Apex One as a Service Certified Professional, Exams of Urban Services Design and Administration

Download Apex One as a Service Certified Professional and more Exams Urban Services Design and Administration in PDF only on Docsity! 1. A Threats/Violations Found alert is displayed on a Security Agent-protected endpoint, as displayed in the exhibit. What caused this alert to be displayed? a. A file deemed to be suspicious since it contains a matching malware pattern was detected on the endpoint. b. A file deemed to be suspicious was detected on the endpoint through Predictive Machine Learning. c. A file deemed to be suspicious was detected on the endpoint through Behavior Monitoring. d. A file object with an entry on the Suspicious Objects List with a scan action of Block was detected on the endpoint. Target endpoints receiving policy settings through Apex Central can be identified using Filter by Criteria or Specify Agent(s) as displayed in the exhibit. Which of the following statements regarding these two options are TRUE? Select all that apply. a. Policies targeted to endpoints using Specify Target will always take precedence of policies targeted using Filter by Criteria. b. Assigning policies using Filter by Criteria allows policies to be deployed to endpoints across multiple domains. c. When identifying target endpoints using Filter by Criteria, if the matching characteristics of the endpoints change over time, a different policy may be deployed to the endpoint. d. When a policy is assigned to endpoints using Specify Target, the assigned target will never change or be re-evaluated. Which of the following detection techniques are able to identify threats on the endpoint only after the malware executes? Select all that apply. a. Smart Scan b. Behavior monitoring c. Run-time Predictive Machine Learning d. Vulnerability protection the Apex One Security Agent icon in the Windows System Tray displays with the icon shown in the exhibit. Which of the following answers describes the state of the Agent? Select all the answers that apply. The Security Agent does not have access to a Smart Protection source. The Security Agent has a connection to the Apex One Server. The Real-time Scan service on the Security Agent is not running The Security Agent does not have a connection to the Apex One Server. Which of the following Security Agent components are protected from unauthorized modifications using the Agent Self-protection features in Apex One? Select all that apply. a. Security Agent Registry settings b. Security Agent tree entries in the Apex One Web Management console c. Security Agent services d. Files in the Security Agent folder on the endpoint computer Which of the following scan engines are used by the NT Real-time Scan Service on a Security Agent-protected endpoint? Select all that apply. a. Advanced Threat Scan Engine (ATSE) b. Spyware Scanning API (SSAPI) c. Damage Cleanup Engine (DCE) d. Virus Scanning API (VSAPI) Which of the following statements regarding File Census in Apex One is FALSE? a. File Census is a service provided through the Smart Protection Network. b. File Census can scan for files on http but not https channels. c. File Census checks for prevalence of a file. d. File Census checks for maturity of a file. What is the effect of the Data Discovery rule displayed in the exhibit? a. Endpoint computers assigned the rule will be scanned on a regular basis for any files containing personally identifiable information and any incidents of these files will be logged. b. The transfer of files containing personally identifiable information will be logged. c. Endpoint computers assigned the rule will be scanned on a regular basis for any files containing personally identifiable information and these files will be encrypted. d. All computers in the Apex Central endpoint list will be scanned on a regular basis for any files containing personally identifiable information and any incidents of these files will be logged. Which of the following statements regarding the use of the Trusted Program List as displayed in the exhibit is FALSE? a. Scan performance on endpoints can be improved by using the Trusted Program List since these processes are excluded from suspicious activity monitoring. b. Security Agents skip scanning of programs or processes in the Trusted Program List during real-time, application control, data loss prevention, device control and behavior monitoring scans. c. Security Agents skip scanning of programs or processes in the Trusted Program List during real-time, manual, scheduled and scan now scans. d. You can add files to the Trusted Program List if they are not located in the Windows system directory or have a valid digital signature. Which of the following statements regarding the use of Smart Scan with Apex One are TRUE? Select all that apply a. Smart Scan is a method for identifying which files to scan based on the true file type and not the extension. b. Smart Scan makes use of the File Reputation Service on the Smart Protection Network. c. Smart Scan is a technique where Security Agents can evaluate unknown threats by extracting file features and submitting them to the Smart Protection Network for analysis. d. Smart Scan offloads some of the malware patterns to a centralized database which reduces the amount of information that must be stored on the Security Agent computer. Which of the following are valid actions that can be taken on objects within the Trend Micro Vision One console to respond directly to threats? Select all that apply. a. Reboot Endpoint b. Isolate Endpoint c. Add to Allow List d. Start Remote Shell Session Which of the following statements regarding Update Agents is TRUE? a. Update Agents are only able to distribute incremental patterns to Security Agents. Full patterns must be distributed by the Apex One Server. b. Security Agents are assigned an Update Agent in Apex Central by modifying the scan settings in a policy. c. A separate installation package must be created to allow a Security Agent to assume the role of an Update Agent. d. Without Update Agents in place, all Security Agents retrieve their updates from the Apex One Server. What are the two profiles available for Vulnerability Protection in Apex One? Choose the two answers that apply. a. Policy profile b. Aggressive profile c. Recommended profile d. Exploit profile Which of the following statements regarding Lockdown Mode in Apex One Application Control policies are TRUE? Select all that apply. a. Applications from trusted vendors can be excluded from Lockdown. b. When in Lockdown Mode, an inventory of all the applications on each endpoint governed by the policy is stored on the Apex One Server. c. When in Lockdown Mode, Apex One blocks all applications not identified during an inventory scan. d. When in Lockdown Mode, the endpoint does not permit access to any application that do not specifically match Allow criteria. Which of the following components are required to implement Zero Trust Network Access in Trend Micro Vision One? Select two components from the list below. a. Cloud Sandbox b. Secure Access Module c. Predictive Machine Learning d. Secure Access Connector Which Trend Micro Vision One app displays alerts triggered by the detection models and enables the analyst to investigate each alert? Type the correct answer in the space provided. workbench Which of the following activities will NOT be captured as attacks through Behavior Monitoring in Apex One? a. A malicious application attempts to replace a system file with another file of the same name. b. A malicious program modifies Windows shell settings to associate themselves to certain file types, allowing the malicious program to launch automatically when an end-user attempts to open the associated file in Windows Explorer. c. A malicious program is downloaded from the Web through Internet Explorer or Outlook d. A malicious program adds or modifies autostart entries in the Windows Registry. This will automatically launch the malicious program when the computer starts. Which of the following statements regarding Predictive Machine Learning is FALSE? a. Predictive Machine Learning in Apex One works on files and processes. b. Predictive Machine Learning is only used on files accessed through the Web. c. The Predictive Machine Learning model is fed a large number of good and bad files to teach it to identify malware. d. The Security Agent extracts features of the file and submits it to the Predictive Machine Learning model to make a decision. Which of the following best describes Assessment Mode in Apex One a. Assessment Mode provides a trial period for evaluating Apex One protection before requiring valid activation codes to be provided. b. Assessment Mode allows an administrator to evaluate items that Apex One detects as the items are logged only. c. Assessment Mode provides a time period where files evaluated by the Security Agent are submitted to the Predictive Machine Learning model. Submissions provided while in Assessment Mode train the model to identify potential malware for your installation of Apex One. d. Assessment Mode allows administrator to maintain visibility of external users even when they are not using a VPN connection into the corporate network. A Security Agent is deployed in Coexist mode on a collection of endpoint computers. How can these endpoints make use of the full feature set provided by Apex One? a. A policy using the Privilege and Other Settings value of "Permanently convert Security Agents using coexist mode into fully-functional Security Agents" must be deployed to the Security Agents. b. You must redeploy the policy on the Security Agents with the installation mode of "Full feature set" enabled. c. In the Security Agent console, click "Convert Security Agents using coexist mode into fully- functional Security Agents". d. Uninstall any other security applications on the endpoint computer. Once these other applications are removed, the Security Agent will take over the security operations with full functionality. Which of the following is NOT a valid Outbreak Prevention Policy option that can configured by an administrator? a. Denying access to compressed executable files b. Blocking ports c. Limiting or denying access to shared folders d. Limiting or denying write access to mapped network drives Predictive Machine Learning in Apex One can monitor for files from which of the following channels? Select all that apply. a. Selected Web browsers b. Microsoft Outlook c. Files copied from a network share using Windows Explorer d. USB Which of the following Smart Protection Services provides details of the prevalence and maturity of executable files? a. Smart Feedback b. Census Service c. File Reputation d. Certified Safe Software Service In Trend Micro Vision One, the Early Warning app scans for early indicators of ongoing attack campaigns. To allow the Early Warning app to scan your data, which of the following security features must be enabled in Apex One as a Service? Select all that apply. a. Real-time Scan b. Web Reputation c. Predictive Machine Learning d. Smart Feedback Which of the following detection techniques can block threats as they enter the endpoint? Select all that apply. a. Device Control b. Web Reputation c. Vulnerability Protection d. Browser Exploit Protection Which of the following statements regarding the Newly Encountered Programs feature of Behavior Monitoring is FALSE? a. End users can be prompted to allow programs with low prevalence or maturity. b. Behavior Monitoring scans HTTP, HTTPS and email for programs with low prevalence or maturity. c. The prevalence and maturity values used to determine if an application is new can be configured under the Global Agent Settings. d. The Newly Encountered Program feature requires Real-Time Scan and Web Reputation be enabled. When identifying the target endpoints for policies using filtered criteria, some of the endpoints match multiple policies. Since an endpoint can only a single policy applied to it, how does Apex Central decide which policy to apply to these endpoints. a. Apex Central will be unable to assign policies to these endpoints. The policy list will identify the number of endpoints that could not be matched under the "With Issues" column. b. Apex Central will assign the latest policy to these endpoints. c. Apex Central will apply the first policy that the endpoint matched, based on the order of priority of the policies. d. Apex Central will assign one of the matched policies at random, and an alert will be generated to advise the administrator. Which of the following statements regarding Apex One polling events is FALSE ? a. Polling enables the Security Agent to be advised of updated settings and components. b. Polling is used to confirm that the connection between the Security Agent and the Server remains functional. c. Polling is initiated by the Security Agent based on a Global Agent Setting. d. Polling is initiated by the Apex One Server. A real-time scan for malware is configured, as displayed in the exhibit. Which of the following statements regarding this configuration are TRUE? Select all that apply. a. Since "Extend from Parent" is enabled, administrators creating a child policy will be unable to add further extensions to the list. b. This policy is configured as a Parent policy. c. Since "Extend from Parent" is enabled, administrators creating a child policy can add further extensions to the list. d. This policy is configured as a Child policy. Target endpoints receiving policy settings through Apex Central can be identified using Filter by Criteria or Specify Agent(s) as displayed in the exhibit. Which of the following statements regarding these two options are TRUE? Select all that apply. a. Policies targeted to endpoints using Specify Target will always take precedence of policies targeted using Filter by Criteria. b. Assigning policies using Filter by Criteria allows policies to be deployed to endpoints across multiple domains. c. When identifying target endpoints using Filter by Criteria, if the matching characteristics of the endpoints change over time, a different policy may be deployed to the endpoint. d. When a policy is assigned to endpoints using Specify Target, the assigned target will never change or be re-evaluated. Which of the following Security Agent components are protected from unauthorized modifications using the Agent Self-protection features in Apex One? Select all that apply. a. Security Agent Registry settings b. Security Agent tree entries in the Apex One Web Management console c. Security Agent services d. Files in the Security Agent folder on the endpoint computer The [answer] app in Trend Micro Vision One allows an analyst to construct query strings to pinpoint data or objects for investigation within the environment. Select the correct answer from the drop-down list. a. Search b. Observed Attack Techniques c. Security Assessment d. Detection Model Management Which one of the following is NOT a capability of the Apex One Ransomware protection? Decrypts ransomware encrypted files. Protects documents against unauthorized encryption operations. Automatically backs up and restores files encrypted by unauthorized operations. Blocks processes commonly associated with ransomware. Based on the policy configuration displayed in the exhibit, which of the following Web sites will be blocked? Select all that apply. www.download.xyz.com (Web reputation score of 81) www.newstoday.com (Web reputation score of 64) www.freefilesforyou.com (Web reputation score of 51) www.totaljazz.com (Web reputation score of 71) What is the role of the Reference Server configuration as displayed in the exhibit? Security Agents use this configuration to determine whether they connect to an on-premise Apex One Server or Apex One as a Service Server. In the Reference Server window, provide the details of the Apex One as a Service Server and port number. Security Agents used this configuration to identify alternate update sources. If an Agent is unable to contact the Primary Update Source, it will attempt to connect to the Reference Server. Security Agents use this configuration to identify secondary Apex One Servers. When a Security Agent needs to be moved from one Server to another, the servers listed as Reference Servers will be available as destination choices in the Move Agent window. Security Agents use this configuration to determine which policy to use. If a Security Agent can not connect to the server listed in this configuration, the policy for external agents is used.