Professional Documents
Culture Documents
1 DLP Examen Revisado
1 DLP Examen Revisado
You have been tasked with researching an incident involving a sent email that contained
sensitive information regarding a project. You need to find out who the message was from,
who it was sent to, and the exact text of the message body. Which tab of the incident in
Forcepoint DLP should you use?
REPONSE: Forensics
QUESTION 2
REPONSE: Endpoints
QUESTION 3
QUESTION 4
Which Forcepoint DLP classifier will classify data by the presence of a keyword?
QUESTION 5
Your organization’s CFO is travelling and is being prevented from printing a document in their
hotel by the Forcepoint One Endpoint synchronized DLP policies. What is the DLP security
consideration for allowing a temporary bypass to the Forcepoint One Agent?
REPONSE: While the endpoint bypass is active, no content on that endpoint is analyzed and no
content is blocked in the event of a policy violation.
QUESTION 6
You are managing multiple Incident Responders and need to research who completed different
workflow operations for an incident. Which tab in the incident should you use while using the
Forcepoint Security Manager?
REPONSE: History
QUESTION 7
What is a limitation of the Forcepoint DLP Quick Policies?
QUESTION 8
You have been asked to create a policy to block messages that contain a reference to the
project “Many-Rivers_Over”. Which type of classifier should you use?
QUESTION 9
An administrator is unsure if a particular computer has received the latest policy updates from
the Forcepoint Security Manager. Where in the Forcepoint Security Manager UI can this
information be obtained?
QUESTION 10
What is the purpose of selecting a country when making predefined policy selections?
QUESTION 11
Your organization is using Splunk to streamline the correlation of incidents across multiple
security platforms. In order to have information explicitly sent there when DLP policies are
breached, what setting should you use?
QUESTION 13
REPONSE: The number of instances of the classifier that must be present to match this rule.
QUESTION 14
What Forcepoint DLP Incident Response task allows for externally created Python scripts to
execute supplemental actions on an incident?
QUESTION 15
An incident has occurred on an endpoint. You need to see the full details of the incident to find
out what happened. Which component of the Forcepoint Security Manager receives the
incident and inserts the properties into the database that is used to generate your report?
REPONSE: Tomcat
QUESTION 16
An administrator wants to be notified of the precise time that a rule-violating transaction
occurred. What dynamic variable is needed when configuring the notification template?
QUESTION 17
Your organization is concerned that some staff are scanning client forms and sending the image
files to themselves as email attachments. The size of the images ranges from small to large. You
would like to monitor this for a week to see if there is a problem. Which accuracy mode for
OCR allows you to do this?
REPONSE: Accurate
QUESTION 18
Some regular expressions will take a long time to process. Where can you find out the
processing time of a regular expression classifier?
QUESTION 19
When considering network email transactions, what is the state of the data?
REPONSE: Data-in-motion
QUESTION 20
What action should you perform to ensure all sensitive files in a specific location have a file
classification label applied?
QUESTION 21
What is the default Active Directory import schedule for the Forcepoint Security Manager?
REPONSE: Daily at 11 PM
QUESTION 22
You are in the process of virtualizing all the security appliances within your corporate
environment. In addition to ensuring that there is enough space for the core components of
the appliances, you want to ensure that you are correctly sizing for the Forcepoint DLP
Fingerprint Repository. What is the Forcepoint recommended maximum size for a Fingerprint
Repository?
REPONSE: 14 GB
QUESTION 23
You need to find out which administrator changed the status on a batch of tasks last Thursday.
Where will you find this information?
You have created discovery tasks to check that client and sales information is only stored in the
client database. Which of the following are beneficial when performing network discovery
tasks? (Select two)
QUESTION 25
What are two examples of remote workflow on incidents available with Forcepoint DLP?
(Select two)
QUESTION 26
You have received reports that the servers are very slow between 9:00 and 10:00 each
morning. Where do you check the CPU and memory usage of the Forcepoint DLP Server?
QUESTION 27
To ensure that the user who triggered a rule violation is sent a notification, which dynamic
variable must you use when configuring the notification template?
REPONSE: %Source%
QUESTION 28
When creating a custom user in Forcepoint DLP, what are the two minimum attributes? (Select
two)
REPONSE:
- Username
- Email address
QUESTION 29
REPONSE: Quarantine
QUESTION 30
What action must be used in an action plan to use the Employee Coaching feature on the
Forcepoint One Endpoint?
REPONSE: Confirm
QUESTION 31
In order to view a list of the predefined script classifiers, which section of Policy Management
> Content Classifiers would you access?
An administrator has been tasked to quickly identify who are the top violators, as well as the
top domains, where leaks occurred within a Forcepoint DLP environment. Which dashboard
report should the administrator use?
QUESTION 33
REPONSE: To act as a central control and repository for fingerprints, policies and forensics.
QUESTION 34
An administrator wants to send a notification when a rule is triggered. Which default action
plan accomplishes this?
QUESTION 35
To install the Forcepoint One Agent, where must the package builder files be placed on the
Forcepoint Security Manager?
QUESTION 37
When configuring an Active Directory import, which attribute must you use to test the results
of the connection?
A Forcepoint DLP Supplemental Server has been deployed with Optical Character Recognition
(OCR) installed. In order for OCR to be used by a Policy Engine, where must the configuration
be set in the Forcepoint Security Manager?
QUESTION 39
When configuring a custom Forcepoint DLP policy, what is selected on the Condition tab?
REPONSE: Classifiers
QUESTION 40
You want to create a policy that looks for the product name ReFillable. You want to keep the
number of false positives low. Which of these classifiers can be configured to be case sensitive?
(Select two)
REPONSE:
- Regular Expression
- Dictionary