The FireAMP Mobile endpoint connector currently supports which mobile OS device?
A. Firefox
B. HTML5
C. Android
D. iPhone
Which feature allows retrospective detection?
A. Total Recall
B. Cloud Recall
C. Recall Alert
D. Recall Analysis
Which statement describes an advantage of cloud-based detection?
A. Limited customization allows for faster detection.
B. Fewer resources are required on the endpoint.
C. Sandboxing reduces the overall management overhead of the system.
D. High-speed analytical engines on the endpoint limit the amount of work the cloud must perform.
The FireAMP connector monitors the system for which type of activity?
A. Vulnerabilities
B. Enforcement of usage policies
C. File operations
D. Authentication activity
Which set of actions would you take to create a simple custom detection?
A. Add a SHA-256 value; upload a file to calculate a SHA-256 value; upload a text file that contains SHA256 values.
B. Upload a packet capture; use a Snort rule; use a ClamAV rule.
C. Manually input the PE header data, the MD-5 hash, and a list of MD-5 hashes.
D. Input the file and file name.
When discussing the FireAMP product, which term does the acronym DFC represent?
A. It means Detected Forensic Cause.
B. It means Duplicate File Contents.
C. It means Device Flow Correlation.
D. It is not an acronym that is associated with the FireAMP product.
What is the default clean disposition cache setting?
A. 3600
B. 604800
C. 10080
D. 1 hour
What is a valid data source for DFC Windows connector policy configuration?
A. SANS
B. NIST
C. Emerging Threats
D. Custom and Sourcefire
What is the default command-line switch configuration, if you run a connector installation with no parameters?
A.
B.
C.
D.
When you are viewing information about a computer, what is displayed?
A. the type of antivirus software that is installed
B. the internal IP address
C. when the operating system was installed
D. the console settings
Which information does the File Trajectory feature show?
A. the time that the scan was run
B. the name of the file
C. the hosts on which the file was seen and points in time where events occurred
D. the protocol
In a FireAMP Private Cloud installation, which server does an administrator use to manage connector policy and view events?
A. opadmin.
B. console.
C. cloud.
D. aws.
The Accounts menu contains items that are related to FireAMP console accounts. Which menu allows you to set the default group policy?
A. Audit Log
B. Users
C. Applications
D. Business
Which pair represents equivalent processes whose names differ, depending on the connector version that you are running?
A. immunet_protect and iptray
B. agent.exe and sfc.exe
C. TETRA and SPERO
D. ETHOS and SPERO
Which option describes a requirement for using Remote File Fetch?
A. It must be done from a private cloud console.
B. It can be done only over port 32137.
C. The administrator must have two-step authentication enabled.
D. The feature is integrated into the product, so no specific requirements must be fulfilled.