EMT Practice Test

1. Question Content...


Question List

Question1: Wh.ch Firewall rule components should an administrator configure to block facebook.com use during business hours?

Question2: Which file property does SES utilize to search the VirusTotal website for suspicious file information?

Question3: What option must an administrator choose when rolling back a policy assignment to a previous version?

Question4: Which Antimalware technology is used after all local resources have been exhausted?

Question5: Which two (2) skill areas are critical to the success of incident Response Teams (Select two)

Question6: Which two (2) steps should an administrator take to guard against re-occurring threats? (Select two)

Question7: Which antimalware intensity level is defined by the following: "Blocks files that are most certainly bad or potentially bad files. Results in a comparable number of false positives and false negatives."

Question8: Which device page should an administrator view to track the progress of an issued device command?

Question9: Which URL is responsible for notifying the SES agent that a policy change occurred in the cloud console?

Question10: What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

Question11: In the ICDm, administrators are assisted by the My Task view. Which automation type creates the tasks within the console?

Question12: A user downloads and opens a PDF file with Adobe Acrobat. Unknown to the user, a hidden script in the file begins downloading a RAT.
Which Anti-malware engine recognizes that this behavior is inconsistent with normal Acrobat functionality, blocks the behavior and kills Acrobat?

Question13: Which two (2) Discovery and Deploy features could an administrator use to enroll MAC endpoints? (Select two)

Question14: Which report template out format should an administrator utilize to generate graphical reports?

Question15: An endpoint fails to retrieve content updates.
Which URL should an administrator test in a browser to determine if the issue is network related?

Question16: Files are blocked by hash in the blacklist policy.
Which algorithm is supported, in addition to MD5?

Question17: What is the primary issue pertaining to managing roaming users while utilizing an on-premise solution?

Question18: Which Anti-malware technology should an administrator utilize to expose the malicious nature of a file created with a custom packet?

Question19: An endpoint is offline, and the administrator issues a scan command. What happens to the endpoint when it restarts, if it lacks connectivity?

Question20: Which IPS Signature type is Primarily used to identify specific unwanted traffic?

Question21: How long does a blacklist task remain in the My Tasks view after its automatic creation?

Question22: What are the Exploit Mitigation security control's mitigation techniques designed to prevent?

Question23: An administrator must create a custom role in ICDm.
Which area of the management console is able to have access restricted or granted?

Question24: An administrator selects the Discovered Items list in the ICDm to investigate a recent surge in suspicious file activity. What should an administrator do to display only high risk files?

Question25: Which default role has the most limited permission in the Integrated Cyber Defense Manager?