In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?
A. /ProgramData/Cyvera/Logs
B. /ProgramData/Cyvera/Everyone/Temp
C. /Library/Application Support/Cyvera/BITS Uploads/
D. /Library/Application Support/PaloAltoNetworks/Traps/Upload/
The administrator has added the following whitelist to the WildFire Executable Files policy.
*\mysoftware.exe
What will be the result of this whitelist?
A. users will not be able to run mysoftware.exe.
B. mysoftware.exe will be uploaded to WildFire for analysis
C. mysoftware.exe will not be analyzed by WildFire regardless of the file location.
D. mysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.
An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment. Which two troubleshooting actions are relevant to this investigation? (Choose two.)
A. Check that the servers xml file has been cleared on the migrated endpoints.
B. Check that the ClientInfoHash tag has been cleared on the migrated endpoints.
C. Check that the actions xml file has not been cleared on the migrated endpoints.
D. Check that the WildFire cache has been cleared on the migrated endpoints.
Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?
A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.
B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.
C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.
D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.
Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)
A. Conditions
B. Processes
C. ESM Server
D. Target Objects
E. Features
Which is the proper order of tasks that an administrator needs to perform to successfully create and install Traps 4.x for macOS agents?
A. Download ClientUpgradePackage_4.x.x.zip from the support portal. Copy ClientUpgradePackage_4.x.x.zip to target endpoint. Unzip and run traps pkg.
B. Download ClientUpgradePackage.zip from the support portal. Create installation package on ESM using .zip file, download installpackage.zip file. Copy installpackage.zip to target endpoint. Unzip and run traps pkg.
C. Download Traps_macOS_4.x.x.zip from the support portal. Copy Traps_macOS_4.x.x.zip to target endpoint. Unzip and run traps pkg.
D. Download Traps_macOS_4.x.x.zip from the support portal. Create installation package on ESM using .zip file, download installpackage.zip file. Copy installpackage.zip to target endpoint. Unzip and run traps pkg.
A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?
A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.
B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.
C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.
D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.
A customer plans to test the malware prevention capabilities of Traps. It has defined this policy. Local analysis is enabled Quarantining of malicious files is enabled Files are to be uploaded to WildFire
No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen. Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire. Which behavior will result?
A. WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.
B. Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.
C. WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.
D. WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.
Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)
A. File Recovery
B. Server Authentication
C. Client Authentication
D. Key Recovery
Which version of .NET Framework is required as a prerequisite when installing Traps agent on Windows 7?
A. .NET Framework 4.5
B. .NET Framework 3.5.1
C. .NET Framework 2.0
D. .NET Framework 4.0
