mcafee MA0-104 Exam Questions

Questions for the MA0-104 were updated on : Nov 21 ,2025

Page 1 out of 5. Viewing questions 1-15 out of 66

Question 1

What Firewall component is natively used by the McAfee SIEM appliances to protect the appliances
from unauthorized communications?

  • A. Iptables
  • B. McAfee Host Intrusion Prevention System (HIPS)
  • C. Linux Firewall
  • D. Access Control List (ACL)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which options within the Receiver properties should be selected to configure the device to respond
to ICMP echo requests?

  • A. Receiver ManagementAUpdate Device
  • B. Receiver Configuration\lnterface
  • C. Connedion\Status
  • D. Key Management Key Device
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following is the minimum number of CPUs required to build a virtual image Enterprise
Security Manager (ESM)?

  • A. Two units
  • B. Four units
  • C. Six units
  • D. Eight units
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following ports is the correct choice for use when configuring the database properties
of a McAfee Network Security Platform (NSP) Device Data Source?

  • A. 1433
  • B. 5432
  • C. 9001
  • D. 3306
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

In the context of McAfee SIEM, the local protected network address space is a variable referred to as.

  • A. TRUSTED_NET
  • B. INTERNAL_NET
  • C. EXTERNAL_NET
  • D. HOME_NET
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

If the maximum size for the Policy Change History log is reached, which of the following happens to
new entries?

  • A. No new entries are added to the log.
  • B. A new log file is created and the old one is archived.
  • C. The oldest entries will be deleted to make way for the new entries.
  • D. The newest entries will be buffered until an Administrator creates a new log file.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

The ESM supports five Authentication methods. The default login option uses the standard
Username and Password format. Which of the following are the other four methods available?

  • A. RADIUS, TACACS+, Active Directory, LDAP.
  • B. Active Directory, NTLM, TACACS+, LDAP.
  • C. LDAP, Active Directory, RADIUS, CAC.
  • D. CAC, LDAP, RADIUS,TACACS+.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

The Global Blacklist feature can be used to block specific traffic from which of the following devices?

  • A. Corporate Firewall
  • B. Application Data Monitor (ADM)
  • C. Event Receiver (ERC)
  • D. Nitro IPS
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Reports can be created by selecting the ESM System Properties window, the Reports Icon in the top
right of the ESM screen or by which of the following other method selecting the ESM System
Properties window, the Reports Icon in the top right of the ESM screen or by which of the following
other methods within Alarm Creation?

  • A. Actions tab
  • B. Conditions tab
  • C. Escalation tab
  • D. Summary tab
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following two appliances contain Event databases?

  • A. ELM and REC
  • B. ESM and ELM
  • C. ESM and REC
  • D. REC and ADM
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

If the SIEM Administrator deploys the Enterprise Security Manager (ESM) using the Federal
Information Processing Standards (FIPS) encryption mode, which of the following types of user
authentication will NOT be compliant with FIPS?

  • A. Windows Active Directory
  • B. Radius
  • C. Lightweight Directory Access Protocol (LDAP)
  • D. Local Authentication
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

A SIEM allows an organization the ability to correlate seemingly disparate streams of traffic into a
central console for analysis. This correlation, in many cases, can point out activities that might
otherwise go undetected This type of detection is also known as

  • A. anomaly based detection
  • B. behavioral based detection.
  • C. heuristic based detection.
  • D. signature based detection
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following features of the Enterprise Log Manager (ELM) can alert the user if any data
has been modified?

  • A. Integrity Check
  • B. SNMP Trap
  • C. Log Audit
  • D. ELM Database Check
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

The primary function of the Application Data Monitor (ADM) appliance is to decode traffic at layer

  • A. one for inspection.
  • B. three for inspection.
  • C. five for inspection.
  • D. seven for inspection.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

With regard to Data Source configuration and event collection what does the acronym CEF stand for?

  • A. Correlation Event Framing
  • B. Common Event Format
  • C. Common Event Framing
  • D. Condition Event Format
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2