Ex 2 KL

Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

Question 1

What happens when the extended KSN mode is enabled?

When the extended KSN mode is enabled, Kaspersky Security Center switches
to the KSN Proxy mode and starts caching all requests sent to the KSN cloud
When the extended KSN mode is enabled, extended statistical information is
sent to the KSN cloud; executable and non-executable files or their parts can also be
sent
When the extended KSN mode is enabled, Kaspersky Security Center
establishes a persistent communication channel to the KSN cloud and caches part
of the information from the KSN cloud on the local drive

Question 2
What is the purpose of virus scan tasks, if File Threat
Protection is permanently running on the computers with the
default settings?

They scan disk boot sectors


They scan files within archives, and thus decrease the risk of spreading infected
files inadvertently
They scan files of all formats, and thus decrease the risk of spreading infected
files inadvertently
They scan files on removable and network drives

Question 3
Consider Kaspersky Endpoint Security 11 for Windows. Which
of the following user actions can be limited with the help of
password protection configured in the policy?

Exit Kaspersky Endpoint Security


Stop Kaspersky Endpoint Security service
Disable control components
Uninstall Kaspersky Endpoint Security
Delete the key

Question 4
When does the Administration Server send packets to the UDP
port of the Network Agent?
Periodically (by default, once every 15 min)
At the administrator’s command Force synchronization
When the administrator creates a report
When the administrator adjusts settings applicable to the computer

Question 5
What does the network size selected in the Kaspersky Security
Center Administration Server installation wizard influence?

The schedule of group tasks


The limit of events in the Administration Server database
The Administration Console interface settings
The synchronization interval in the KSC Network Agent policy

Question 6
Where can you find the list of computers blocked by the
Network Threat Protection component?

In the local interface of Kaspersky Endpoint Security, in the Network


Monitor window that you can open via the shortcut menu of the Network Threat
Protection component
In the local interface of Kaspersky Endpoint Security, in the Network
Monitor window that you can open from the Protection Componentswindow
In Kaspersky Security Center Administration Console, in the properties of the
attacked computer, in the statistics window of the Kaspersky Endpoint Security for
Windows application
In Kaspersky Security Center Administration Console, in the node Advanced \
Repositories \ Quarantine

Question 7
Which networks are Trusted in the Firewall policy of Kaspersky
Endpoint Security 11 under the default settings?

None
127.0.0.1/32
192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
The networks to which the Administration Server is connected

Question 8
How to create a new installation package for Kaspersky
Endpoint Security in the Kaspersky Security Center console?

Open the folder with installation packages and make a copy of the directory that
contains a Kaspersky Endpoint Security package
Start the package creation wizard and specify the folder that contains Kaspersky
Endpoint Security installation files, which must include the description file with
the .kud extension
Start the package creation wizard and specify the self-extracting installer of
Kaspersky Endpoint Security, which can be downloaded from the Kaspersky Lab
website
Open the list of current application versions in Kaspersky Security Center
Administration Console, select the necessary version of Kaspersky Endpoint
Security, and click the button Download and create installation package

Question 9
If the administrator mistyped the Administration Server
address in the installation wizard, where can this address be
modified in the Administration Console?

In the properties of the Network Agent installation package


In the properties of the installation package of Kaspersky Endpoint Security
In properties of the node Advanced \ Remote installation \ Installation
packages
In the properties of the Administration Servernode

Question 10
What does the Firewall do with a packet if cannot find a
matching rule for it neither among packet rules, nor among
rules for applications?

Allows
Blocks
Prompts the user
The Firewall can always find a matching rule for a packet

Question 11
What version of SQL server is included in the Kaspersky
Security Center 10 SP3 Administration Server distribution?

Microsoft SQL Server 2008 R2 Express


Microsoft SQL Server 2014 Express
Microsoft SQL Server 2016 Compact
None of the above

Question 12
What does a closed lock mean near a parameter in a group
policy of Kaspersky Endpoint Security?

This parameter cannot be changed in the local interface of Kaspersky Endpoint


Security
This parameter cannot be changed in the subgroups’ policies (unless
inheritance is disabled)
This parameter can be changed only by the administrator who created the
policy
This parameter is password-protected

Question 13
Installation on which virtual platforms does the Kaspersky
Security Center 10 Administration Server support?

VMware vSphere
Microsoft Hyper-V Server
Citrix XenServer
KVM
VMware Workstation
Oracle VM VirtualBox
Parallels Desktop

Question 14
When does Network Agent connect to the Administration
Server?

When a packet arrives to the Agent’s UDP port from the Server
When there is an event to be sent to the Server
Periodically (by default, once every 15 min)
When the user logs on to the system

Question 15
An administrator of ABC Inc. needs to remotely install Network
Agent and Kaspersky Endpoint Security on five notebooks,
which have different local administrator accounts and are not
on the domain. What would you advise?

Create an individual remote installation task for each notebook


Create a single remote installation task and specify accounts of all
administrators there
Create a single remote installation task and run it five times; change the target
computer and the administrator account every time

Question 16
Which network polling methods are enabled by default in
Kaspersky Security Center 10 Administration Server?

Quick Windows Network Poll


Full Windows Network Poll
Active Directory polling
IP range polling

Question 17
The network is protected with Kaspersky Endpoint Security 11
and managed with Kaspersky Security Center 10. The
administrator has cleared the check box Display program
interface in the Kaspersky Endpoint Security policy 11 for
Windows. What CANNOT be hidden from the user?

Started processes of Kaspersky Endpoint Security


Started services of Kaspersky Endpoint Security
Kaspersky Endpoint Security in the list of installed programs
Kaspersky Endpoint Security icon in the notification area
Kaspersky Endpoint Security shortcut in the Startmenu

Question 18
Which resources, when blocked by the control components of
Kaspersky Endpoint Security 11 for Windows, can be
temporarily allowed with the help of a special access key
provided by the administrator?

Devices
Software
Web resources
None of the above

Question 19
Which of the following installation methods does NOT work if
the computer’s shared folders are NOT accessible over the
network?

Remote deployment using Windows resources


Installation from a standalone package
Remote installation using Active Directory
Installation using Network Agent

Question 20
Which component of Kaspersky Endpoint Security 11 for
Windows except Web Threat Protection takes part in
protection against phishing?

File Threat Protection


Mail Threat Protection
Web Control
None of the above

Question 21
Which of the following threats does Web Threat Protection
repel?

Attempts to download malicious files


Attempts to open a phishing website
Attempts to open a malicious website
Attempts to establish a secure connection to a website whose certificate is not
trusted

Question 22
Which of the following components of Kaspersky Endpoint
Security 11 for Windows does not use the KSN technology?
File Threat Protection
Virus Scan tasks
Exploit Prevention
Web Threat Protection
Network Threat Protection

Question 23
Where are installation logs of Kaspersky Endpoint Security and
Network Agent stored after a remote installation?

In %ProgramData%\Kaspersky Lab
In the user’s %Temp% folder
In the system %Temp% folder
In the root of the system drive

Question 24
Consider a network protected with Kaspersky Endpoint
Security 11 and managed through Kaspersky Security Center
10.
There is a group update task scheduled to start When new
updates are downloaded to the repository. The
databases are regularly updated in the repository, but the
group task starts on the client computers only after a planned
synchronization rather than immediately. Why?

UDP port 15000 is inaccessible on the client computer (for example, blocked by
the firewall)
UDP port 15000 is inaccessible on the Administration Server (for example,
blocked by the firewall)
Update agent is not assigned to the group
It is intended to function in this manner

Question 25
What happens when the cloud mode is enabled for the
protection components?

When the cloud mode is enabled for the protection components, Kaspersky
Endpoint Security uses a lite version of anti-virus databases, but sends more
requests to the KSN cloud
When the cloud mode is enabled for the protection components, Kaspersky
Endpoint Security sends extended statistical information to the KSN cloud and uses
the full version of anti-virus databases
When the cloud mode is enabled for the protection components, Kaspersky
Endpoint Security can send executable and non-executable files or their parts to the
KSN cloud

Question 26
Which of the following components of Kaspersky Endpoint
Security 11 for Windows provides proactive defense against
unknown threats by analyzing the sequence of actions
performed by a program?

Application Control
Host Intrusion Prevention
Behavior Detection

Question 27
Consider group A that contains a policy of Kaspersky Endpoint
Security 11. Group A has subgroup B, which also contains a
policy of Kaspersky Endpoint Security 11. Which settings can
be edited in the policy of group B?

Any
Only those parameters that are NOT locked in the policy of group A
Only those parameters that are locked in the policy of group A

Question 28
A third-party antivirus application has been incorrectly
uninstalled on a few computers. Kaspersky Endpoint Security
installation task finds its registry keys and returns an error.
The administrator wants to make the task ignore incompatible
applications. How to achieve this?

Clear the check box Uninstall incompatible applications automatically in


the properties of the installation task
Clear the check box Uninstall incompatible applications automatically in
the properties of the installation package of Kaspersky Endpoint Security
Clear the check box Uninstall incompatible applications automatically in
the properties of the installation package of Kaspersky Network Agent
You cannot do it through the Kaspersky Security Center Console
Question 29
A computer running Windows 2012 Server is protected with
Kaspersky Endpoint Security 11 having the default settings.
The administrator wants to use it as a print server, but no
prints are being successful. What would be the reason for
this?

Application Control blocks the start of the print server program


Host Intrusion Prevention blocks the main process of the print server
Firewall blocks network activity of the print server
The printer is blocked by Device Control

Question 30
Which of the following components of Kaspersky Endpoint
Security 11 for Windows can block executable file start?

Behavior Detection
Application Control
Host Intrusion Prevention
Device Control

Question 31
Consider Kaspersky Endpoint Security 11 and Kaspersky
Security Center 10. How can you tell which KL category a
particular executable file belongs to?

Consult the Executable files repository in the Administration Console


Consult the Application categories node in the Administration Console
Consult the Application Activity Monitor in the local interface of Kaspersky
Endpoint Security 11
None of the above

Question 32
With which utility can you check connection between the
Network Agent and the Administration Server and synchronize
their settings?

klmover.exe
klnagchck.exe
GetSystemInfo.exe

Question 33
Which program types does the installer of Kaspersky Security
Center Network Agent consider incompatible and try to
uninstall?

Third-party antiviruses
Third-party agents (such as ePO Agent)
Third-party backup tools
Third-party remote management tools (such as TeamViewer, VNC,
RemoteAdmin)
None

Question 34
What does the File Threat Protection scope include with the
default settings?

All removable drives


All hard drives
All network drives
Kernel Memory

Question 35
Under which conditions does Kaspersky Endpoint Security
switch to the out-of-office mode with the default settings?

None. Conditions are not specified by default


After an unsuccessful synchronization with the Administration Server
After three unsuccessful synchronizations with the Administration Server or
after all networks have been disconnected

Question 36
The administrator wants to configure the policy of Kaspersky
Endpoint Security 11 for Windows to prohibit the use of all
browsers except Internet Explorer in the company. For this
purpose, he or she creates an application category named
Browsers, which coincides with the Web Browsers KL
category, and prohibits its start. How should the
administrator configure the exclusion for Internet Explorer?

Create an exclusion for Internet Explorer in the created Browsers category


Create a category for Internet Explorer, create a rule allowing the start of
programs of this category and place it higher on the list than the rule that
prohibits Browsers
Create a category for Internet Explorer, create an allow rule for this category,
and move it to the bottom of the list of rules
This scenario cannot be implemented in Kaspersky Endpoint Security 11 for
Windows

Question 37
Kaspersky Security Center 10 uses a remote database. To
make a backup copy of all data stored in the database, the
administrator needs to:

Just run the Backup of Administration Server data task, everything will be
done automatically
Run the klbackup.exe utility on the computer where the database is located
Run the klbackup.exe utility on the Administration Server, but with the –
path switch
None of the above

Question 38
Consider Kaspersky Security Center 10. What data is included
into a backup copy of the Administration Server created with a
dedicated Kaspersky Security Center task?

The structure of managed computers


Regular (not stand-alone) application installation packages
The Administration Server database
The contents of the Updates repository

Question 39
Which of the following can the Mail Threat Protection
component of Kaspersky Endpoint Security 11 for Windows
do?

Scan webmail traffic


Filter e-mail attachments
Scan SMTP/POP3/IMAP/NNTP traffic
Scan MAPI traffic in Microsoft Office Outlook

Question 40
On a computer where Administration Server is installed, the
hard drive has failed and the data has been lost. Fortunately,
the administrator has a backup copy of the Administration
Server configuration and data, which was created by standard
tools of Kaspersky Security Center 10. How can the
administrator start the recovery procedure?

Use the recovery mode in the installation wizard of the Administration Server
Use the recovery mode in the Quick Start wizard of the Administration Server
Run the “Restore from backup” task in the Administration Console
Use a special utility for backup and restore

Question 41
How to make the Network Agent perform an unplanned
synchronization from the client side?

Carry out the command klnagchk without parameters


Carry out the command klnagchk -sync
Carry out the command klnagchk -sendhb
It is impossible

Question 42
Which of the listed below is a known limitation of the Web
Control component in Kaspersky Endpoint Security 11?

It can’t block content by data type over an https connection


It can’t block any website accessed over an https connection
It works only with the mainstream web browsers, such as Internet Explorer,
Mozilla Firefox, Google Chrome
None of the above

Question 43
Which connections are High Restricted applications prohibited
from establishing in Trusted networks under the default
settings?

None
DNS requests and connections over mail protocols
DNS, e-mail, remote desktop connections, and ICMP protocol
All

Question 44
Which updates will be downloaded to the Administration
Server repository by default in Kaspersky Security Center 10?

Only Kaspersky Endpoint Security 11 for Windows


Only for the Kaspersky Lab applications installed on the client computers and
those for which there are installation packages in the repository
Only for the components used by the Kaspersky Lab applications on the client
computers
For the applications whose plugins are installed on the Administration Server

Question 45
Which of the following installation methods does NOT work if
the computer is NOT on the domain?

Remote deployment using Windows resources


Installation from a standalone package
Remote installation using Active Directory
Installation using Network Agent

Question 46
You need a standalone installation package of Kaspersky
Endpoint Security 11 that automatically uninstalls
incompatible applications. How would you create one in
Kaspersky Security Center 10?

Any standalone installation package of Kaspersky Endpoint Security 11


automatically uninstalls incompatible applications
Select the check box Uninstall incompatible applications automatically in
the properties of the standalone installation package
Select the check box Uninstall incompatible applications automatically in
the properties of the normal installation package of Kaspersky Endpoint Security 11
prior to creating a standalone installation package
Select the check box Uninstall incompatible applications automatically in
the properties of the normal installation package of Kaspersky Network Agent prior
to creating a standalone installation package

Question 47
A workstation is managed remotely through Kaspersky
Security Center 10 with the default settings. Which of the
following events invoke pop-up notifications in the local
interface of Kaspersky Endpoint Security 11 for Windows?

Threats have been detected


Suspicious object detected
Network attack detected
Application startup prohibited

Question 48
Which permission is to be given to a trusted process in Trusted
zone of Kaspersky Endpoint Security to make File Threat
Protection NOT scan files the process accesses?

Do not scan opened files


Do not monitor application activity
Do not block interaction with the application interface
Special permissions are not necessary, File Threat Protection does not scan any
files accessed by trusted processes

Question 49
A network is protected with Kaspersky Endpoint Security 11
for Windows and managed by Kaspersky Security Center 10
with the default settings. The administrator disabled
displaying the Kaspersky Endpoint Security interface on
clients. Users have discovered the KES folders on the hard
drive and decided to try to get rid of the protection. How can
they do it, supposing they have local administrator rights?

Uninstall Kaspersky Endpoint Security


Uninstall Network Agent and then disable automatic startup of Kaspersky
Endpoint Security 11
Terminate the process of Kaspersky Endpoint Security
Stop the service of Kaspersky Endpoint Security

Question 50
Which component is NOT available in Kaspersky Endpoint
Security 11 for Windows?

Firewall
Device Control
File and Folder Backup
Full Disk Encryption

You might also like