PSE-ENDPOINT Online Practice Questions and Answers

An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment. Which two troubleshooting actions are relevant to this investigation? (Choose two.)

A. Check that the servers xml file has been cleared on the migrated endpoints.

B. Check that the ClientInfoHash tag has been cleared on the migrated endpoints.

C. Check that the actions xml file has not been cleared on the migrated endpoints.

D. Check that the WildFire cache has been cleared on the migrated endpoints.

Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?

A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.

B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.

C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.

D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL. Which troubleshooting step determines if this is an SSL issue?

A. From the agent run the command: telnet (hostname) (port)

B. Check that the Traps service is running

C. From the agent run the command: ping (hostname)

D. Browse to the ESM hostname from the affected agent

A customer has an environment with the following: 1,000 agents communicating over SSL with two servers - one containing the ESM Server and another one where the ESM Console is installed BitsUploads resides on the ESM Console server

ESM Server and Console are using the default pods tor communication In a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

A. Traps agent is not able to check in with the ESM Server

B. The rate of upload is lower than 100Kb/S

C. The BITS address in the ESM is incorrect

D. Port 2125 is blocked on the server which hosts BitsUploads

E. Port 443 is blocked on the server which hosts BitsUploads

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.

D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

What is the default interval for Traps agents to communicate via heartbeat to the ESM?

A. Every 1 Minute

B. Every 1 Hour

C. Every 1 Day

D. Every 1 year

An administrator is installing ESM Core 4.0. The SQL Server is running on a non-standard port (36418). The database connection validation is failing. The administrator has entered the following information: Server Name: Servername\Instance Database: TrapsDB User Name: Domain\Account

What is causing the failure?

A. The database name "TrapsDB" is unsupported

B. The instance name should not be specified

C. The non-standard port needs to be specified in the format TrapsDB,36418

D. The destination port cannot be configured during installation

Which set of modules must be loaded and configured when using Metasploit?

A. Attacker, payload

B. Exploit, payload

C. Exploit, malware

D. Malware, host

Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

A. File Recovery

B. Server Authentication

C. Client Authentication

D. Key Recovery

An administrator has decided to test Traps functionality using malware samples in an isolated nonproduction environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

A. A sample with a low number of hits in Virus Total.

B. An MS Office document which contains a ransomware macro.

C. A sample known to be flagged as grayware by Traps.

D. A freeware video application which spawns malicious processes.

E. A sample known to generate false positives in the production environment.