The administrator has added the following whitelist to the WildFire Executable Files policy.

*\mysoftware.exe

What will be the result of this whitelist?

A. users will not be able to run mysoftware.exe.

B. mysoftware.exe will be uploaded to WildFire for analysis

C. mysoftware.exe will not be analyzed by WildFire regardless of the file location.

D. mysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

An administrator is concerned about rogue installs of Internet Explorer. Which policy can be created to assure that Internet Explorer can only run from the \Program Files \Internet Explorer \directory?

A. An execution path policy to blacklist iexplore.exe, and whitelist entry for %programfiles%\iexplore.exe

B. An execution path policy to blacklist *\iexplore.exe. Trusted signers will allow the default iexplore.exe

C. A whitelist of *\iexplore.exe with an execution path restriction, and a blackfirst of %system% \iexplore.exe

D. An execution path policy to blacklist *\iexplore.exe, and a whitelist entry for %programfiles%\Internet Explorer\iexplore.exe

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

A. USB port version of the victim host

B. Speed and make of the victim's RAM

C. software version of the target application

D. platform, architecture, and patch level of the victim host

The administrator has downloaded the Traps_macOS_4.x.x.zip file. What are the next steps needed to successfully install the Traps 4.x for macOS agent?

A. Push the Traps_macOS_4.x.x.zip to the target endpoint(s), unzip it, and execute Traps.pkg

B. Unzip the Traps_macOS_4.x.x.zip, push the Traps pkg file to the target endpoint(s) and execute Traps.pkg

C. Create a one time action to install the Traps_macOS_4.x.x.zip file on the target endpoint(s)

D. Create an installation package using Traps_macOS_4.x.x on ESM, download the installationpackage.zip, push the installationpackage.zip to target endpoint(s), unzip it, and execute Traps.pkg

Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?

A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.

B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.

C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.

D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.

D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy. Local analysis is enabled Quarantining of malicious files is enabled Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen. Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire. Which behavior will result?

A. WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.

B. Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.

C. WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.

D. WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

During installation of the ESM and the agent, SSL was enabled on an endpoint. However, the agent

communication is failing. The services.log on the endpoint has the following

error.

*An error occurred while making the HTTP request to https: //hostname:2125/CyveraServer/. This could be

due to the fact that the server certificate is not configured property with HTTP SYS in the HTTPS case.

This could also be caused by a mismatch of the security binding between the client and the server."

Which certificate can be imported on the endpoint to solve this issue? Assume the hostname is a valid

FQDN and the ESM Server and Console have different certificates.

A. ESM Server Public Certificate

B. ESM Server Serf-Signed Certificate

C. ESM Console Self-Signed Certificate

D. ESM Console Public Certificate

An administrator is installing ESM Core 4.0. The SQL Server is running on a non-standard port (36418). The database connection validation is failing. The administrator has entered the following information: Server Name: Servername\Instance Database: TrapsDB User Name: Domain\Account

What is causing the failure?

A. The database name "TrapsDB" is unsupported

B. The instance name should not be specified

C. The non-standard port needs to be specified in the format TrapsDB,36418

D. The destination port cannot be configured during installation

An administrator has decided to test Traps functionality using malware samples in an isolated nonproduction environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

A. A sample with a low number of hits in Virus Total.

B. An MS Office document which contains a ransomware macro.

C. A sample known to be flagged as grayware by Traps.

D. A freeware video application which spawns malicious processes.

E. A sample known to generate false positives in the production environment.