files what are the things that needs to be checked? Assuming ESM Console and ESM Server are on different servers. (Choose two.)

Question3: An administrator is testing an exploit that is expected to be blocked by the JIT Mitigation EPM protecting the viewer application in use. No prevention occurs, and the attack is successful.
In which two ways can the administrator determine the reason for the missed prevention?
(Choose two.)

Question4: A company wants to implement a new Virtual Desktop Infrastructure (VDI) in which the endpoints are protected with Traps. It must select a VDI platform that is supported by Palo Alto Networks for Traps use.
Which two platform are supported? (Choose two.)

Question5: An administrator can check which two indicators to verity that Traps for Mac is running correctly on an installed endpoint? (Choose two.)

Question6: Uploads to the ESM Sever are failing.
How can the mechanism for forensic and WildFire uploads be tested from the endpoint?

Question7: From the ESM console, which two ways can an administrator verify that their installed macOS agents are functional? (Choose two.)

Question8: A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL.
Which troubleshooting step determines if this is an SSL issue?

Question9: Which software category is most likely to cause a conflict with the Traps agent?

Question10: Which version of .NET Framework is required as a prerequisite when installing Traps agent on Windows 7?

Question11: An administrator has installed Traps 4.0. The administrator wants to test the malware protections provided. What sample should they use to test the protections provided by Traps?

Question12: A customer has an environment with the following:
* 1,000 agents communicating over SSL with two servers - one containing the ESM Server and another one where the ESM Console is installed
* BitsUploads resides on the ESM Console server
* ESM Server and Console are using the default pods tor communication
In a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

Question13: An administrator has decided to test Traps functionality using malware samples in an isolated non-production environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

Question14: Traps agents use a default password for uninstallation in the event that they never communicate with their ESM server. Identify the password.

Question15: The administrator has added the following whitelist to the WildFire Executable Files policy.
*\mysoftware.exe
What will be the result of this whitelist?

Question16: An administrator would like to add Google Chrome and Google Chrome Helper to the exploit prevention policy for macOS. In order to achieve this task, which option should be added to the macOS protected processes list?

Question17: An administrator is concerned about rogue installs of Internet Explorer.
Which policy can be created to assure that Internet Explorer can only run from the
\Program Files \Internet Explorer \directory?

Question18: When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

Question19: During installation of the ESM and the agent, SSL was enabled on an endpoint.
However, the agent communication is failing. The services.log on the endpoint has the following error.
*An error occurred while making the HTTP request to https://hostname:2125/CyveraServer/.
This could be due to the fact that the server certificate is not configured property with HTTP SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server." Which certificate can be imported on the endpoint to solve this issue? Assume the hostname is a valid FQDN and the ESM Server and Console have different certificates.

Question20: A retail company just purchased Traps for its 8,000 endpoints. Many of its users work remotely. The company is not using any VPN solution, but would still like to manage all endpoints regardless where they are.
Which two aspects should be part of the recommendation? (Choose two.)