Professional Documents
Culture Documents
Prueba 0
Prueba 0
1.Question:
Why would you connect your Trend Micro products to Trend Vision One?
Connecting the products is required to collect security event telemetry from the
connected products.
Connecting the products is required to collect activity data from the connected
products.
Connecting the products is required for licensing purposes.
Connecting the products ensures that appropriate computing resources are assigned
to your Trend Vision One instance.
Question:
Which Trend Vision One app is used to start the process of connecting an existing
Trend Micro product to Trend Vision One?
Product Instance
Product Connection
Endpoint Inventory or Network Inventory
Third-Party Integration
Question:
What must be generated and copied from Trend Vision One and used in the other Trend
Micro product console to register this product with Trend Vision One?
An enrollment token
An API key
A registration code
An added device
Question:
The enrollment token has an expiration date. True or False?
True
False
Question:
Once the Trend Cloud One instance is connected, what do you need to do to identify
which Cloud One services are to be connected to Trend Vision One?
Click on the Cloud One instance name in the Product Instance list. On the
Configuration tab, click to select the Cloud One services to be connected.
Nothing, all services will automatically be connected.
In the Product Instance app, click Add Existing Product and select the services from
the Product Connection dropdown.
Go to Service Gateway Management and create a Service Gateway to connect the
services.
Question 2
Which of the following must be enabled on an endpoint to download the endpoint sensor?
o Trend Micro Endpoint Basecamp services
Trend Micro XDR Services Manager
Apex One NT Listener
Trend Micro Security Notifier
Question 2
The Virtual Network Sensor can be hosted on which of the following platforms? Select all
that apply.
Amazon Web Services
VMware ESXi
Microsoft Hyper-V
RHEL KVM
Question 3
You need to connect an on-premises Deep Discovery Inspector appliance to Trend Vision
One. Use the screens below to begin that process from the Network Inventory app screen.
Click the full screen icon to the right to minimize scrolling. Use the Hints (light bulb icon at the
top right) when needed.
Interactiva respuesta, dar click en Deep Discovery Inspector Appliances – Despues connect en el
botón azul select en la nueva ventana Deep Discovery inspector y es respuesta correcta.
Question 1
What key pieces of information are needed in order to successfully connect EdgeOne with
Trend Vision One? Select THREE and Submit.
o OT device IP address
o Enrollment token
o Trend Vision One Instance ID
o Detection Model ID
o Service Gateway API key
o Service Gateway IP address
Question 2
The data that is provided to Trend Vision One by EdgeOne includes whether
commands were allowed or blocked. True or False?
True
False
Question 1
Which Trend Vision One apps are involved in the process steps to integrate StellarOne with
Trend Vision One? Select TWO.
o Product Instance app
o Service Gateway Management app
o Search app
o Workbench app
Question 2
You are integrating StellarOne with Trend Vision One. You copied the Service
Gateway API key and the generated StellarOne enrollment token to a notepad. The
next day, when you try to complete the integration steps in StellarOne and click
Test Connection, it fails. What might you want to check? Select TWO.
Is your product instance supported?
Were the API key and enrollment token pasted into the wrong fields in StellarOne?
Is the 'Send StellarOne malware detection logs in Vision One' setting disabled?
Is the enrollment token expired?
Analyzing your security posture
Question 1
Which of the following best describes Risk Index?
Risk Index is a score calculated based on the protection features applied to managed
Agents.
Risk Index is a score calculated based on the severity of threats in your environment
and likelihood of exploit impact.
Risk Index is a score that rates the attack intensity on your organization.
Risk Index is a comprehensive score based on the dynamic assessment of your
exposure, attack and security configurations risk factors.
Question 2
Which of the following terms refers to the collection of cyber assets that are
connected within an organization as well as all possible attack vectors?
o Risk assessment
o Risk Index
o Attack surface
o Dynamic assessment
Question 1
Which of the following best describes the Exposure Index?
Exposure Index is a value that evaluates percentage of alerts that result in
Workbenches.
Exposure Index is a value which is calculated based on the severity of threats in
your environment and likelihood of exploit impact.
Exposure Index is a value that rates your organization's Trend Micro endpoint and
email protection status.
Exposure Index is a value that rates the attack intensity on your organization.
Question 1
Which of the following capabilities are enabled through the use of a Service Gateway?
Select all that apply.
o Synchronizing Suspicious Object Lists between Trend Vision One and other Trend
Micro products
o Serving as an alternate ActiveUpdate source for certain Trend Micro products
o Forwarding logs from TippingPoint to Trend Vision One
o Synchronizing threat intelligence between Trend Vision One and some third-party
applications
Question 2
The Service Gateway requires a deployment through a virtualization environment like
VMware ESXi server or Microsoft Hyper-V. True or False?
True
False
Question 3
Service Gateways allow on-premises Trend Micro products and services to integrate with
Smart Protection Services. Which of the following is NOT a Smart Protection Service
accessible through the Service Gateway?
File Reputation
Scan Compliance
Certified Safe Software
Web Reputation
Question 4
The Attack index rates the attack intensity on your organization and is calculated based on:
Question 5
Based on the screenshot image above for Standard Endpoint Protection, what is true for this
customer?
9 Standard Endpoint Protection agents are deployed.
589 devices do not have sensors enabled.
9 Standard Endpoint Protection agents are at end of life.
Question review
Presionar en Data Sources a la izquierda en el primer Dashboard
Preguntas (6)
El Índice de Riesgo actual es: 61
The number of discovered devices is: 172
Qualys is currently an enabled data source. True or false? False
Fill in both blanks then click Submit:
The number of Highly-exploitable Unique CVEs for Internal Assets is: 14
The number of host highly exploitable unique CVE (internet facing): 312
What is the attack intensity score for the Exploitation of Remote
Services cyber threat?
0
40
46
64
Managing Credits
Question 1
Your organization has 1000 endpoints and servers and 500 email accounts that you want to
enable sensors on through Trend Vision One. How many credits will be required? Refer to
the Managing Credits section above.
1,500
5,000
21,500
46,500
Question 2
Once a credit has been assigned to a sensor, it cannot be reused and reassigned to another
device. True or False?
True
False
Question 3
The Credit Usage app in the Trend Vision One console currently displays that you have
2,000 unallocated credits. You are going to enable mobile security on 1,000 iOS devices
and 1,000 Android devices.
How many credits must be purchased or transferred from other sensors to cover this new
deployment of mobile devices?
2,000
10,000
8,000
No additional credits are required
Workbenchs
Question 1
What does Trend Vision One call an alert created by stitching together threat activity across
multiple security layers?
Observable graph
Workbench
MITRE ATT&CK technique
Detection model
The Workbench app displays alerts triggered by detection models and generated incidents that
groups related alerts and enables further investigation into each alert.
Question 2
What does Trend Vision One call a grouping of Workbench alerts?
Detection model
Observed Attack technique
Incident
Observable graph
Trend Vision One creates incidents to group related alerts using advanced alert correlation and
machine learning techniques.
Question 3
Administrators can add objects to Exceptions if they want to exclude the object value from
being detected by the current detection filter. True or False?
True
False
Objects are added to exceptions to exclude the object value from being detected by the
current detection filter.
Targeted Attack Detection requires that the security features Predictive Machine Learning, Smart
Feedback, and Behavior Monitoring be enabled on your products. Trend Micro also recommends
enabling scheduled scans and XDR sensors to improve your overall security posture.
Zero Trust
Question 1
In a Zero Trust environment, authentication is evaluated each time new data or resources
are accessed. True or False?
True
False
Question 1
Administrators must configure the Private Access Service to control access to the
internal resources of your organization.
Question 1
Which of the following factors are considered when validating access through Trend Vision
One's Zero Trust Secure Access app. Select all that apply.
The data or services being accessed
The state of the device attempting access
The user’s role
The user's location
Question 2
Which of the following is NOT one of the types of Secure Access rules used by Trend
Vision One?
Compromise detection rules
Internet access control rules
Private access control rules
Risk control rules
Implementing Zero Trust
Question 1
Sam is an employee in your organization whose risk level was 78 for more than 24 hours.
Your secure access rule Users with a persistent high risk score was triggered. Based on
the image below, what TWO actions are triggered by this rule?
Disable User Account
Monitor Internal App Access
Monitor Sign-In Attempt
Block Internal App Access
Force Sign Out
Force Password Reset
Monitor Cloud App/URL Access
Block Cloud App/URL Access
Running CyberRisk Assessments
Question 1
Your organization wants to minimize the risks that your employees’ behaviors may
introduce to your environment and provide them guidance on how to avoid real attacks.
Which assessment would help give you insight into employee’s behaviors?
Phishing Simulation assessment
At-Risk Endpoints assessment
Gmail assessment
External Attack Surface assessment
The Phishing Simulation Assessment runs a phishing attack simulation to identify employees who
are susceptible to a phishing attack and require additional security awareness education. It can also
be configured with follow-up notification to send phished employees guidance on what to do in the
event of a real attack.
Question 2
Which of the following types of threats can be detected as part of an Office 365 email
assessment? Select all that apply.
Phishing messages
Ransomware
Spam messages
Malicious URLs
Exchange Online / Gmail Assessments can report on threats including spam messages, phishing
messages, ransomware, malicious URLs, as well as malicious files and BEC messages.
Question 3
You want to run an assessment of some specific endpoints to determine if there are risks. In
the Cyber Risk Assessment app, you find that an assessment has already been performed.
What do you need to do?
Nothing, the At-Risk Endpoint Assessment assesses all endpoints each time it’s run.
Refresh the screen to update the assessment.
Click Start New Assessment from the At-Risk Endpoint Assessment tile.
Click View Report, then click Start New Assessment.
Question 4
The results of an External Attack Surface Assessment are displayed in the Cyber Risk
Assessment app. Detailed information from the assessment can be found in this app:
Attack Surface Discovery
Observed Attack Techniques
Operations Dashboard
Data Sources
Managing Suspicious Objects and Sandbox Analysys
Which of the following is NOT a type of object that can be defined as a suspicious object?
IP address
Domain
MD5 hash
URL
IP address, domain, URL, sender address, file SHA-1 hash, and file SHA-256 hash are object types
that may be supported, depending on the products. MD5 hash is not a supported object type.
Suspicious Objects details can be extracted from properly formatted files that are imported
into Trend Vision One. Which file types are supported? Select all that apply.
STIX
OpenIOC
XML
CSV
Managing Suspicious Object and Sandbox Analysis
Which of the following Actions can be applied to suspicious objects in Trend Vision One?
Select all that apply.
Delete
Block / Quarantine
Pass
Log
Integrations With Third Products
TAXII feeds require a connection to a Service Gateway. True or false?
True
False
Correct, a URL is used to connect.
Question 1
The Trend Micro Risk Insights for Splunk app allows XDR data to be viewed directly in
Splunk. True or false?
True
False
Correct, The Trend Micro Risk Insights for Splunk app connects your Splunk data with Trend
Vision One to access firewall and Web gateway activity for a variety of third-party products in the
Trend Vision One console.
Question 2
Which of the following is NOT a Risk Insights data source?
Office 365
Okta
Microsoft Azure Active Directory
Azure Sentinel
Question 1
A Mobile Device Management (MDM) solution is a pre-requisite for Trend Vision One
Mobile Security. True or False?
True
False
Mobile Security can be integrated with an MDM, in which case it is a pre-requisite, or with
Trend's Mobile Device Director (MDD). If a user cannot utilize an MDM or MDD in their
environment, administrators can integrate with a single sign-on or Active Directory to
invite users to install the Mobile Agent.
Question 2
Which of the following Trend Vision One Mobile Security features are available only on
Android devices? Select all that apply.
Wifi protection
Malware detection
Risky mobile app protection
Web reputation
Operation Dashboard
Question 1
Which of the following are valid data sources for the Operations Dashboard? Select all
that apply.
Azure Active Directory
Trend Vision One Endpoint Sensor
Trend Micro Mobile Security
Trend Vision One Workbenches
Correct: The Trend Vision One Endpoint Sensor provides user, application, web
activities, and vulnerability assessment on monitored endpoints. Trend Micro Mobile
Security monitors cloud apps, mobile apps, threats, and user activities detected on
monitored mobile devices. Azure Active Directory provides user information and activity
data.
The Trend Vision One Workbench app provides a list of alerts triggered by detection
models, as well as incidents that correlate alerts. It is not a data source.
Question 2
The Operations Dashboard provides statistics based on data retrieved over which time
period?
The last 24 hours
The last 7 days
The last 30 days
The last 90 days
Correct: The Operations Dashboard app provides statistics based off the data for the last 30 days
and allows you to mitigate the risks found in your environment by providing remediation steps and
preventive measures
Risk Factors
Which of the following risk factors consider suspicious user activity when creating the risk
factor score? Select all that apply.
Anomaly detection
Vulnerability detection
Threat detection
Account compromise
Cloud Activity
The risk level value for a cloud app is based on which of the following? Select all that
apply.
Maturity of the app
Recent security breaches
The app's security features
Geographic region where the cloud app is hosted
Automating Operations
Question 1
Which of the following items is NOT required to use the Trend Vision One API?
A Trend Vision One account configured with Single Sign-on
Network access to Trend Vision One to submit the resource requests.
A Trend Vision One role with permissions necessary to perform the requested tasks.
An authentication token to accompany any requests submitted to Trend Vision One
through the API.
Correct:Single Sign-on is not a requirement to use the Trend Vision One APIs.
Question 2
Which of the following HTTP operations can be performed on Trend Vision One resources
using the API? Select all that apply.
VIEW
POST
GET
DEL
Correct: GET, DEL, POST, and PATCH are the 4 operations. VIEW is not one.