Scribd Logo
Upload

Welcome to Scribd!

  • Trellix Endpoint Detection and Response (EDR) 3.5 Essentials

    Uploaded by

    Lyu Sey
    1K views8 pages
    The document is a series of questions and answers about Trellix Endpoint Detection and Response (EDR) 3.5 Essentials. It covers topics like the different MVISION EDR dashboards, configuring cloud accounts, investigating threats using historical search data, and components like collectors that enable searches across endpoints.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Read this document in other languages

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a series of questions and answers about Trellix Endpoint Detection and Response (EDR) 3.5 Essentials. It covers topics like the different MVISION EDR dashboards, configuring cloud accounts, investigating threats using historical search data, and components like collectors that enable searches across endpoints.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views8 pages

    Trellix Endpoint Detection and Response (EDR) 3.5 Essentials

    Uploaded by

    Lyu Sey
    The document is a series of questions and answers about Trellix Endpoint Detection and Response (EDR) 3.5 Essentials. It covers topics like the different MVISION EDR dashboards, configuring cloud accounts, investigating threats using historical search data, and components like collectors that enable searches across endpoints.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Trellix Endpoint Detection and Response (EDR) 3.

    5 Essentials

    Course Exam Which MVISION EDR dashboard is the primary or starting place for reviewing new
    threats 0

    Choice

    Threat Work Space

    Wrong

    0000:00:12.48

    Course Exam Where in ePO can you validate that the user has a valid cloud account needed for
    MVISION EDR Workspace 0

    Choice

    In ePO Server Settings under MVISION Cloud Bridge

    Correct

    0000:00:15.91

    Course Exam What MVISION EDR feature utilizes data from devices that were collected on a
    streaming basis to assist with analyzing how a threat occurred in the system and what triggered it 0

    Choice

    Historical Search

    Correct

    0000:00:16.29

    Course Exam Which is a publicly accessible knowledgebase that consists of adversary tactics and
    techniques based on real-world observations 0

    Choice

    MITTRE ATT amp;CK

    Correct

    0000:00:03.62

    Course Exam What dashboard provides analytics on the usage and current status of investigations in
    the environment 0

    Choice

    Performance Metrics

    Correct

    0000:00:09.14
    Course Exam What ePO task execution log shows information generated when the client installation
    package is deployed from ePO to the endpoint 0

    Choice

    McScript.log

    Correct

    0000:00:14.44

    Course Exam If you are using McAfee Active Response 2.3 or later you can migrate to MVISION EDR.
    To completely migrate to MVISION EDR and to stop using Active Response you can remove all Active
    Response extensions except this one extension 0

    Choice

    DXL ePO client

    Wrong

    0000:00:18.63

    Course Exam What component handles communication with MVISION EDR endpoint clients 0

    Choice

    Data eXchanage Layer

    Correct

    0000:00:06.39

    Course Exam Which datasource must be configured after installing MVISION EDR 0

    Choice

    SIEM

    Correct

    0000:00:20.27

    Course Exam What benefit does MVISION EDR provide to SOC environments 0

    Choice

    It enables the inquiry of security events and network flow data from multi-vendor sources

    Wrong

    0000:00:10.65

    Course Exam McAfee registers you for access to MVISION using your ID. (Fill in the blanks) 0

    Choice

    Trellix

    Wrong
    0000:00:06.47

    Course Exam What preset McAfee ePO policy when enforced enables NetworkFlow File Hashing and
    Trace features 0

    Choice

    Full Visibility

    Correct

    0000:00:15.46

    Course Exam What feature leverages the DXL fabric for information about a specific threat or alert in
    real-time 0

    Choice

    Investigations

    Wrong

    0000:00:10.1

    Course Exam Which two parts constitute a search expression in MVISION EDR 0

    Choice

    Triggers and Reactions

    Wrong

    0000:00:14.70

    Course Exam What quick troubleshooting step can you perform if a user reports that their EDR
    Client(s) are not sending traces 0

    Choice

    Execute a real-time search with HostInfo collector

    Correct

    0000:00:12.19

    Course Exam What information do MVISION EDR investigation cases contain 0

    Choice

    All activity evidence and intelligence on a threat

    Correct

    0000:00:06.50

    Course Exam What are some of the major contributions of MVISION EDR in incident investigations
    (Select three) 0

    Choice
    Institutional knowledge,Investigative playbooks,Cyber Scorecards

    Wrong

    0000:00:08.50

    Course Exam What are MVISION EDR Investigation guides 0

    Choice

    Playbooks

    Wrong

    0000:00:07.81

    Course Exam What MVISION EDR component enables real-time searches over the endpoints 0

    Choice

    Collectors

    Wrong

    0000:00:07.73

    Course Exam What product component is made up of client-side scripts or other code that are
    designed to return information in response to MVISION EDR searches 0

    Choice

    Collectors

    Correct

    0000:00:11.55

    Course Exam What component handles communication with MVISION EDR endpoint clients 1

    Choice

    Data eXchanage Layer

    Correct

    0000:01:14.73

    Course Exam What preset McAfee ePO policy when enforced enables NetworkFlow File Hashing
    and Trace features 1

    Choice

    Full Visibility
    Correct

    0000:00:50.74

    Course Exam What are MVISION EDR Investigation guides 1

    Choice

    Instructions for use

    Wrong

    0000:00:23.44

    Course Exam Which is a publicly accessible knowledgebase that consists of adversary tactics and
    techniques based on real-world observations 1

    Choice

    MITTRE ATT amp;CK

    Correct

    0000:00:13.97

    Course Exam What dashboard provides analytics on the usage and current status of investigations in
    the environment 1

    Choice

    Performance Metrics

    Correct

    0000:00:12.88

    Course Exam What are some of the major contributions of MVISION EDR in incident investigations
    (Select three) 1

    Choice

    Institutional knowledge,Cyber Scorecards,Smart orchestration

    Wrong

    0000:00:32.80

    Course Exam Which MVISION EDR dashboard is the primary or starting place for reviewing new
    threats 1

    Choice

    Monitoring

    Correct

    0000:00:18.15

    Course Exam Where in ePO can you validate that the user has a valid cloud account needed for
    MVISION EDR Workspace 1
    Choice

    In ePO Server Settings under MVISION Cloud Bridge

    Correct

    0000:00:13.96

    Course Exam If you are using McAfee Active Response 2.3 or later you can migrate to MVISION EDR.
    To completely migrate to MVISION EDR and to stop using Active Response you can remove all Active
    Response extensions except this one extension 1

    Choice

    MAR client

    Correct

    0000:00:38.73

    Course Exam What benefit does MVISION EDR provide to SOC environments 1

    Choice

    Provides sandbox environment for static analysis

    Wrong

    0000:00:23.78

    Course Exam What information do MVISION EDR investigation cases contain 1

    Choice

    All activity evidence and intelligence on a threat

    Correct

    0000:00:17.24

    Course Exam What feature leverages the DXL fabric for information about a specific threat or alert in
    real-time 1

    Choice

    Real-time Search

    Correct

    0000:00:18.91

    Course Exam Which two parts constitute a search expression in MVISION EDR 1

    Choice

    Searches and Triggers

    Wrong

    0000:00:15.23
    Course Exam What MVISION EDR feature utilizes data from devices that were collected on a
    streaming basis to assist with analyzing how a threat occurred in the system and what triggered it 1

    Choice

    Historical Search

    Correct

    0000:00:21.12

    Course Exam What quick troubleshooting step can you perform if a user reports that their EDR
    Client(s) are not sending traces 1

    Choice

    Execute a real-time search with HostInfo collector

    Correct

    0000:00:13.33

    Course Exam What product component is made up of client-side scripts or other code that are
    designed to return information in response to MVISION EDR searches 1

    Choice

    Collectors

    Correct

    0000:00:21.89

    Course Exam McAfee registers you for access to MVISION using your ID. (Fill in the blanks) 1

    Choice

    Email

    Correct

    0000:00:21.42

    Course Exam What MVISION EDR component enables real-time searches over the endpoints 1

    Choice

    Policy

    Wrong

    0000:00:24.78

    Course Exam Which datasource must be configured after installing MVISION EDR 1

    Choice

    SIEM

    Correct
    0000:00:10.96

    Course Exam What ePO task execution log shows information generated when the client installation
    package is deployed from ePO to the endpoint 1

    Choice

    McScript.log

    Correct

    0000:00:13.62

    You might also like