Intel Security Certified Product Specialist Security Information Event Management (SIEM)



Similar documents
Intel Security Certified Product Specialist Data Loss Prevention Endpoint (DLPe)

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

Intel Security Certified Product Specialist

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Certified Assessment Specialist Network

McAfee Certified Product Specialist McAfee epolicy Orchestrator

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Concierge SIEM Reporting Overview

Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Implementing Cisco IOS Network Security v2.0 (IINS)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Security Operations Metrics Definitions for Management and Operations Teams

Redefining SIEM to Real Time Security Intelligence

GOOD PRACTICE GUIDE 13 (GPG13)

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

SANS Top 20 Critical Controls for Effective Cyber Defense

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Cisco Advanced Services for Network Security

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Payment Card Industry Data Security Standard

Total Protection for Compliance: Unified IT Policy Auditing

How To Buy Nitro Security

Achieving SOX Compliance with Masergy Security Professional Services

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Modular Network Security. Tyler Carter, McAfee Network Security

74% 96 Action Items. Compliance

CA Vulnerability Manager r8.3

Enabling Security Operations with RSA envision. August, 2009

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Injazat s Managed Services Portfolio

McAfee Server Security

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Security Information & Event Management (SIEM)

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

White Paper. PCI Guidance: Microsoft Windows Logging

White Paper. McAfee Web Security Service Technical White Paper

Hackers are here. Where are you?

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

How To Manage Security On A Networked Computer System

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Fundamentals of a Windows Server Infrastructure Course 10967A; 5 Days, Instructor-led

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Cisco Certified Security Professional (CCSP)

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cisco Remote Management Services for Security

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Architecture Overview

PCI Requirements Coverage Summary Table

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Security Policy for External Customers

Access FedVTE online at: fedvte.usalearning.gov

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

McAfee Total Protection Reduce the Complexity of Managing Security

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

End-user Security Analytics Strengthens Protection with ArcSight

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Cyber Security for NERC CIP Version 5 Compliance

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

IT Networking and Security

THE BLUENOSE SECURITY FRAMEWORK

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

North American Electric Reliability Corporation (NERC) Cyber Security Standard

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Fundamentals of a Windows Server Infrastructure MOC 10967

Configuration Information

Security Management. Keeping the IT Security Administrator Busy

NERC CIP VERSION 5 COMPLIANCE

McAfee Network Security Platform Administration Course

HP Certified Professional

CompTIA Security+ (Exam SY0-410)

Did you know your security solution can help with PCI compliance too?

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

CCNA Security 2.0 Scope and Sequence

ICANWK406A Install, configure and test network security

McAfee Security Architectures for the Public Sector

Description: Objective: Attending students will learn:

RSA Security Analytics

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Information Technology Solutions

Hosts HARDENING WINDOWS NETWORKS TRAINING

INCIDENT RESPONSE CHECKLIST

PCI Requirements Coverage Summary Table

How To Ensure The C.E.A.S.A

Transcription:

Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking for employees with the most up-to-date certifications on the most current techniques and technologies. In a well cited IDC White Paper, over 70% of IT Managers surveyed felt certifications are valuable for their team and were worth the time and money to maintain. Becoming Intel Security certified distinguishes you from other security professionals and helps validate that you have mastery of the critical skills covered by the certification exams. Earning a certification also proves your commitment to continued learning and professional growth. About Intel Security Certification Program Currently, Intel offers two industry-recognized certifications as part of our McAfee Security Certification Program: McAfee Certified Product Specialist and McAfee Certified Security Professional. The Intel Security Certified Product Specialist certifications are designed for candidates who administer a specific McAfee product, or suite of products, and have one to three years of experience with that product or product suite. This certification level allows candidates to demonstrate knowledge in the following key product areas: Highlights This guide has been developed as a resource for your preparation to take the Intel Security Certified Product Specialist SIEM Exam (MA0-104). The following information is provided: About the McAfee Security Certification Program Exam details Suggested resouces for exam preparation Knowledge domain topics Sample exam items Installation Configuration Management Basic architecture and troubleshooting The Intel Security Certified Security Professional certifications are designed for security practitioners penetration testers, auditors, consultants, administrators with one to three years of experience. This certification level allows candidates to demonstrate knowledge in the following high-level assessment areas: Profiling and inventorying Vulnerability identification Vulnerability exploitation Expanding influence About This Guide This guide is intended to help prepare you for the Intel Security Certified Security Professional Security Information Event Management (SIEM) exam. For more information about other certification exams or about the McAfee Certification program go to www.mcafee.com and select For Business, Services, and then Education Services.

Intel Security Certified Product Specialist Security Information Event Management (SIEM) This exam validates that the successful candidate has the knowledge and skills necessary to successfully install, configure, and manage a McAfee SIEM solution. It is intended for security professionals with one to three years of experience using McAfee SIEM products and associated technologies. Exam Details Associated exam: MA0-104 Associated Training: McAfee SIEM Administration 101 (4 days), McAfee SIEM Advanced Administration 201 (4 days) # of Questions: 60 Exam Duration: 615 minutes Passing Score: 62% Languages: English Exam Price: $150 USD (Exam prices are subject to change. Please visit the following link for exact pricing: www. prometric.com/mcafee.) Exam Preparation Suggested preparation for this exam is: 4 Days McAfee SIEM Administration 101 training (https://mcafee.netexam.com/catalog.html) 4 Days McAfee SIEM Administration 201 course (http://www.mcafee.com/us/services/product-training/index.aspx) Minimum of one year using McAfee SIEM McAfee ServicePortal (https://support.mcafee.com) Knowledge domains (see later in this guide) Sample questions (see later in this guide) Certificate Registration Intel Security has partnered with Prometric, a leading global provider of comprehensive testing and assessment services, to administer our certification program. Prometric makes the certification process easy from start to finish. With more than 5,000 global locations, you can conveniently test your knowledge and become McAfee Certified. To register for an exam, go to: www.prometric.com/mcafee. Exam Duration The Intel Security Certification Program has built in time to include the following actions during an exam challenge at each testing facility: Time to answer exam questions Time to review instructions and provide comments after completion Intel Security reserves the right to change the exam content and time requirements at any time. The most accurate means of obtaining this information is to contact the exam delivery provider on the day of your exam challenge. A notification appears on your screen before the exam begins that shows the maximum time allowed for answering the questions in that exam. Certification Transcripts Individuals who have passed an Intel Security certification exam are granted access to the Intel Security Certification Program Candidate site. On the site, you will find: Your official Intel Security Certification Program transcript and access to the transcript sharing tool The ability to download custom certification logos Additional information and offers for Intel Security-certified individuals Your contact preferences and profile News and promotions 2

McAfee SIEM Administration (4 days) Although formal training is not required prior to the exam, the McAfee SIEM Administration 101 (4 days) and/or the McAfee SIEM Administration 201 course is recommended. The McAfee SIEM Administration 101 course provides in-depth training on how to set up and administer the McAfee Security Information and Event Management (SIEM) solution. Using both lectures and practical lab exercises, the course shows you how to effectively implement the SIEM solution in a complex enterprise environment. The McAfee SIEM Administration 201 course uses guided demonstrations and independent lab environments to configure and use McAfee SIEM appliances to resolve security challenges typically found in an enterprise environment. To register for either or both of these courses, go to: http://www.mcafee.com/us/services/product-training/index.aspx Practical (Hands-on) Experience A minimum of one year of experience using McAfee SIEM and associated technologies. Recommended hands-on activities include but are not limited to: Solution planning Installation/upgrade Configuration Management Troubleshooting McAfee ServicePortal The McAfee SericePortal provides a single point of access to valuable tools and resources, such as: Documentation Security bulletins Technical articles Product downloads Tools To access the ServicePortal, go to: https://support.mcafee.com Intel Security Expert Center Community The Intel Security Expert Center is a community for McAfee product users. Here you will find valuable information for your McAfee products, such as Instructional videos and whitepapers Discussion feeds for experts and other users Guidelines to establish baselines and to harden your IT environment Ways to expedite monitoring, response, and remediation processes To access the Expert Center, go to: https://community.mcafee.com/community/business/expertcenter 3

Exam Knowledge Domains Networking Networking technology theory, principles and practices Data networking standards and protocols LAN and WAN technologies Network administration Network and routing protocols Baseline conditions Perimeter security Internal network security Basic infrastructure Sniffing/network monitoring TCP/IP and NAT/PAT Systems Client/server technology Group policy overview and security templates Web permissions and authorization Redundancy/fault tolerance/ high availability Drive encryption System administration Virtual environments Processors (CPUs) Baseline conditions System access and navigation Multi-server environments Operating systems Applications: Databases Redundancy Web protocols Baseline conditions Policies and Procedures Permissions, delegation and auditing Policies governing user access Role permissions Systems testing procedures Proactive Protection Scan policy Network password procedures Company security policies Device usage policies Change control procedures Product specific maintenance procedures Incident response procedures Role specific escalation procedures Corporate security controls Corporate security strategy Device access control Architecture and Integration/Best Practices Level of security required Problem isolation tools/ practices Industry security standard Security monitoring Security Foundation Firewall Computer viruses, spyware, and malware, spam Network threat prevention technologies Spyware protection technologies Firewall technologies and intrusion prevention Heuristic-based protection Authentication Vulnerabilities and remediation techniques Malware incidents Internal threats and attacks External threats and attacks Security protocols Cryptography Network security policies Network access control Common threats and vulnerabilities Operations and Administration Password management Network and support management tools and procedures Patch management Security alerts, front-line analysis and escalation Intrusion detection systems Monitoring tools Problem determination Incident and issue categorization Basic product functions Product policy configuration Product report generation Version controls Detailed product functions Protected materials 4

Sample Exam Items The following exam items are provided for review. These items are similar in style and content to those referenced in the Intel Security Certified Product Specialist SIEM exam. The answers are provided after the questions. 1. Which feature is accessed via the Receiver Properties? A Alarms B Data Source Profiles C Watchlists D Asset Management 2. Default Event Aggregation occurs on which of the following fields? A Signature ID B Username C Destination Port D Source Port 3. Which of the following components make up the functional SIEM stack? A Data Processing B Correlation C Mitigation D Policy Updating 4. Which of the following statements are NOT true concerning Global Threat Intelligence (GTI) Watchlists? A They are comprised of third-party threat advisories B They are comprised of Watchlists containing suspicious and malicious IP addresses C They are used as a scoring source D They are licensed from McAfee 5. ELM storage pools require what percentage of allocated space for mirroring overhead? A 1% B 5% C 10% D 20% 6. Specific event and network flow statistics were gathered from a network over a specific twelve hour period. Firewall produced 450,000 total events UNIX Servers produced 62,000 total events Web Applications produced 1,200,500 total events Routers produced 150,000,000 total flows With these statistics in mind, what is the total EPS for the network? A 3,511 B 3,472 C 3,500 D 3,510 7. Which of the following time zones is the default setting for the McAfee Enterprise Security Manager (ESM) system clock? A International Date Line West B Eastern Standard Time C Greenwich Mean Time D Geo-Location 8. While investigating malware, an analyst can narrow the search quickly by using which of the following watchlists in the McAfee SIEM? A Botnet - Control Channel B Malware Detections 5

C GTI Suspicious and Malicious D Passive DNS - Malware Domain 9. Which of the following statements about Child Data Sources is NOT true? A They will have VIPS, Policy and Agent rights B They will be displayed on the Receiver Properties > Data Sources table C They will appear on the System Navigation tree D They do not count towards the total number of data sources 10. Which of the following appliances contains an event database? A ESM B ADM C ELM D DEM Answer Key 1. B 2. A 3. B 4. A 5. C 6. A 7. C 8. C 9. D 10. A McAfee. Part of Intel Security. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.intelsecurity.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information