Trellix Endpoint Detection and Response (EDR) 3.5 Essentials
Trellix Endpoint Detection and Response (EDR) 3.5 Essentials
Trellix Endpoint Detection and Response (EDR) 3.5 Essentials
5 Essentials
Course Exam Which MVISION EDR dashboard is the primary or starting place for reviewing new
threats 0
Choice
Wrong
0000:00:12.48
Course Exam Where in ePO can you validate that the user has a valid cloud account needed for
MVISION EDR Workspace 0
Choice
Correct
0000:00:15.91
Course Exam What MVISION EDR feature utilizes data from devices that were collected on a
streaming basis to assist with analyzing how a threat occurred in the system and what triggered it 0
Choice
Historical Search
Correct
0000:00:16.29
Course Exam Which is a publicly accessible knowledgebase that consists of adversary tactics and
techniques based on real-world observations 0
Choice
Correct
0000:00:03.62
Course Exam What dashboard provides analytics on the usage and current status of investigations in
the environment 0
Choice
Performance Metrics
Correct
0000:00:09.14
Course Exam What ePO task execution log shows information generated when the client installation
package is deployed from ePO to the endpoint 0
Choice
McScript.log
Correct
0000:00:14.44
Course Exam If you are using McAfee Active Response 2.3 or later you can migrate to MVISION EDR.
To completely migrate to MVISION EDR and to stop using Active Response you can remove all Active
Response extensions except this one extension 0
Choice
Wrong
0000:00:18.63
Course Exam What component handles communication with MVISION EDR endpoint clients 0
Choice
Correct
0000:00:06.39
Course Exam Which datasource must be configured after installing MVISION EDR 0
Choice
SIEM
Correct
0000:00:20.27
Course Exam What benefit does MVISION EDR provide to SOC environments 0
Choice
It enables the inquiry of security events and network flow data from multi-vendor sources
Wrong
0000:00:10.65
Course Exam McAfee registers you for access to MVISION using your ID. (Fill in the blanks) 0
Choice
Trellix
Wrong
0000:00:06.47
Course Exam What preset McAfee ePO policy when enforced enables NetworkFlow File Hashing and
Trace features 0
Choice
Full Visibility
Correct
0000:00:15.46
Course Exam What feature leverages the DXL fabric for information about a specific threat or alert in
real-time 0
Choice
Investigations
Wrong
0000:00:10.1
Course Exam Which two parts constitute a search expression in MVISION EDR 0
Choice
Wrong
0000:00:14.70
Course Exam What quick troubleshooting step can you perform if a user reports that their EDR
Client(s) are not sending traces 0
Choice
Correct
0000:00:12.19
Choice
Correct
0000:00:06.50
Course Exam What are some of the major contributions of MVISION EDR in incident investigations
(Select three) 0
Choice
Institutional knowledge,Investigative playbooks,Cyber Scorecards
Wrong
0000:00:08.50
Choice
Playbooks
Wrong
0000:00:07.81
Course Exam What MVISION EDR component enables real-time searches over the endpoints 0
Choice
Collectors
Wrong
0000:00:07.73
Course Exam What product component is made up of client-side scripts or other code that are
designed to return information in response to MVISION EDR searches 0
Choice
Collectors
Correct
0000:00:11.55
Course Exam What component handles communication with MVISION EDR endpoint clients 1
Choice
Correct
0000:01:14.73
Course Exam What preset McAfee ePO policy when enforced enables NetworkFlow File Hashing
and Trace features 1
Choice
Full Visibility
Correct
0000:00:50.74
Choice
Wrong
0000:00:23.44
Course Exam Which is a publicly accessible knowledgebase that consists of adversary tactics and
techniques based on real-world observations 1
Choice
Correct
0000:00:13.97
Course Exam What dashboard provides analytics on the usage and current status of investigations in
the environment 1
Choice
Performance Metrics
Correct
0000:00:12.88
Course Exam What are some of the major contributions of MVISION EDR in incident investigations
(Select three) 1
Choice
Wrong
0000:00:32.80
Course Exam Which MVISION EDR dashboard is the primary or starting place for reviewing new
threats 1
Choice
Monitoring
Correct
0000:00:18.15
Course Exam Where in ePO can you validate that the user has a valid cloud account needed for
MVISION EDR Workspace 1
Choice
Correct
0000:00:13.96
Course Exam If you are using McAfee Active Response 2.3 or later you can migrate to MVISION EDR.
To completely migrate to MVISION EDR and to stop using Active Response you can remove all Active
Response extensions except this one extension 1
Choice
MAR client
Correct
0000:00:38.73
Course Exam What benefit does MVISION EDR provide to SOC environments 1
Choice
Wrong
0000:00:23.78
Choice
Correct
0000:00:17.24
Course Exam What feature leverages the DXL fabric for information about a specific threat or alert in
real-time 1
Choice
Real-time Search
Correct
0000:00:18.91
Course Exam Which two parts constitute a search expression in MVISION EDR 1
Choice
Wrong
0000:00:15.23
Course Exam What MVISION EDR feature utilizes data from devices that were collected on a
streaming basis to assist with analyzing how a threat occurred in the system and what triggered it 1
Choice
Historical Search
Correct
0000:00:21.12
Course Exam What quick troubleshooting step can you perform if a user reports that their EDR
Client(s) are not sending traces 1
Choice
Correct
0000:00:13.33
Course Exam What product component is made up of client-side scripts or other code that are
designed to return information in response to MVISION EDR searches 1
Choice
Collectors
Correct
0000:00:21.89
Course Exam McAfee registers you for access to MVISION using your ID. (Fill in the blanks) 1
Choice
Correct
0000:00:21.42
Course Exam What MVISION EDR component enables real-time searches over the endpoints 1
Choice
Policy
Wrong
0000:00:24.78
Course Exam Which datasource must be configured after installing MVISION EDR 1
Choice
SIEM
Correct
0000:00:10.96
Course Exam What ePO task execution log shows information generated when the client installation
package is deployed from ePO to the endpoint 1
Choice
McScript.log
Correct
0000:00:13.62