A hospital in another county just received a new variant of ransom ware that infected 70% of its systems. After learning the characteristics of this ransom ware, the security team wants to implement a protection policy to stop certain files from being modified and new registry keys from being created that are relevant to the ransom ware. Which of the following policies meets this requirement?

A. Exploit prevention policy

B. Block and allow list policy

C. Access protection policy

D. Firewall rules policy

Which of the following is the MAIN benefit of using Threat Intelligence Exchange (TIE) and Data Exchange Layer (DXL)?

A. They enable centralized management of adaptive-threat-protection policies.

B. They store and pass file reputation to managed endpoints and McAfee products.

C. They distribute signature-based content to managed systems.

D. They conduct scanning of files on managed systems for threats.

An administrator wants to see more details about recent activity on an endpoint than what is shown in the ENS console. In which of the following locations can the administrator view the log files?

A. %ProgramFiles%\McAfee\Logs

B. %ProgramFiles%\McAfee\Endpoint Security\Logs

C. %ProgramData%\McAfee\Endpoint Security\Logs

D. %ProgramData%\McAfee\Logs

A user navigates to a new website that has not been rated by ENS Web Control yet. In which of the following ways will ENS Web Control handle this request by default?

A. Delete

B. Block

C. Allow

D. Warn

The ePO administrator sees the ENS firewall has been disabled on an endpoint in ePO. The end user states that no changes were made to the McAfee products on the endpoint in question.

Which of the following questions should the administrator ask the end user about the McAfee icon to validate that the ENS firewall might be disabled?

A. Is the icon flashing/blinking?

B. Has the endpoint emitted a notification/alert sound (e.g., an error sound)?

C. Is there a notification bubble displayed in the system notification area?

D. Is the icon a color gray with a red/white exclamation mark?

The ePO administrators have already tuned and configured dynamic application containment rules within the policy. In which of the following ways will dynamic application containment protect against malware once enforcement is enabled?

A. The scan engine will learn the behavior of the application and send up to GT1 for analysis, and then receive an action to block all actions from the application's process.

B. If an application's reputation is below the threshold while triggering a block rule and is not an excluded application, malicious behavior of the application will be contained.

C. The ENS client will receive the reputation as "highly suspicious" from either the McAfee GTI or TIE server, and then immediately uninstall the application on the system.

D. The adaptive threat protection scanner will send the file automatically to a preconfigured "Sandbox" folder and analyze the application for malicious features before use.

An administrator wants to exclude folder ABC on various drives. In which of the following ways should the administrator list the exclusion in the policy?

A. ??\ABC

B. **\ABC

C. ***\ABC

D. ???\ABC

A security professional is configuring ENS for a client and wants to ensure applications will be prevented from executing software locally from the browser or email client. Which of the following McAfee-defined rules should be implemented?

A. Creating new executable files in the Windows folder

B. Installing browser helper objects or shell extensions

C. Registering programs to autorun

D. Running files from common user folders by common programs

An ePO administrator wants to configure system utilization for on-demand scanning to conform to best-practice recommendations based on the ENS Product Guide. To do this, the administrator should:

A. set system utilization to "Normal" for systems with end-user activity and "Low" for systems with large volumes/little end-user activity.

B. set system utilization to "Low" for systems with end-user activity and "Normal" for systems with large volumes/little end-user activity.

C. set system utilization to "Low" for systems with end-user activity and "Low" for systems with large volumes/little end-user activity.

D. set system utilization to "Below Normal" for systems with end-user activity and "Normal" for systems with large volumes/little end-user activity.

An administrator notices that on one endpoint, Threat Prevention is not currently on the latest version of AMContent. The administrator presses the "Update Now" button within the console, but a message shows the update was unsuccessful.

Which of the following logs should the administrator look at FIRST to troubleshoot the failure?

A. EndpointSecurityPlatform_Activity.log

B. ThreatPrevention_Activity.bg

C. AccessProtection_Activity.log

D. PackageManager_Activity.log