PREGUNTA 1

What action must be used in an action plan to use the Employee Coaching feature on the
Forcepoint One Endpoint?

RESPUESTA: Confirm

PREGUNTA 2

You have created discovery tasks to check that client and sales information is only stored in the
client database. Which of the following are beneficial when performing network discovery
tasks? (Select two)
PREGUNTA 3

Where are transactions of the data-in-use state typically detected?

RESPUESTA: Endpoints

PREGUNTA 4

When considering network email transactions, what is the state of the data?

RESPUESTA: Data-in-motion
PREGUNTA 5

What Forcepoint DLP Incident Response task allows for externally created Python scripts to
execute supplemental actions on an incident?

RESPUESTA: Run remediation script

PREGUNTA 6

Which default action plan in Forcepoint DLP only applies to SMTP traffic?

RESPUESTA: Drop Email Attachments

PREGUNTA 7

A Forcepoint DLP Supplemental Server has been deployed with Optical Character Recognition
(OCR) installed. In order for OCR to be used by a Policy Engine, where must the configuration
be set in the Forcepoint Security Manager?

RESPUESTA: Deployment > System Modules

PREGUNTA 8

You are in the process of virtualizing all the security appliances within your corporate
environment. In addition to ensuring that there is enough space for the core components of
the appliances, you want to ensure that you are correctly sizing for the Forcepoint DLP
Fingerprint Repository. What is the Forcepoint recommended maximum size for a Fingerprint
Repository?

RESPUESTA: 14 GB
PREGUNTA 9

Your organization’s CFO is travelling and is being prevented from printing a document in their
hotel by the Forcepoint One Endpoint synchronized DLP policies. What is the DLP security
consideration for allowing a temporary bypass to the Forcepoint One Agent?

RESPUESTA: While the endpoint bypass is active, no content on that endpoint is analyzed and
no content is blocked in the event of a policy violation.

PREGUNTA 10

What is the default Active Directory import schedule for the Forcepoint Security Manager?

RESPUESTA: Daily at 11 PM
PREGUNTA 11

Your organization has hired an outside consulting firm to help with the release of a new
product. While they will be working from within your corporate offices, they will not have your
specific security software installed on their laptops. Which Forcepoint DLP endpoint encryption
option will allow your employees to share appropriate files with the consultants via USB
drives?

RESPUESTA: Encrypt with user password

PREGUNTA 12

In order to comply with General Data Protection Regulations, you need to check all endpoints
for personal data. You have set up an endpoint discovery task in the security manager. What is
the benefit of scheduling task to run outside working hours?

RESPUESTA: Discovery tasks are resource intensive and can affect performance of the
endpoint.
PREGUNTA 13

To ensure that the user who triggered a rule violation is sent a notification, which dynamic
variable must you use when configuring the notification template?

RESPUESTA: %Source%

PREGUNTA 14

When configuring an Active Directory import, which attribute must you use to test the results
of the connection?

RESPUESTA: Email address

PREGUNTA 15

What is the purpose of fingerprinting an Ignored Section with Forcepoint DLP?

RESPUESTA: To prevent common text, such as a disclaimer, from triggering a policy.

PREGUNTA 16

Which action plan only applies to the endpoint channel?

RESPUESTA: Confirm
PREGUNTA 17

On which Forcepoint DLP component is an Optical Character Recognition (OCR) server

installed?

RESPUESTA: Supplemental DLP server

PREGUNTA 18

When configuring Cumulative DLP logic in a rule, what is the required configuration setting on
the Severity & Action tab?

RESPUESTA: Accumulate matches before creating an incident.

PREGUNTA 19

What is the purpose of selecting a country when making predefined policy selections?

RESPUESTA: To set which predefined policies appear based on regional requirements.

PREGUNTA 20

Your organization wants to make sure that the GDPR policy is always the first to be applied and
that other policies are implemented only if there are no GDPR violations. How do you make
sure that GDPR policy is evaluated first?

RESPUESTA: Create a policy level that contains this policy; set that policy level as the first level.
PREGUNTA 21

You have been tasked with researching an incident involving a sent email that contained
sensitive information regarding a project. You need to find out who the message was from,
who it was sent to, and the exact text of the message body. Which tab of the incident in
Forcepoint DLP should you use?

RESPUESTA: Forensics

PREGUNTA 22

Which Forcepoint DLP classifier will classify data by the presence of a keyword?

RESPUESTA: Patterns & Phrases

PREGUNTA 23

You have been asked to create a policy to block messages that contain a reference to the
project “Many-Rivers_Over”. Which type of classifier should you use?

RESPUESTA: Regular Expression

PREGUNTA 24

Some regular expressions will take a long time to process. Where can you find out the
processing time of a regular expression classifier?

RESPUESTA: Traffic log

PREGUNTA 25

An organization has not configured any device names or serial numbers for USB drives in the
Forcepoint Security Manager. What is the behavior when policies are applied to the removable
media channel?

RESPUESTA: All USB devices are monitored

PREGUNTA 26

An incident has occurred on an endpoint. You need to see the full details of the incident to find
out what happened. Which component of the Forcepoint Security Manager receives the
incident and inserts the properties into the database that is used to generate your report?

RESPUESTA: Tomcat
PREGUNTA 27

What are the two parts of a Forcepoint DLP Incident Envelope called?

RESPUESTA: Incident Forensics and Incident Properties

PREGUNTA 28

An administrator wants to send a notification when a rule is triggered. Which default action
plan accomplishes this?

RESPUESTA: Audit and Notify

PREGUNTA 29

You need to find out which administrator changed the status on a batch of tasks last Thursday.
Where will you find this information?

RESPUESTA: Audit log

PREGUNTA 30

What is the purpose of batch operations in Forcepoint DLP?

RESPUESTA: They allow administrators to update or delete multiple items at once.

PREGUNTA 31

An administrator has been tasked to quickly identify who are the top violators, as well as the
top domains, where leaks occurred within a Forcepoint DLP environment. Which dashboard
report should the administrator use?

RESPUESTA: Sources and Destinations

PREGUNTA 32

What are two examples of remote workflow on incidents available with Forcepoint DLP?
(Select two)
PREGUNTA 33

Your organization is using Splunk to streamline the correlation of incidents across multiple
security platforms. In order to have information explicitly sent there when DLP policies are
breached, what setting should you use?

RESPUESTA: Send Syslog message

PREGUNTA 34

An administrator is unsure if a particular computer has received the latest policy updates from
the Forcepoint Security Manager. Where in the Forcepoint Security Manager UI can this
information be obtained?

RESPUESTA: Endpoint Status

PREGUNTA 35

What is the purpose of the Forcepoint DLP Management Server?

RESPUESTA: To act as a central control and repository for fingerprints, policies and forensics.

PREGUNTA 36

To install the Forcepoint One Agent, where must the package builder files be placed on the
Forcepoint Security Manager?

RESPUESTA: C:\Program Files (x86)\Websense\Data Security\client

PREGUNTA 37

What is the threshold of a policy rule?

RESPUESTA: The number of instances of the classifier that must be present to match this rule.

PREGUNTA 38

An administrator has created a set of policies that identifies when sensitive files are being
copied to removable media. The policies encrypt the files with a profile key. Where would an
administrator be able to manage the different endpoint encryption keys that exist within the
Forcepoint DLP environment?

RESPUESTA: Settings > Deployment > Endpoint Profiles

PREGUNTA 39

An administrator wants to be notified of the precise time that a rule-violating transaction

occurred. What dynamic variable is needed when configuring the notification template?

RESPUESTA: %Incident Time%

PREGUNTA 40

You want to create a policy that looks for the product name ReFillable. You want to keep the
number of false positives low. Which of these classifiers can be configured to be case sensitive?
(Select two)

RESPUESTA:

- Regular Expression
- Dictionary