PSE-ENDPOINT Online Practice Questions and Answers

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

A. USB port version of the victim host

B. Speed and make of the victim's RAM

C. software version of the target application

D. platform, architecture, and patch level of the victim host

An administrator receives an alert indicating the ESM service is not starting on the ESM Server. When the

administrator tries to start the service manually, the administrator receives an error. "The Endpoint Security

Manager service on Local Computer started and then stopped."

What is the cause of the failure?

A. The Account assigned to the service does not have "Log on as a batch job" permissions on the machine.

B. The Account assigned to the service does not have "Log on as a service" permissions on the machine.

C. The Account assigned to the service is not the Local Administrator on the machine.

D. The Account assigned to the service is not an Active Directory Domain user.

Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)

A. Conditions

B. Processes

C. ESM Server

D. Target Objects

E. Features

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy. Local analysis is enabled Quarantining of malicious files is enabled Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen. Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire. Which behavior will result?

A. WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.

B. Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.

C. WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.

D. WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

An ESM server's SSL certificate needs two Enhanced Key Usage purposes: Client Authentication and ________________

A. Server Authentication

B. File Recovery

C. IP Security User

D. IP Security Tunnel Termination

A company is trying to understand which platform can be installed on their environment: Select the three endpoints where Traps can be installed (Choose three).

A. Windows 10 LTSB with 2 GB RAM, 500MB free disk space and Intel Core i5 CPU

B. Windows 2000 SP4 with 1 GB RAM, 4 GB free disk space and Intel Pentium 4 CPU

C. Apple iPhone 6s

D. Windows Server 2012 R2 Standard Edition in FIPS Mode, with 4GB RAM, 20GB free disk space, running on VMware ESXi.

E. 15" MacBook Pro running macOS 10.12 with 16GB RAM, Intel Core i7 CPU and 100GB tree disk space

An administrator is testing an exploit that is expected to be blocked by the JIT Mitigation EPM protecting the viewer application in use. No prevention occurs, and the attack is successful. In which two ways can the administrator determine the reason for the missed prevention? (Choose two.)

A. Check in the HKLM\SYSTEM\Cyvera\Policy registry key and subkeys whether JIT Mitigation is enabled for this application

B. Check if a Just-In-Time debugger is installed on the system

C. Check that the Traps libraries are injected into the application

D. Check that all JIT Mitigation functions are enabled in the HKLM\SYSTEM\Cyvera\Policy\Organization \Process\Default registry key

A retail company just purchased Traps for its 8,000 endpoints. Many of its users work remotely. The company is not using any VPN solution, but would still like to manage all endpoints regardless where they are. Which two aspects should be part of the recommendation? (Choose two.)

A. As each ESM Core server can handle up to 30,000 endpoints, use at least 1 ESM Core server internally and 1 ESM core server in the DMZ for external endpoints.

B. Placing an ESM Core server in the DMZ or in a cloud hosting service allows external endpoints to connect to it, even without a VPN client.

C. Protection for remote endpoints is currently not supported. Since the ESM servers can only be installed in an internal network, endpoints without VPN will not be able to connect to it.

D. If there is no connection to the ESM Core server, Traps agents automatically connect to WildFire and endpoints are fully protected. No additional ESM Core servers are needed.

Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?

A. msiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1

B. msiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1

C. msiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1

D. msiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1

Files are not getting a WildFire verdict.

What is one way to determine whether there is a BITS issue?

A. Check the upload status in the hash control screen.

B. Run a telnet command between Traps agent and ESM Server on port 2125.

C. Use PowerShell to test upload using HTTP POST method.

D. Initiate a "Send support file" from the agent.