Connecting Trend Micro Products

1.Question:
Why would you connect your Trend Micro products to Trend Vision One?
 Connecting the products is required to collect security event telemetry from the
connected products.
 Connecting the products is required to collect activity data from the connected
products.
 Connecting the products is required for licensing purposes.
 Connecting the products ensures that appropriate computing resources are assigned
to your Trend Vision One instance.
Question:
 Which Trend Vision One app is used to start the process of connecting an existing
Trend Micro product to Trend Vision One?
 Product Instance
 Product Connection
 Endpoint Inventory or Network Inventory
 Third-Party Integration

Question:
What must be generated and copied from Trend Vision One and used in the other Trend
Micro product console to register this product with Trend Vision One?
 An enrollment token
 An API key
 A registration code
 An added device
 Question:
 The enrollment token has an expiration date. True or False?
 True
 False
 Question:
 Once the Trend Cloud One instance is connected, what do you need to do to identify
which Cloud One services are to be connected to Trend Vision One?
  Click on the Cloud One instance name in the Product Instance list. On the
Configuration tab, click to select the Cloud One services to be connected.
 Nothing, all services will automatically be connected.
 In the Product Instance app, click Add Existing Product and select the services from
the Product Connection dropdown.
 Go to Service Gateway Management and create a Service Gateway to connect the
services.

Installing Endpoint Sensors-Rel3

Question 1
An Apex One Security Agent must be installed to enable the endpoint sensor on that
computer. True or False?
 True
 False

Question 2
Which of the following must be enabled on an endpoint to download the endpoint sensor?
o Trend Micro Endpoint Basecamp services
 Trend Micro XDR Services Manager
 Apex One NT Listener
 Trend Micro Security Notifier

Installing email sensors

Question 1
 Question 1
  Adding email sensors requires Trend Micro Cloud App Security. True or False?
 True
o False
 Question 2
 Which of the following cloud-based applications can be protected using Trend
Micro Cloud App Security? Select all that apply.
o Salesforce
o Google Drive
o Microsoft Teams
o Dropbox
 Question 3
 Which of the following are required steps to provision Cloud App Security? Select
all that apply.
 Connecting Cloud App Security to a Service Gateway
o Creating user accounts for each end user
o Creating a service account for the protected cloud service
o Grant Cloud App Security access to the service data

Installing Network sensors

Question 1
Why would you connect Deep Discovery Inspector to a Service Gateway?
 In order to use a virtualized version of Deep Discovery Inspector.
 Deep Discovery Inspector is required to be connected to a Service Gateway in order
to send any network activity data to Trend Vision One.
 To enable the ActiveUpdate, Smart Protection Services, and Suspicious Object List
Synchronization services on the device.
 You would not connect Deep Discovery Inspector to a Service Gateway.

Question 2
The Virtual Network Sensor can be hosted on which of the following platforms? Select all
that apply.
 Amazon Web Services
 VMware ESXi
 Microsoft Hyper-V
 RHEL KVM
 Question 3
You need to connect an on-premises Deep Discovery Inspector appliance to Trend Vision
One. Use the screens below to begin that process from the Network Inventory app screen.
Click the full screen icon to the right to minimize scrolling. Use the Hints (light bulb icon at the
top right) when needed.

Interactiva respuesta, dar click en Deep Discovery Inspector Appliances – Despues connect en el
botón azul select en la nueva ventana Deep Discovery inspector y es respuesta correcta.

Integration de EdgeOne con Trend Vision One.

Question 1
What key pieces of information are needed in order to successfully connect EdgeOne with
Trend Vision One? Select THREE and Submit.
o OT device IP address
o Enrollment token
o Trend Vision One Instance ID
o Detection Model ID
o Service Gateway API key
o Service Gateway IP address
 Question 2
 The data that is provided to Trend Vision One by EdgeOne includes whether
commands were allowed or blocked. True or False?
  True
 False

XDR for OT: Integrating OT with Trend Vision One

Integrating StellarOne with Trend Vision One

Question 1
Which Trend Vision One apps are involved in the process steps to integrate StellarOne with
Trend Vision One? Select TWO.
o Product Instance app
o Service Gateway Management app
o Search app
o Workbench app
 Question 2
 You are integrating StellarOne with Trend Vision One. You copied the Service
Gateway API key and the generated StellarOne enrollment token to a notepad. The
next day, when you try to complete the integration steps in StellarOne and click
Test Connection, it fails. What might you want to check? Select TWO.
 Is your product instance supported?
 Were the API key and enrollment token pasted into the wrong fields in StellarOne?
 Is the 'Send StellarOne malware detection logs in Vision One' setting disabled?
 Is the enrollment token expired?
Analyzing your security posture

Question 1
Which of the following best describes Risk Index?
 Risk Index is a score calculated based on the protection features applied to managed
Agents.
 Risk Index is a score calculated based on the severity of threats in your environment
and likelihood of exploit impact.
 Risk Index is a score that rates the attack intensity on your organization.
 Risk Index is a comprehensive score based on the dynamic assessment of your
exposure, attack and security configurations risk factors.
 Question 2
 Which of the following terms refers to the collection of cyber assets that are
connected within an organization as well as all possible attack vectors?
o Risk assessment
o Risk Index
o Attack surface
 o Dynamic assessment
 Question 1
 Which of the following best describes the Exposure Index?
 Exposure Index is a value that evaluates percentage of alerts that result in
Workbenches.
 Exposure Index is a value which is calculated based on the severity of threats in
your environment and likelihood of exploit impact.
 Exposure Index is a value that rates your organization's Trend Micro endpoint and
email protection status.
 Exposure Index is a value that rates the attack intensity on your organization.

Configuration Service Gateway -R3

Question 1
Which of the following capabilities are enabled through the use of a Service Gateway?
Select all that apply.
o Synchronizing Suspicious Object Lists between Trend Vision One and other Trend
Micro products
o Serving as an alternate ActiveUpdate source for certain Trend Micro products
o Forwarding logs from TippingPoint to Trend Vision One
o Synchronizing threat intelligence between Trend Vision One and some third-party
applications

Question 2
The Service Gateway requires a deployment through a virtualization environment like
VMware ESXi server or Microsoft Hyper-V. True or False?
 True
 False

Question 3
Service Gateways allow on-premises Trend Micro products and services to integrate with
Smart Protection Services. Which of the following is NOT a Smart Protection Service
accessible through the Service Gateway?
 File Reputation
 Scan Compliance
 Certified Safe Software
 Web Reputation
Question 4

The Attack index rates the attack intensity on your organization and is calculated based on:

 The number of known detections

 The number of exposure risk factors
 The number of impacted assets
 The severity of each unique threat type

Question 5

Based on the screenshot image above for Standard Endpoint Protection, what is true for this
customer?
 9 Standard Endpoint Protection agents are deployed.
 589 devices do not have sensors enabled.
 9 Standard Endpoint Protection agents are at end of life.
Question review
Presionar en Data Sources a la izquierda en el primer Dashboard
Preguntas (6)
El Índice de Riesgo actual es: 61
The number of discovered devices is: 172
Qualys is currently an enabled data source. True or false? False
Fill in both blanks then click Submit:
The number of Highly-exploitable Unique CVEs for Internal Assets is: 14
The number of host highly exploitable unique CVE (internet facing): 312
 What is the attack intensity score for the Exploitation of Remote
Services cyber threat?
 0
 40
 46
 64

How many container clusters are unprotected? 3

Managing Credits
Question 1
Your organization has 1000 endpoints and servers and 500 email accounts that you want to
enable sensors on through Trend Vision One. How many credits will be required? Refer to
the Managing Credits section above.
 1,500
5,000
21,500
46,500

Question 2
Once a credit has been assigned to a sensor, it cannot be reused and reassigned to another
device. True or False?
True
False

Question 3
The Credit Usage app in the Trend Vision One console currently displays that you have
2,000 unallocated credits. You are going to enable mobile security on 1,000 iOS devices
and 1,000 Android devices.

How many credits must be purchased or transferred from other sensors to cover this new
deployment of mobile devices?
 2,000
 10,000
 8,000
 No additional credits are required

Workbenchs
Question 1
What does Trend Vision One call an alert created by stitching together threat activity across
multiple security layers?
Observable graph
 Workbench
 MITRE ATT&CK technique
 Detection model
The Workbench app displays alerts triggered by detection models and generated incidents that
groups related alerts and enables further investigation into each alert.

Question 2
What does Trend Vision One call a grouping of Workbench alerts?
 Detection model
 Observed Attack technique
 Incident
 Observable graph
Trend Vision One creates incidents to group related alerts using advanced alert correlation and
machine learning techniques.

Question 3
Administrators can add objects to Exceptions if they want to exclude the object value from
being detected by the current detection filter. True or False?
True
False
Objects are added to exceptions to exclude the object value from being detected by the
current detection filter.

Observed Attack Techniques

Every event on the Observed Attack Techniques screen results in a Workbench alert. True
or False?
True
False
To improve Targeted Attack Detection results, Trend Micro recommends that which of the
following features be enabled in the products connected to Trend Vision One? Select all
that apply.
 Web Reputation
 XDR sensors enabled on monitored endpoints
 Predictive Machine Learning
 Behavior Monitoring

Targeted Attack Detection requires that the security features Predictive Machine Learning, Smart
Feedback, and Behavior Monitoring be enabled on your products. Trend Micro also recommends
enabling scheduled scans and XDR sensors to improve your overall security posture.

Zero Trust

Question 1
In a Zero Trust environment, authentication is evaluated each time new data or resources
are accessed. True or False?
 True
 False
 Question 1
 Administrators must configure the Private Access Service to control access to the
internal resources of your organization.

Question 1
Which of the following factors are considered when validating access through Trend Vision
One's Zero Trust Secure Access app. Select all that apply.
 The data or services being accessed
 The state of the device attempting access
 The user’s role
 The user's location

Question 2
Which of the following is NOT one of the types of Secure Access rules used by Trend
Vision One?
Compromise detection rules
Internet access control rules
Private access control rules
Risk control rules
Implementing Zero Trust

Question 1
Sam is an employee in your organization whose risk level was 78 for more than 24 hours.
Your secure access rule Users with a persistent high risk score was triggered. Based on
the image below, what TWO actions are triggered by this rule?
 Disable User Account
Monitor Internal App Access
Monitor Sign-In Attempt
Block Internal App Access
Force Sign Out
Force Password Reset
Monitor Cloud App/URL Access
Block Cloud App/URL Access
Running CyberRisk Assessments
Question 1
Your organization wants to minimize the risks that your employees’ behaviors may
introduce to your environment and provide them guidance on how to avoid real attacks.
Which assessment would help give you insight into employee’s behaviors?
 Phishing Simulation assessment
 At-Risk Endpoints assessment
 Gmail assessment
 External Attack Surface assessment
The Phishing Simulation Assessment runs a phishing attack simulation to identify employees who
are susceptible to a phishing attack and require additional security awareness education. It can also
be configured with follow-up notification to send phished employees guidance on what to do in the
event of a real attack.

Question 2
Which of the following types of threats can be detected as part of an Office 365 email
assessment? Select all that apply.
Phishing messages
Ransomware
Spam messages
Malicious URLs
Exchange Online / Gmail Assessments can report on threats including spam messages, phishing
messages, ransomware, malicious URLs, as well as malicious files and BEC messages.

Question 3
You want to run an assessment of some specific endpoints to determine if there are risks. In
the Cyber Risk Assessment app, you find that an assessment has already been performed.
What do you need to do?
Nothing, the At-Risk Endpoint Assessment assesses all endpoints each time it’s run.
Refresh the screen to update the assessment.
Click Start New Assessment from the At-Risk Endpoint Assessment tile.
Click View Report, then click Start New Assessment.

Question 4
The results of an External Attack Surface Assessment are displayed in the Cyber Risk
Assessment app. Detailed information from the assessment can be found in this app:
 Attack Surface Discovery
 Observed Attack Techniques
  Operations Dashboard
 Data Sources
Managing Suspicious Objects and Sandbox Analysys

Which of the following is NOT a type of object that can be defined as a suspicious object?
 IP address
 Domain
 MD5 hash
 URL
IP address, domain, URL, sender address, file SHA-1 hash, and file SHA-256 hash are object types
that may be supported, depending on the products. MD5 hash is not a supported object type.

Suspicious Objects details can be extracted from properly formatted files that are imported
into Trend Vision One. Which file types are supported? Select all that apply.
 STIX
 OpenIOC
 XML
 CSV
Managing Suspicious Object and Sandbox Analysis
Which of the following Actions can be applied to suspicious objects in Trend Vision One?
Select all that apply.
 Delete
 Block / Quarantine
 Pass
 Log
Integrations With Third Products
TAXII feeds require a connection to a Service Gateway. True or false?
True
False
Correct, a URL is used to connect.

Question 1
The Trend Micro Risk Insights for Splunk app allows XDR data to be viewed directly in
Splunk. True or false?
True
 False
Correct, The Trend Micro Risk Insights for Splunk app connects your Splunk data with Trend
Vision One to access firewall and Web gateway activity for a variety of third-party products in the
Trend Vision One console.

Question 2
Which of the following is NOT a Risk Insights data source?
Office 365
Okta
Microsoft Azure Active Directory
Azure Sentinel

Question 1
A Mobile Device Management (MDM) solution is a pre-requisite for Trend Vision One
Mobile Security. True or False?
True
False
Mobile Security can be integrated with an MDM, in which case it is a pre-requisite, or with
Trend's Mobile Device Director (MDD). If a user cannot utilize an MDM or MDD in their
environment, administrators can integrate with a single sign-on or Active Directory to
invite users to install the Mobile Agent.

Question 2
Which of the following Trend Vision One Mobile Security features are available only on
Android devices? Select all that apply.
Wifi protection
Malware detection
Risky mobile app protection
Web reputation
Operation Dashboard

Question 1
Which of the following are valid data sources for the Operations Dashboard? Select all
that apply.
Azure Active Directory
 Trend Vision One Endpoint Sensor
Trend Micro Mobile Security
Trend Vision One Workbenches

Correct: The Trend Vision One Endpoint Sensor provides user, application, web
activities, and vulnerability assessment on monitored endpoints. Trend Micro Mobile
Security monitors cloud apps, mobile apps, threats, and user activities detected on
monitored mobile devices. Azure Active Directory provides user information and activity
data.

The Trend Vision One Workbench app provides a list of alerts triggered by detection
models, as well as incidents that correlate alerts. It is not a data source.

Question 2
The Operations Dashboard provides statistics based on data retrieved over which time
period?
The last 24 hours
The last 7 days
The last 30 days
The last 90 days
Correct: The Operations Dashboard app provides statistics based off the data for the last 30 days
and allows you to mitigate the risks found in your environment by providing remediation steps and
preventive measures
Risk Factors
Which of the following risk factors consider suspicious user activity when creating the risk
factor score? Select all that apply.
Anomaly detection
Vulnerability detection
Threat detection
Account compromise
Cloud Activity
The risk level value for a cloud app is based on which of the following? Select all that
apply.
 Maturity of the app
 Recent security breaches
  The app's security features
 Geographic region where the cloud app is hosted
Automating Operations

Question 1
Which of the following items is NOT required to use the Trend Vision One API?
 A Trend Vision One account configured with Single Sign-on
 Network access to Trend Vision One to submit the resource requests.
 A Trend Vision One role with permissions necessary to perform the requested tasks.
 An authentication token to accompany any requests submitted to Trend Vision One
through the API.
Correct:Single Sign-on is not a requirement to use the Trend Vision One APIs.

Question 2
Which of the following HTTP operations can be performed on Trend Vision One resources
using the API? Select all that apply.
 VIEW
 POST
 GET
 DEL
Correct: GET, DEL, POST, and PATCH are the 4 operations. VIEW is not one.