QUESTION 1

You have been tasked with researching an incident involving a sent email that contained
sensitive information regarding a project. You need to find out who the message was from,
who it was sent to, and the exact text of the message body. Which tab of the incident in
Forcepoint DLP should you use?

REPONSE: Forensics

QUESTION 2

Where are transactions of the data-in-use state typically detected?

REPONSE: Endpoints
QUESTION 3

What is the purpose of batch operations in Forcepoint DLP?

REPONSE: They allow administrators to update or delete multiple items at once.

QUESTION 4

Which Forcepoint DLP classifier will classify data by the presence of a keyword?

REPONSE: Patterns & Phrases

QUESTION 5
Your organization’s CFO is travelling and is being prevented from printing a document in their
hotel by the Forcepoint One Endpoint synchronized DLP policies. What is the DLP security
consideration for allowing a temporary bypass to the Forcepoint One Agent?

REPONSE: While the endpoint bypass is active, no content on that endpoint is analyzed and no
content is blocked in the event of a policy violation.

QUESTION 6

You are managing multiple Incident Responders and need to research who completed different
workflow operations for an incident. Which tab in the incident should you use while using the
Forcepoint Security Manager?

REPONSE: History

QUESTION 7
What is a limitation of the Forcepoint DLP Quick Policies?

REPONSE: They cannot apply to specific types of transactions.

QUESTION 8

You have been asked to create a policy to block messages that contain a reference to the
project “Many-Rivers_Over”. Which type of classifier should you use?

REPONSE: Regular Expression

QUESTION 9
An administrator is unsure if a particular computer has received the latest policy updates from
the Forcepoint Security Manager. Where in the Forcepoint Security Manager UI can this
information be obtained?

REPONSE: Endpoint Status

QUESTION 10

What is the purpose of selecting a country when making predefined policy selections?

REPONSE: To set which predefined policies appear based on regional requirements.

QUESTION 11
Your organization is using Splunk to streamline the correlation of incidents across multiple
security platforms. In order to have information explicitly sent there when DLP policies are
breached, what setting should you use?

REPONSE: Send Syslog message

QUESTION 13

What is the threshold of a policy rule?

REPONSE: The number of instances of the classifier that must be present to match this rule.

QUESTION 14
What Forcepoint DLP Incident Response task allows for externally created Python scripts to
execute supplemental actions on an incident?

REPONSE: Run remediation script

QUESTION 15

An incident has occurred on an endpoint. You need to see the full details of the incident to find
out what happened. Which component of the Forcepoint Security Manager receives the
incident and inserts the properties into the database that is used to generate your report?

REPONSE: Tomcat

QUESTION 16
An administrator wants to be notified of the precise time that a rule-violating transaction
occurred. What dynamic variable is needed when configuring the notification template?

REPONSE: %Incident Time%

QUESTION 17

Your organization is concerned that some staff are scanning client forms and sending the image
files to themselves as email attachments. The size of the images ranges from small to large. You
would like to monitor this for a week to see if there is a problem. Which accuracy mode for
OCR allows you to do this?

REPONSE: Accurate

QUESTION 18
Some regular expressions will take a long time to process. Where can you find out the
processing time of a regular expression classifier?

REPONSE: Traffic log

QUESTION 19

When considering network email transactions, what is the state of the data?

REPONSE: Data-in-motion

QUESTION 20
What action should you perform to ensure all sensitive files in a specific location have a file
classification label applied?

REPONSE: Configure an Endpoint Discovery task to automatically label files identified by

specific conditions.

QUESTION 21

What is the default Active Directory import schedule for the Forcepoint Security Manager?

REPONSE: Daily at 11 PM

QUESTION 22
You are in the process of virtualizing all the security appliances within your corporate
environment. In addition to ensuring that there is enough space for the core components of
the appliances, you want to ensure that you are correctly sizing for the Forcepoint DLP
Fingerprint Repository. What is the Forcepoint recommended maximum size for a Fingerprint
Repository?

REPONSE: 14 GB

QUESTION 23

You need to find out which administrator changed the status on a batch of tasks last Thursday.
Where will you find this information?

REPONSE: Audit log

QUESTION 24

You have created discovery tasks to check that client and sales information is only stored in the
client database. Which of the following are beneficial when performing network discovery
tasks? (Select two)

QUESTION 25

What are two examples of remote workflow on incidents available with Forcepoint DLP?
(Select two)
QUESTION 26

You have received reports that the servers are very slow between 9:00 and 10:00 each
morning. Where do you check the CPU and memory usage of the Forcepoint DLP Server?

REPONSE: Status > System Health > Forcepoint DLP Server

QUESTION 27

To ensure that the user who triggered a rule violation is sent a notification, which dynamic
variable must you use when configuring the notification template?

REPONSE: %Source%
QUESTION 28

When creating a custom user in Forcepoint DLP, what are the two minimum attributes? (Select
two)

REPONSE:

- Username
- Email address

QUESTION 29

Which action plan only applies to the network email channel?

REPONSE: Quarantine
QUESTION 30

What action must be used in an action plan to use the Employee Coaching feature on the
Forcepoint One Endpoint?

REPONSE: Confirm

QUESTION 31

In order to view a list of the predefined script classifiers, which section of Policy Management
> Content Classifiers would you access?

REPONSE: Patterns & Phrases

QUESTION 32

An administrator has been tasked to quickly identify who are the top violators, as well as the
top domains, where leaks occurred within a Forcepoint DLP environment. Which dashboard
report should the administrator use?

REPONSE: Sources and Destinations

QUESTION 33

What is the purpose of the Forcepoint DLP Management Server?

REPONSE: To act as a central control and repository for fingerprints, policies and forensics.
QUESTION 34

An administrator wants to send a notification when a rule is triggered. Which default action
plan accomplishes this?

REPONSE: Audit and Notify

QUESTION 35

An organization has a compliance requirement to identify various unknown alphanumeric

strings in a specific format, “123-45-6789”. Which Forcepoint DLP classifier should be used?

REPONSE: Regular expressions

QUESTION 36

To install the Forcepoint One Agent, where must the package builder files be placed on the
Forcepoint Security Manager?

REPONSE: C:\Program Files (x86)\Websense\Data Security\client

QUESTION 37

When configuring an Active Directory import, which attribute must you use to test the results
of the connection?

REPONSE: Email address

QUESTION 38

A Forcepoint DLP Supplemental Server has been deployed with Optical Character Recognition
(OCR) installed. In order for OCR to be used by a Policy Engine, where must the configuration
be set in the Forcepoint Security Manager?

REPONSE: Deployment > System Modules

QUESTION 39

When configuring a custom Forcepoint DLP policy, what is selected on the Condition tab?

REPONSE: Classifiers
QUESTION 40

You want to create a policy that looks for the product name ReFillable. You want to keep the
number of false positives low. Which of these classifiers can be configured to be case sensitive?
(Select two)

REPONSE:

- Regular Expression
- Dictionary