: Enterasys Networks 2B0-101
Title : Enterasys Security Systems Engineer (ESSE) Recertification
Version : R6.1
Prepking - King of Computer Certification Important Information, Please Read Carefully Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.
1. The attack category
is for events that
A. Attempt to discover weaknesses B. Map the structure of the network C. Have the potential to compromise the integrity of an end system. D. Deny access to resources Answer: C 2. Virtual Sensors can segregate traffic by? A. IP Address, VLAN, Port B. IP Address, VLAN, Port, Protocol C. IP Address, VLAN, Port, Protocol, Application D. IP Address, VLAN, Port, Application Answer: B 3. In an Event Flow Processor (EFP) a consumer can be? A. A Sensor or an Event Channel B. An Event channel only C. An Event channel or an Agent D. An Agent only Answer: C 4. Before the host Sensor can be deployed A. It must be associated with a virtual sensor B. It must be associated with a host policy C. Its key must be added to the /usr/dragon/bin directory D. Its address must be added to /etc/hosts Answer: B 5. Which of the following Dragon Agents is used for detecting changes to host files? A. Real Time Console B. MD5 Sum C. Alarm Tool D. Database Answer: B 6. In a standalone deployment the system will have? A. A net-config-client.xml file B. A net-config-server.xml file C. A net-config-server.xml and a net-con fig-client.xml file D. A net-config-server.xml, a net-con fig-client.xml and a net-config-reports.xml file
Answer: C 7. MD5 checksums are A. Stored in a protected directory on the host B. Appended to the protected file C. Passed up the event channel to the MD5 Agent D. Stored in the /usr/dragon/bin directory on the Enterprise Management Server (EMS) Answer: C 8. Which of the following best describes the commit operation? A. It uses the configuration channel to push a configuration to a device B. It uses the event channel to push a configuration to a device C. It writes a configuration change to the Enterprise Management Server (EMS) database D. It writes a configuration change to the management clients database Answer: C 9. Which of the following Dragon Agents sends notifications when the sensors detect an event that match a rule? A. Real Time Console B. MD5 Sum C. Alarm Tool D. Database Answer: C 10. Signature OS A. Applies signature to network traffic originating from the specified OS B. Is used for writing Host signatures C. Is optional on Network signatures D. Is required on all signatures Answer: B 11. Dragonctl is used to? A. Start, stop and monitor the dragon processes on the remote node B. Write log files C. Monitor the Ring Buffer D. Maintain configuration channel connections Answer: A 12. Virtual sensor names? A. Are included in events they generate B. Must match the sensor key
C. Must include the device name D. Require separate keys Answer: A 13. Agents can be deployed? A. Only on non-forwarding Event Flow Processor (EFPs) B. Only on forwarding Event Flow Processor (EFPs) C. Only on the Enterprise Management Server (EMS) station D. On any Event Flow Processor (EFP) Answer: D 14. The host policy MD5 detection module A. Detects any changes in
the contents of protected file
B. Detects file size increases C. Detects file truncations D. Detects ownership changes Answer: A 15. Traffic direction
refers to traffic flows in relation to the
A. Server B. Protected network C. Client D. DMZ Answer: B 16. The master Alarm Tool Default policy A. Is write locked B. Is writable C. Cannot be copied D. Cannot be associated with an Agent Answer: A 17. Which alarm type is best described as: collects information for x period of time, then send event notifications A. Real Time B. Summary C. Dynamic D. Interval Answer: B 18. Agent status will show as Not Available until?
A. The agent is committed B. The agent is
C. The agent is selected D. The remote node is deployed Answer: B 19. Agents
can be deployed on?
A. Only the Enterprise Management Server (EMS) B. Any managed node with a networked sensor deployed C. Any managed node with host sensor deployed D. Any managed node Answer: D 20. If a packet matched the rules for two virtual sensors it will be evaluated by? A. Both sensors B. The first sensor it matches C. The default sensor D. Overlapping rules are not permitted Answer: B 21. A Bare Bones Event Flow Processor (EFP) has? A. Only event channels B. Event channels and agents C. Only Agents and Sensors D. Event channels and sensors Answer: A 22. Which alarm type is best described as: Sends event notifications
as soon as the are triggered
A. Real Time B. Summary C. Dynamic D. Interval Answer: A 23. When a notification rule is created a __________ can be associated with it. A. Sensor B. User C. Time Period D. Score Answer: C
24. Connection type Outbound in the net-config-client.xml file indicates? A. The server will initiate configuration channel connections B. The client will initiate configuration channel connections C. The server will initiate event channel connections D. The client will initiate event channel connections Answer: B 25. The default configuration channel port is? A. 9111 B. 9112 C. 9113 D. 9114 Answer: A 26. In an Event Flow Processor (EFP) the producer? A. Writes events top memory B. Takes events off the Ring Buffer C. Puts events on the Ring Buffer D. Passes events to Agents Answer: C 27. Dynamic Collection controls A. The number of packets to analyze B. The number of times to execute the signature in a flow C. The number of follow on packets to capture for forensics D. The number of bytes to search for a match Answer: C 28. Alarm Tool filters can filter traffic based on: time (after / before ), Direction, events, IP source or Destination, protocol and A. Threat subnet B. Policy C. Sensor D. VLAN Answer: C 29. The net-config-client.xml file is associated with? A. The Enterprise Management Server (EMS) B. Managed node client C. Enterprise Management Server (EMS) Management Client
D. Reporting server Answer: B 30. Custom Signature libraries can contain A. Copies of master signatures and libraries B. Customized signatures C. Copies
of master signatures and libraries, customized signatures and customized policies
D. Copies of master signatures and libraries and customized signatures Answer: D 31. The virtual sensor name? A. Must match the license name B. Is included in all events reported by the virtual sensor C. Must include the node name D. Applies only to the device view Answer: B 32. The Alarm Tool event group editor tool is used to A. Select the Network events that will trigger an alarm B. Add new libraries C. Select the Network or Host events that will trigger an alarm D. Edit host policies Answer: C 33. Alarm Filters are used to A. Select the destination for notification B. fine tune the generation of event notifications C. select the notification protocol D. select the action to be taken Answer: B 34. Master Network Libraries A. Cannot be directly associated with sensors B. Cannot be directly associated with virtual sensors C. Can be directly associated with virtual sensors D. Can be modified Answer: C 35. The Windows host sensor key A. Is added to the /usr/keys directory B. Is pushed from the Enterprise Management Server (EMS) when the managed node is deployed
C. Is installed manually on the Windows system D. Is pushed from the Enterprise Management Server (EMS) when the sensor is deployed Answer: C 36. The Host Sensor Virtual Sensor module A. Associates host policies to the sensor B. Allows the sensor name contained within an event to be overridden with configured values C. Allows signatures to be associated with the sensor D. Allows signatures and policies to be associated with the sensor Answer: B 37. Network policies and signatures are associated with the? A. Managed node B. Network sensor C. Virtual sensor D. Agent Answer: C 38. A Non-Forwarding Event Flow Processor (EFP)? A. Has no event channels B. Has only sensors C. Has only Agents D. Has Event Channels and Agents Answer: D 39. Virtual Sensors ____________ A. Must each use the same Network Policy B. Must each use the same Signature Library C. Must each use the same Network policy but each one can use different Signature Libraries D. Each one can use different Network policies and Signature Libraries Answer: D 40. The misuse category is for events that A. Indicate a successful attack B. may have potential security ramifications C. show evidence of a known vulnerability D. Anything not compromising a host but forbidden by corporate policy Answer: D 41. Which of the following Dragon Agents Reads events from the ring buffer and stores them in memory structures for immediate analysis?
A. Real Time Console B. MD5 Sum C. Alarm Tool D. Database Answer: A 42. The default event channel port is? A. 9111 B. 9112 C. 9113 D. 9114 Answer: B 43. The host sensor name A. Must match the license key B. Is for display purposes only C. Is included in events generated by the sensor D. Must include the managed node name Answer: C 44. In a signature the service direction refers to A. Ports B. Networks C. VLANS D. Protocols Answer: A 45. A networks sensor can have ______ virtual sensors? A. 1 B. 2 C. 3 D. 4 Answer: D 46. Enterprise Management Server (EMS) database files are? A. Flat Files B. XML Files C. SQL records D. Binary records Answer: B
100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/2B0-101.htm
2b0-101,2b0-101 exam, 2b0-101 exam questions,2b0-101 dumps