Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
AA 1-Apex One Certified Professional Exam-with 100% verified solutions-2024-2025.docx
Typology: Exams
1 / 25
QUESTIONS: 45 | ATTEMPTS: 3 01:28: 8
Which of the following must be configured before taking advantage of the Unmanaged Endpoints feature in Apex One? ¿Cuál de los siguientes debe configurarse antes de aprovechar la función de puntos finales no administrados en Apex One? The Trace Route Scope must be configured. The Active Directory/IP Scope must be configured. The Agent Tree Scope must be configured. The Port Range Scope must be configured.
An Apex One Firewall Policy is created, but not a Firewall Profile. What behavior can you expect for the Apex One Firewall? Se crea una Política de Apex One Firewall, pero no un Perfil de Firewall. ¿Qué comportamiento puede esperar para el Apex One Firewall? If a Firewall Profile is not created, the policy setting will be applied automatically to the most recently created profile. If a Firewall Profile is not created, the policy settings will be applied automatically to all Security Agents. If a Firewall Profile is not created, the policy settings will not be applied to the Security Agents. If a Firewall Profile is not created, the policy settings will only apply to the local
computer on which it was created.
Which of the following statements regarding the Newly Encountered Programs feature of Behavior Monitoring is FALSE? ¿Cuál de las siguientes afirmaciones con respecto a la función de Programas recientemente encontrados de Monitoreo de comportamiento es FALSA? The Newly Encountered Program feature requires Real-Time Scan and Web Reputation be enabled. Behavior Monitoring scans HTTP, HTTPS and email for programs with low prevalence or maturity. End users can be prompted to allow programs with low prevalence or maturity. Applications can be added to a white list to bypass the New Encountered Programs feature. This will allow programs to execute regardless of their prevalence and maturity.
Which of the following Security Agent deployment methods allows you to select the Scan Mode for the Agent as part of the setup? ¿Cuál de los siguientes métodos de implementación del Agente de seguridad le permite seleccionar el Modo de escaneo para el Agente como parte de la configuración? Web install Remote install Logon script Security Agent Packager
Which of the following best describes Assessment Mode in Apex One? ¿Cuál de las siguientes opciones describe mejor el modo de evaluación en Apex One? Assessment Mode provides a time period where files evaluated by the Security Agent are submitted to the Predictive Machine Learning model. Submissions provided while in Assessment Mode train the model to identify potential malware for your installation of Apex One.
Assessment Mode allows an administrator to evaluate items that Apex One
detects as spyware/grayware or to monitor Web site access. When Assessment Mode is enabled, detections are logged only. Assessment Mode allows administrator to maintain visibility of roaming users even when they are not using a VPN connection into the corporate network. Assessment Mode provides a trial period for evaluating Apex One protection before requiring valid activation codes to be provided.
An administrator is responsible for deploying Security Agents on endpoint computers within their organization. They attempt to download an Apex One Security Agent installation package from Apex Central and they note that an available Installation Mode option for the Agent is Coexist Mode, as shown in the exhibit. Which of the following answers best describes Coexist Mode? Un administrador es responsable de implementar Agentes de seguridad en las computadoras de punto final dentro de su organización. Intentan descargar un paquete de instalación de Apex One Security Agent de Apex Central y observan que una opción de Modo de instalación disponible para el Agente es el Modo Coexistir, como se muestra en la exposición. ¿Cuál de las siguientes respuestas describe mejor el modo Coexistir? Coexist Mode allows third-party security products to be used on the endpoint computer in addition to Apex One. In this mode, Apex One can be used to supplement security features not provided by the other vendor. Coexist mode allows third-party security applications to store their event data in the Apex One Server database. This allows Apex One administrators to view all events details generated on the endpoint, regardless of the source, from within the Apex One Web Management console. Coexist mode allows a Security Agent to be installed on the same computer as the Apex One Server. Coexist mode allows multiple Trend Micro Security Agents to be installed on the same endpoint computer, for example, Apex One can be used for Anti-Malware and Web Reputation protection and Deep Security can be used for Integrity Monitoring protection.
Which of the following statements is FALSE regarding Apex One heartbeat events? ¿Cuál de las siguientes afirmaciones es FALSA con respecto a los eventos de latidos de Apex One? Heartbeats are used to confirm that the connection between the Security Agent and the Server remains functional.
Heartbeats address the issue of Security Agents in unreachable networks appearing offline even when they can connect to the Apex One Server If the Apex One Server does not receive a message from a Security Agent within the defined heartbeat value, it will immediately treat the Agent as offline. Heartbeats are real-time messages that Security Agents send to the Server over HTTP/TCP.
What is the role of the Reference Server configuration as displayed in the exhibit? Security Agents use this configuration to identify alternate update sources. If an Agent is unable to contact the Primary Update Source, it will attempt to connect to the Reference Server. Security Agents use this configuration to determine which policy or profile to use. If a Security Agent can not connect to the server listed in this configuration, the Agent status becomes offline and the policy or profile for external agents is used. Security Agents use this configuration to determine whether they should connect directly to the Apex One Server or to the Edge Relay Server. In the Reference Server window, provide the details of the Edge Relay Server and port number. Security Agents use this configuration to identify secondary Apex One Servers. When a Security Agent needs to be moved from one Server to another, the servers listed as Reference Servers will be available as destination choices in the Move Agent window.
Which of the following Apex One features are enabled by integrating with Microsoft Active Directory? Select all the answers that apply. ¿Cuál de las siguientes características de Apex One se habilita al integrarse con Microsoft Active Directory? Seleccione todas las respuestas que correspondan. Apex One can query Active Directory to locate endpoints computers without Security Agents installed. Administrative capabilities in the Apex One Web Management console can assigned to Active Directory accounts.
Apex One can query Active Directory to identify endpoint using third- party security software and target them for uninstallation. Active Directory can be used to automatically group agents based on an Active Directory domain and map them to domains in the Apex One
Which of the following correctly describes the method of deploying an Apex One Edge Relay Server? From the target server, run the Edge Relay Server setup application obtained from the Apex One Server. Run the Edge Relay Server setup application on the Apex One Server and specify the IP address of the target server when prompted. Click "Enable Apex One Edge Relay Server" under the Administration Settings in the Apex One Web Management console. Click "Enable Apex One Edge Relay Server" during the Apex One Setup Wizard.
An Apex One administrator is defined using their Active Directory account for authentication. The administrator forgets their password. How can the administrator reset their password in Apex One? Un administrador de Apex One se define utilizando su cuenta de Active Directory para la autenticación. El administrador olvida su contraseña. ¿Cómo puede el administrador restablecer su contraseña en Apex One? The administrator should edit the password entry in the Ofcserver.ini file. The administrator should edit the password entry in the TrendAuth.xml file. The Active Directory password cannot be reset through Apex One. The administrator should edit the password entry in the TrendAuthDef.xml file
A new IP Address Grouping is configured as in the exhibit. The new grouping called Lab is created, but when checking the Agent List, no Agents are displayed in the group even though Agents do exist within the IP address range. Which of the following events will trigger the addition of the Agents to the group? Select all that apply. Una nueva agrupación de direcciones IP se configura como en la exposición. Se crea la nueva agrupación llamada Lab, pero cuando se verifica la Lista de agentes, no se muestran agentes en el grupo a pesar de que existen agentes dentro del rango de direcciones IP. ¿Cuál de los siguientes eventos activará la adición de los Agentes al
grupo? Seleccione todas las que correspondan.
Agents will be added to the group when their connection status changes from offline to online. Agents will be added to the group when the administrator runs the Sort Client operation. Agents will be added to the group when they register to the Server for the first time. Agents must be added to the group manually.
Which of the following items is NOT required to enable Browser Exploit Protection? Relevant browser plug-in installed Behavior Monitoring Web Reputation Advanced Protection Service
A Security Agent installation package is created using the Agent Packager utility. In environments with multiple Apex One Servers, how do you specify which of these Servers the Agents installed using the package will report back to? Se crea un paquete de instalación de Security Agent utilizando la utilidad Agent Packager. En entornos con múltiples servidores Apex One, ¿cómo se especifica a cuál de estos servidores informarán los agentes instalados utilizando el paquete? Security Agents installed using the Agent package report back to the Server on which the package was created. There is no need to identify which Server the Agent will report to as all the Apex One Servers share a single database. When the Security Agent installation package is run on the endpoint computer, the user will be prompted to identify the Server to which it will report. The Agent Packager utility interface includes a field to identify the hostname of the Server that Agents installed using the package will report to.
The settings for an endpoint computer enables pre-execution Predictive Machine Learning using the Apex One Security Agent. The computer, however, does not have an Internet connection to submit the file features to the Machine Learning model on the Smart Protection Network. How can this endpoint benefit from Machine Learning scans when it can not reach the Internet? Select all that apply. La configuración de una computadora de punto final permite el aprendizaje automático predictivo previo a la ejecución con el agente de seguridad Apex One. Sin embargo, la computadora no tiene una conexión a Internet para enviar las características del archivo al modelo de Machine Learning en la Red de Protección Inteligente. ¿Cómo puede este punto final beneficiarse de los escaneos de Machine Learning cuando no puede llegar a Internet? Seleccione todas las que correspondan. Predictive Machine Learning requires a connection to the Internet to function. Without an Internet connection on the endpoint, this type of scan is skipped. The endpoint has access to a Predictive Machine Learning Local File Model which allows pre-execution Predictive Machine Learning scans to be performed locally when there is no Internet connection. Predictive Machine Learning scans can performed by a local Smart Protection Server. The Smart Protection Server updates its version of the Machine Learning Model regularly to ensure it is always up to date. The environment can be configured so that Machine Learning requests are performed through a local Smart Protection Server on the network. In this scenario, the Smart Protection Server proxies to submission of the file features to the Smart Protection Network.
Security Agents can be grouped automatically by which of the following methods? By Active Directory domain By operating system version By Security Agent version By MAC address
Which of the following is a valid method for moving a registered Security Agent to a different Apex One Server? Run the Apex One Update Agent utility and identify the details of the new Apex One Server. Open the Security Agent console and specify the new Apex One Server
location.
Run the Server Tuner tool and identify the name of the Agent to be moved and the details of the new Apex One Server. In the Apex One Web Management console, click Agents > Agent Management and select the Agent to be moved. Click Manage Agent Tree > Move Agent
By default, how often does the Security Agent send its Firewall logs to the Apex One Server? Por defecto, ¿con qué frecuencia el Agente de Seguridad envía sus registros de Firewall al Servidor Apex One? Page 240 Firewall log uploads will upload every 4 hours by default. This can be changed in the Web Once per hour Once every 4 hours Once per day Immediately whenever a violation occurs.
The Apex One Security Agent icon in the Windows System Tray displays with the icon displayed in the exhibit. Which of the following answers describes the state of the Agent? Select all that apply. El ícono de Apex One Security Agent en la bandeja del sistema de Windows aparece con el ícono que se muestra en la exhibición. ¿Cuál de las siguientes respuestas describe el estado del Agente? Seleccione todas las que correspondan. The Real-time Scan service on the Security Agent is not running. The Security Agent has a connection to the Apex One Server. The Security Agent does not have ccess to a Smart Protection source. The Security Agent does not have a connection to the Apex One Server.
Which of the following statements describes the function of the server.ini file? Downloading and Deploying Updates page 139 server.ini contains a list of of the versions of components currently available on the update source and is used by the Apex One Server and Agents to determine if an update is necessary. server.ini contains configuration information used to initialize the Apex One Server when the service is restarted. server.ini is used by Security Agents to locate the Apex One Server on the network. server.ini contains the list of Apex One servers available in the infrastructure. This file is used by Apex Central to retrieve logging details and alerts for display in its various dashboard widgets.
Which of the following is NOT a valid Outbreak Prevention Policy option that can be configured by an administrator? Limit/Deny access to mapped networked drives Deny access to executable compressed files Limit/Deny access to shared folders Block Ports
What are the two priority modes available for Vulnerability Protection in Apex One? Select all that apply. Page 315 Security priority Performance priority Policy priority
Exploit priority
Which of the following statements are TRUE regarding the Apex One Edge Relay Server? Select all that apply. The Apex One Edge Relay Server installs its own Codebase database. The Apex One Edge Relay Server requires the Internet Information Server. The Apex One Edge Relay Server does not require a database. The Apex One Edge Relay Server requires an SQL Server database to function.
Which of the following statements regarding the Apex One Firewall is TRUE? Page 233 The Apex One Firewall can be enabled/disabled on Agents at any level in the Agent Tree. The Apex One Firewall can only be enabled/disabled on Agents at the global level in the Agent tree. The Apex One Firewall can only be enabled/disabled on Agents at the Security Agent level in the Agent tree. The Apex One Firewall can only be enabled/disabled on Agents at the domain level in the Agent tree.
In which of the following locations would you NOT install an Update Agent? At remote sites On the Apex One Server On VLANs On branch network segments
Which of the following Apex One Server components can you install as part of the setup process? Page 28 Apex One (Mac) Apex One Data Protection An Integrated Smart Protection Server The Apex One Edge Relay Server
Which of the following is NOT a valid method for removing the Security Agent from an endpoint computer? Page 99. Uninstalling the Security Agent through the Apex One Web Management console Running the Security Agent Uninstall Program Using the Agent Mover Tool (IpXfer.exe) to move the Agent to another endpoint computer Manually uninstalling the services, files and registry information
Which of the following statements describes a valid use for the Smart Protection Service Proxy setting displayed in the exhibit? When this setting is enabled, Machine Learning requests by remote Security Agents are proxied to the Smart Protection Server through the Edge Relay Server. This allows endpoint computers outside of the network to enable Predictive Machine Learning checks. When this setting is enabled, Smart Scan becomes available in addition to conventional scanning. This allows endpoint computers to access a cloud-based repository of malware information on the Smart Protection Network.
When this setting is enabled, Security Agents are able to access the Internet
through a Web proxy. When this setting is enabled, Machine Learning requests are proxied through the Smart Protection Server. This allows endpoint computers with unreliable Internet connections to enable Predictive Machine Learning checks.
Which of the following is NOT a task performed by the Apex One Server? PAGE 17 apex one server task Distributes protection settings to Security Agents. Collects suspicious file samples and forwards for analysis. Installs Security Agents. Extracts characteristics from files and submits to the Smart Protection network for heuristic analysis.
What is the effect of the Update Source configuration displayed in the exhibit? All Security Agents installed on endpoint computers with an IP address between 192.168.4.1 and 192.168.4.254 will retrieve their updates from the Security Agent on the client-03 computer. All the endpoint computers with an IP address between 192.168.4.1 and 192.168.4.254 will use the standard update source to retrieve updates. The client-03 computer will retrieve its updates from any Security Agent within the 192.168.4.1 and 192.168.4.254 range. The Security Agent on client-03 will be updated the next time it connects to the Apex One Server.
Event Monitoring is enabled in the Behavior Monitoring settings to protect endpoint computers from a variety of unauthorized software and malware attacks. Which of the following is NOT an action that can be configured for applications generating the events?
Event Monitoring está habilitado en la configuración de Behavior Monitoring para proteger las computadoras de punto final de una variedad de software no autorizado y ataques de malware. ¿Cuál de las siguientes opciones NO es una acción que se puede configurar para aplicaciones que generan los eventos? The Security Agent can prompt the user to allow or deny the application associated with an event. The Security Agent can always allow applications associated with an event to run. The Security Agent can prompt the user to add the application to the Trusted Application List to prevent further warnings from being displayed. The Security Agent can deny applications associated with an event.
Which of the following statements regarding the use of the IIS Web server with Apex One is FALSE? The Web Server enables Security Agent to Server communications. The Web Server provides access to the Apex One Web Management console. The Web Server enables communication with the Integrated Smart Protection Server. The Web Server enables communication with the Standalone Smart Protection Server.
Which of the following services is always running on an Apex One Server, regardless of the options selected during setup? Real-time Scan Service Trend Micro Web Classification Service Trend Micro File Reputation Service Apex One Master Service
Which of the following statements regarding the Digital Signature Cache used by Security Agents is FALSE? Page 178
The Digital Signature Cache is rebuilt on a regular basis to add the signature of
new files that were introduced to the system since the last cache file was built. Administrators can configure the Digital Signature Cache settings to include the digital signatures of trustworthy files stored in any folder on the endpoint computer. Security Agents do not scan files whose signatures have been added to the Digital Signature Cache. Files residing within the \Windows folder which have a digital signature applied to them are automatically added to the Digital Signature Cache.
Which one of the following is NOT a capability of the Apex One Ransomware protection? Automatically backs up and restores files encrypted by unauthorized operations. Protects documents against unauthorized encryption operations. Blocks processes commonly associated with ransomware. Decrypts ransomware encrypted files.
A Security Agent is configured to use Smart Scan, however, it is not able to connect to a Smart Protection Server. After performing an Update Now operation, the Security Agent is now able to connect. Which of the following items is a possible reason for this? The information regarding the existence of the Smart Protection Server had not yet been propagated to the Security Agents. The Update Now operation synchronized the Security Agent settings with those of the Apex One Server, sending the Smart Protection Server list to the Security Agent. The Apex One Server was set to use the Low CPU Usage setting. This setting forces all of its services, including the Integrated Smart Protection Server, to sleep when Security Agents are Offline. The Update Now operation updated the Security Agent status to Online, triggering the Smart Protection Server to quit Sleep Mode. Smart Protection Server connection settings are retrieved through ActiveUpdate. When the Update Now operation was triggered, the Security Agent read the configuration details stored in the ssconfig.ini
file, thereby allowing the Security Agent to locate the Smart Protection Server. The Update Now operation triggered an update to the components on the Security Agent to allow it to connect to the Trend Micro Smart Protection Server.
Which of the following statements are TRUE regarding the use of Endpoint Sensor with Apex One? Select all that apply. PAGE 324 Endpoint Sensor provides the ability to investigate both the historical and current state of a managed endpoint. Endpoint Sensor records metadata related to activities occurring on the endpoint computer. This data is forwarded to Apex One on a regular basis for storage in the database. Policies using Endpoint Sensor must be deployed from Apex Central. A separate Endpoint Sensor Agent must be installed on the endpoint computer.
Which of the following is the correct sequence of events when malware samples are submitted to Deep Discover Analyzer by a Security Agent? PAGE 293
The root administrator has forgotten their password for the Apex One Web Management console before any other administrators have been created. How can the root administrator create a new password? Page 71, password reset tool. The svrsvcsetup utility can be used to update the root administrator password.
The Windows Administrator credentials must be provided as part of the command syntax. The root administrator can update their password through the TrendAuth.xml file. The root administrator can run the reset password tool and provide their Windows Administrator credentials when prompted. Once logged in, they can create a new password. The root administrator can update their password through the ofcserver.ini file.
Target endpoints receiving policy settings through Apex Central can be identified using Filter by Criteria or Specify Agent(s) as displayed in the exhibit. Which of the following statement are TRUE regarding these two options? Select all that apply. Los puntos finales de destino que reciben configuraciones de políticas a través de Apex Central se pueden identificar utilizando Filtrar por criterios o Especificar agente (s) como se muestra en la exposición. ¿Cuál de las siguientes afirmaciones es VERDADERA con respecto a estas dos opciones? Seleccione todas las que correspondan. Page 272 When a policy is assigned to endpoints using Specify Target, the assigned policy will never change or be re-evaluated. Policies targeted to endpoints using Specify Target will always take precedence of policies targeted using Filter by Criteria. When identifying target endpoints using Filter by Criteria, if the matching characteristics of the endpoints change over time, a different policy may be deployed to the endpoint. Assigning policies using Filter by Criteria allows policies to be deployed to endpoints across multiple domains.
Which of the following Security Agent components are protected from unauthorized modifications using the Agent Self-protection features in Apex One? Select all that apply. 108 y 109 Files in the Security Agent folder on the endpoint computer Smart Scan Agent Patterns, and Conventional Patterns Security Agent Registry settings Security Agent
services
How is debug mode enabled on a Security Agent? Page 357 Edit the ofcscan.ini file on the Security Agent and enable the required debug level. Within the Security Agent console, click Help, click the Diagnostic Toolkit tab and click Debug Log. Click the letter A in the Apex One Web Management console title bar to display the Debug Log Settings window. Create an ofcdebug.ini file on the Security Agent computer and identify the required debug level.
Which of the following statements regarding Predictive Machine Learning is FALSE? Page 211 The Predictive Machine Learning model is fed a large number of good and bad files to teach it to identify malware. Predictive Machine Learning in Apex One works on files and processes. Predictive Machine Learning uses mathematical formulas contained in locally stored patterns to make a decision. The Security Agent extracts features of the file and submits it to the Predictive Machine Learning model to make a decision.
Which of the following is NOT a function of Damage Cleanup Services? Page 190 Killing processes created by Trojans. Quarantining processes created by Trojans. Deleting files and applications left behind by Trojans. Repairing system files modified by Trojans.
Multiple automatic grouping rules are created to sort Security Agents in the Apex One Agent tree. How will Apex One handle Security Agents that do not match any of the grouping rules? If no rules are matched during the grouping operation, the Agents are placed in a group called
Default. If no rules are matched during the grouping operation, the Agents are placed in the first group in the list. If no rules are matched during the grouping operation, the Agents will not be displayed in the Apex One Agent tree. If no rules are matched during the grouping operation, the administrator will be prompted to select a group in the Apex One Agent tree.