Browse Exams Pricing

ExamsMA0-104Questions

MA0-104 Exam Questions

63 real MA0-104 exam questions with expert-verified answers and explanations. Page 1 of 2.

Question #1
The possibility of both data source Network Interface Cards (NICs) using the shared IP and MAC address at the same time is eliminated by using which of the following?
Question #2
Which of the following security technologies sits inline on the network and prevents attacks based on signatures and behavioral analysis that can be configured as a data source wit...
Question #3
Which of the following is the name of the Dashboard View that shows correlated events for the selected Data Source?
Question #5
In the Default Summary view on the Enterprise Security manager (ESM). which of the following panels shows the baseline averages?
Question #6
Which of the following is the default port used to communicate between McAfee SIEM devices?
Question #7
The Database Event Monitor (DEM) appliance prevents disclosure of Personally Identifiable Information (Pll) by employing which of the following features to those types of informati...
Question #8
When preparing to apply a patch to the Enterprise Security Manager (ESM) and completing the ESM checklist, the command cat/proc7mdstat has been issued to determine RAID functionall...
Question #9
The McAfee SIEM solution satisfies which of the following compliance requirements?
Question #11
To correlate known vulnerabilities to devices that are currently exposed to such vulnerabilities, which of the following must be selected on the Receiver?
Question #12
Event Aggregation is performed on which of the following fields?
Question #13
If there is no firewall at the border of the network, which of the following could be used to simulate the protection a firewall provides?
Question #14
Which of the following is the minimum amount of disk space required to install the McAfee Enterprise Security Manager (ESM) as a virtual machine?
Question #15
Which of the following statements about Client Data Sources is TRUE?
Question #16
The McAfee Advanced Correlation Engine (ACE) can t>e deployed in one of two modes
Question #17
Which of the following ports is the correct choice for use when configuring the database properties of a McAfee Network Security Platform (NSP) Device Data Source?
Question #18
The analyst has created a correlation rule to correlate events from Anti-Virus (AV>, Network Intrusion Prevention (NIPS) and the firewall. While reviewing just firewall events, the...
Question #20
The configuration of a receiver has recently been modified and issues occur. Which command will collect historical data?
Question #21
Zones allow a user to group devices and the events they generate by
Question #22
McAfee's SIEM provides awareness of illicit behavior across multiple internal systems via
Question #23
The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer
Question #24
Which of the following operations is NOT an available selection when using Multi-Device Management?
Question #25
Flow Aggregation is based on which of the following?
Question #26
A SIEM can be effectively used to identify active threats from internal systems by monitoring/correlating events that occur
Question #27
On the McAfee enterprise Security Manager (ESM), the default data Retention setting specifies that Event and Flow data should be maintained for
Question #28
The normalization value assigned to each data-source event allows
Question #29
When the automated system backup is configured to include events, flows and log data, the first backup will capture all events, flows and logs
Question #30
The fundamental purpose of the Receiver Correlation Subsystem (RCS) is
Question #32
In the context of McAfee SIEM, the local protected network address space is a variable referred to as.
Question #33
The ESM supports five Authentication methods. The default login option uses the standard Username and Password format. Which of the following are the other four methods available?
Question #34
What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances from unauthorized communications?
Question #35
An organization notices an increasing number of ESM concurrent connection events. To mitigate risks related to concurrent sessions which action should the organization take?
Question #36
The security Analyst notices that there has been a large spike for Secure Shell <SSH) drops in the Network Intrusion Prevention System (NIPS). What other perimeter device will add...
Question #37
A security administrator is configuring the Enterprise Security Manager (ESM) to comply with corporate security policy and wishes to restrict access to the ESM to certain users and...
Question #38
Which of the following are the three compression ratios available for raw logs being handled by the ELM?
Question #39
Which of the following are the three default users defined within the Users and Groups option in the ESM properties?
Question #40
When viewing the Policy Tree, what four columns are displayed within the Rules Display pane?
Question #41
Which options within the Receiver properties should be selected to configure the device to respond to ICMP echo requests?
Question #42
Which of the following is the Primary function of the Event Receiver (ERC) in relation to the Enterprise Security Manager (ESM)?
Question #43
Checkpoint firewalls provide logs to the McAfee SIEM Receiver in which of the following formats?
Question #44
Which of the following two appliances contain Event databases?
Question #45
A backup of the ELM management database captures
Question #46
The McAfee SIEM baselines daily events over
Question #47
The McAfee Enterprise Security Manager (ESM) system clock is set to
Question #48
Reports can be created by selecting the ESM System Properties window, the Reports Icon in the top right of the ESM screen or by which of the following other method selecting the ES...
Question #49
A SIEM allows an organization the ability to correlate seemingly disparate streams of traffic into a central console for analysis. This correlation, in many cases, can point out ac...
Question #50
When displaying baseline averages using the automatic time range option, baseline data is correlated by using the same time period that is being used for the current query for whic...
Question #51
Be default, events in McAfee SIEM are aggregated on which of the following three fields?
Question #52
By default, the McAfee Enterprise Security Manager (ESM) communicates with the McAfee Event Receiver (ERC) and McAfee Enterprise Log Manager (ELM) over port
Question #54
The McAfee Enterprise Log Manager (ELM) offers three levels of compression (Low, Medium, and High). By default, the ELM compression level is set to Low. Which of compression (Low,...
Question #55
A McAfee Event Receiver (ERC) will allow for how many Correlation Data Sources to be configured?

Page 1 of 2Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.