Résumé de La Réponse Endpoint Kas Update

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 73

Résumé de la réponse

002.11.1 - Exam: Kaspersky Endpoint Security and Management [e]>Deployment


1. On which operating systems can Kaspersky Security Center 11 Administration Server NOT
be installed?
Correct answerWindows Server 2003

Windows Server 2008 R2

Correct answerWindows Vista

Windows 10

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

2. The administrator needs a standalone installation package of Kaspersky Endpoint Security


for Windows (11.1.0) that will automatically uninstall incompatible applications during the
installation. How would you create one in Kaspersky Security Center 11?

Any standalone package of Kaspersky Endpoint Security for Windows (11.1.0) automatically
uninstalls incompatible applications

Make sure that the check box "Uninstall incompatible applications automatically" is selected
in the properties of the regular installation package of Kaspersky Network Agent prior to
creating a standalone installation package

Make sure that the check box "Uninstall incompatible applications automatically" is selected
in the properties of the regular installation package of Kaspersky Endpoint Security 11.1 for
Windows prior to creating a standalone installation package

Incorrect answerSelect the check box "Uninstall incompatible applications automatically in


the properties" of the standalone installation package
3. Which level of permissions is sufficient for installing Kaspersky Endpoint Security for
Windows?

User

Domain administrator

Local administrator

Incorrect answerPower user


4. How can you find out when the Administration Server last polled the network to discover
computers?

In the properties of the "Unassigned devices" node


In the Administration Server events

Incorrect answerIn the properties of the "Advanced | Network poll" node

In the properties of the Administration Server node ("Advanced | Administration Server


operation statistics")

5. How many policies can you create in a single group of managed devices for Kaspersky
Endpoint Security?

5 at most

One per every version of Kaspersky Endpoint Security

Correct answerAs many as you want


6. Which group tasks and policies does the Quick Start wizard create on the Administration
Server when started from the MMC console?Partiellement correct 3/4
Correct answerA policy for Kaspersky Security Center Network Agent

A policy for Kaspersky Endpoint Security for Windows

An out-of-office policy for Kaspersky Endpoint Security for Windows

Incorrect answerA Virus Scan task for Kaspersky Endpoint Security for Windows

A Rollback task for Kaspersky Endpoint Security for Windows

Correct answerA ‘Find vulnerabilities and required updates’ task for Network Agent
Correct answerAn Update task for Kaspersky Endpoint Security for Windows
7. Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?

80 and 443

Incorrect answer15,000
Incorrect answer13291

8061

8060

8. Which component is NOT available in Kaspersky Endpoint Security 11.1 for Windows?

Firewall

Incorrect answerFull Disk Encryption


File and Folder Backup

Device Control

9. Select the correct statements about tasks in Kaspersky Security Center:Partiellement correct
1/2
Correct answerThe administrator can exclude a subgroup from a task’s scope
Incorrect answerThere are active and inactive tasks

To make task settings enforced on the computers, the respective locks must be closed

The administrator can create a task for a set of computers belonging to different groups

By default, subgroups’ tasks inherit settings of the parent group’s tasks (as far as tasks of the
same type are concerned)

There may not be more than one task for the same application in a group

10. How many concurrent active policies of Kaspersky Endpoint Security 11.1 for Windows
can there be within a single group?

Incorrect answer2 at most

As many as you want

11. Which network polling methods are enabled by default in Kaspersky Security Center 11
Administration Server?Partiellement correct 2/3
Correct answerQuick Windows Network Poll
Incorrect answerIP range polling
Correct answerActive Directory polling

Full Windows Network Poll

12. Which components are NOT available in Kaspersky Endpoint Security 11.1 for
Windows?

Host Intrusion Prevention

Windows Integrity Check

IM Anti-Virus

Incorrect answerWeb Control


Incorrect answerBitLocker Management
13. What does a closed lock mean near a parameter in a group policy of Kaspersky Endpoint
Security?
This parameter cannot be changed in the local interface of Kaspersky Endpoint Security

Incorrect answerThis parameter is password-protected


Incorrect answerThis parameter can be changed only by the administrator who created the
policy

This parameter cannot be changed in the subgroups’ policies (unless inheritance is disabled)

14. Group tasks and a protection policy are defined for Kaspersky Endpoint Security 11.1 for
Windows in the "Managed devices" group. You want to apply entirely different settings to a
particular subgroup. How can you achieve this?Partiellement correct 1/2

Exclude this subgroup from the parent policy

Exclude this subgroup from the parent group tasks

Correct answerCreate a new policy in the subgroup and disable inheritance in its settings
Incorrect answerCreate new group tasks in the subgroup and disable inheritance in their
settings

You can’t do this, tasks and policies are always inherited

15. A policy of Kaspersky Endpoint Security 11.1 for Windows is configured for group A.
Group A has subgroup B, which contains another policy of Kaspersky Endpoint Security 11.1
for Windows. Which settings can be edited in the policy of group B?Partiellement correct 1/2

Any

The parameters that are NOT locked in the policy of group A

The parameters that are locked in the policy of group A

Correct answerAny, if the "Inherit settings from upper-level policy" check box is cleared in
the group B policy
16. An administrator of ABC Inc. needs to remotely install Network Agent and Kaspersky
Endpoint Security on five notebooks, which have different local administrator accounts and
are not on the domain. What would you advise?

Create an individual remote installation task for each notebook

Incorrect answerCreate a single remote installation task and run it five times; change the
target computer and the administrator account every time

Create a single remote installation task and specify accounts of all administrators there

17. Which of the following operating systems does Kaspersky Endpoint Security for Windows (11.1.0)
support?
Incorrect answerAdministration Server communication ports

Shared folder location


SQL server address

Administration Server account

18. What does the Administration Server store in the KLSHARE shared folder?
Correct answerUpdates for managed products

Tasks and policies for managed computers

Database of events

Correct answerStandalone installation packages


Correct answerInstallation packages
19. When does Network Agent connect to the Administration Server?Partiellement correct 2/3
Correct answerWhen a packet arrives to the Agent’s UDP port from the Server
Incorrect answerWhen the user logs on to the system

Periodically (by default, once every 15 min)

Correct answerWhen there is an event to be sent to the Server


20. How can you achieve this?
Incorrect answerClear the check box "Uninstall incompatible applications automatically" in
the properties of the remote installation task

Clear the check box "Uninstall incompatible applications automatically" in the properties of
the installation package of Kaspersky Endpoint Security

Clear the check box "Uninstall incompatible applications automatically" in the properties of
the installation package of Kaspersky Network Agent

You cannot achieve this using the Kaspersky Security Center Administration Console

21. You are planning to deploy Kaspersky Endpoint Security for Business to implement a
centrally managed network protection. Which applications will you need to install on the
network computers?
Correct answerKaspersky Security Center
Correct answerKaspersky Security Center Network Agent

Kaspersky Endpoint Security for Windows Console

Correct answerKaspersky Endpoint Security for Windows

Microsoft SQL Server Agent

22. Consider Kaspersky Security Center 11 and Kaspersky Endpoint Security 11.1 for
Windows. You want to import the Active Directory structure to the structure of managed
computers. How to achieve this?
Correct answerUse a one-time relocation rule with the option to create missing groups for
organizational units
Incorrect answerUse the task "Synchronize Active Directory structure"
Correct answerUse the option to "Create groups structure" in the right-click menu of the
"Managed devices" node in the MMC console
Incorrect answerUse the option to "Create groups structure" in the Quick Start Wizard
23. The administrator starts the Administration Server Quick Start Wizard from the MMC
console. In which of the following cases will the wizard create a Send Reports task?

If the option More than 5000 networked devices has been selected in the Installation Wizard

The Quick Start Wizard does not create a Send Reports task

If the Installation Wizard finds a correctly configured local mail client

Correct answerIf email notification parameters have been specified in the Quick Start Wizard

Résumé de la réponse
002.11.1 - Exam: Kaspersky Endpoint Security and Management [e]>Protection management
24. How should the administrator disable the use of KSN in Kaspersky Endpoint Security
11.1 on the client computers?

Clear the check box that allows the use of KSN in the properties of the Administration Server

It is not possible

Incorrect answerReinstall the Administration Server and choose not to use KSN in the Quick
start wizard

Disable the use of KSN in Kaspersky Endpoint Security 11.1 policy

25. Which of the following components of Kaspersky Endpoint Security 11.1 for Windows
provides proactive defense against unknown threats by analyzing the sequence of actions
performed by a program?

AMSI Protection provider

Correct answerBehaviour Detection

Host Intrusion Prevention

26. Under which conditions does Kaspersky Endpoint Security switch to the out-of-office
mode with the enabled option "Switch to out-of-office policy when Administration Server is
not available"?

After an unsuccessful synchronization with the Administration Server

After an unsuccessful synchronization, if the client computer does not receive an answer to
the command "ping <Administration Server address>"
Incorrect answerAfter an unsuccessful synchronization, if the client computer fails to resolve
the Administration Server name

After three successive failed synchronizations with the Administration Server or after all
networks have been disconnected

27. Which networks are Trusted in the Firewall policy of Kaspersky Endpoint Security 11.1
under the default settings?

None

127.0.0.1/32

192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8

Incorrect answerThe networks to which the Administration Server is connected


28. Select the correct statements about Web Threat Protection of Kaspersky Endpoint
Security:Partiellement correct 2/3
Correct answerIt scans data in outbound connections
Correct answerIt scans data in secure connections (SSL/TLS)

It scans HTTP and FTP protocols

Incorrect answerIt scans data in inbound connections established from outside


29. Under which conditions does Kaspersky Endpoint Security switch to the out-of-office
mode with the default settings?

None. The conditions are not specified by default

After an unsuccessful synchronization with the Administration Server

Incorrect answerAfter three successive failed synchronizations with the Administration Server
or after all networks have been disconnected
30. How does Kaspersky Endpoint Security 11.1 for Windows protect against ransomware
that encrypts files?

It generates bitcoin cryptocurrency for the ransom in the background

Correct answerIt backs up documents and if a document gets encrypted by malware, it


restores it from a backup copy

It automatically brute-forces the key and decrypts the encrypted documents

Correct answerIt heuristically detects encryption attempts and blocks malware


31. What can the user do to access a removable drive?

Connect the drive to the USB port on the monitor

Use the "Pause protection and control" command in the right-click menu of Kaspersky
Endpoint Security in the notification area
None of the above

Correct answerSubmit a request and ask for access


32. In which of the following web browsers can’t Web Threat Protection of Kaspersky
Endpoint Security 11.1 for Windows block dangerous objects?

Internet Explorer

Mozilla Firefox

Google Chrome

Microsoft Edge

Correct answerNone of the above (meaning, it can block dangerous objects in all of them)
33. A user tries to download an infected object over HTTPS. Which component of Kaspersky
Endpoint Security 11.1 for Windows will be the first to detect it?

Web Threat Protection

Network Threat Protection

Host Intrusion Prevention

Incorrect answerFile Threat Protection


34. Which connections are High Restricted applications prohibited from establishing in
Trusted networks under the default settings?

None

Any

Incorrect answerDNS, email, remote desktop connections, and ICMP protocol

DNS requests and connections over mail protocols

35. How will Web Threat Protection scan https traffic under the default settings if a website
uses an EV certificate?

The certificate will NOT be substituted, https traffic will NOT be scanned

Correct answerAt the first connection, the certificate will be substituted, https traffic will be
scanned. At subsequent connections, the certificate will NOT be substituted, https traffic will
NOT be scanned

The certificate will be substituted, https traffic will be scanned

36. Consider Kaspersky Endpoint Security 11.1 for Windows. When the Behavior Detection
component recognizes dangerous activities, which of the following actions can it take?
Incorrect answerDisinfect
Delete the file

Incorrect answerMove the file to Quarantine

Terminate the program

37. What does the password that can be specified in the Network Agent policy prevent?

Network Agent uninstallation

Carrying out the command "send heartbeat" that forces a synchronization with the Server

Starting the "klnagchk.exe" and "klmover.exe" utilities

Incorrect answerStopping the Network Agent service

38. However, access to facebook.com has been blocked for everyone. Why?

The blocking rule is higher than the allowing rule on the list

The default allow rule is disabled

Incorrect answerWeb Control exclusions are to be specified in the "Trusted zone"

A blocking rule always has priority over allowing rules

39. A computer running Windows 7 is protected with Kaspersky Endpoint Security 11.1 for
Windows. You want to prohibit connecting USB scanners to it, but allow removable USB
drives. How can you achieve this?
Correct answerBlock "Cameras and scanners" in the Device Control

Kaspersky Endpoint Security cannot block USB scanners

Block USB bus in the Device Control

Block multifunctional devices in the Device Control

40. The administrator has included a USB flash drive in the list of trusted devices in the
Device Control policy of Kaspersky Endpoint Security 11.1 for Windows. Who can use this
drive?

Any user

Correct answerThe users specified in the policy by the administrator

Any user who has local administrative privileges


Only the administrator who made the device trusted in the policy

41. What should be changed to prohibit this possibility without affecting any other USB
devices?

Block "USB bus" in the Device Control

No way, such a device cannot be blocked by Kaspersky Endpoint Security 11.1 for Windows

Correct answerBlock "Portable devices (MTP)" in Device Control

Block multifunctional devices in the Device Control

42. Which actions can be specified in the Web Control rules of Kaspersky Endpoint Security
11.1 for Windows?
Correct answerAllow

Test

Correct answerWarn
Correct answerBlock
43. Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners
on the web pages visited by the users. How can you achieve this?
Incorrect answerEnable the Anti-Banner component

Enable the option to block banner links in the Web Threat Protection settings

Create a rule in the Web Control settings to block the content category "Banners"

None of the above

44. Select the best way to test the new rules prior to deploying them (without disabling those
currently implemented).
Incorrect answerSelect the "Notify" action in the settings of Application Control

In the Application Control window, check every new rule by pressing the "Static analysis"
button

Apply the policy to a small number of computers first

Select the "Test" status for the new rules

45. The update task of Kaspersky Endpoint Security for Windows has settings for the "Local
mode" and settings for the "Mobile mode". Under which conditions are update settings for the
"Mobile mode" used?

If the conditions of switching to the mobile mode (which are specified in the Network Agent
policy) are met, and an out-of-office policy is applied to the computer

Incorrect answerIf all sources specified in the settings for the local mode are inaccessible
If the conditions of switching to the mobile mode (which are specified in the Network Agent
policy) are met

An update task does not have update settings for mobile mode

46. The databases are regularly updated in the repository, but the group task starts on the
client computers only after a planned synchronization rather than immediately. Why?

UDP port 15000 is inaccessible on the client computer (for example, blocked by the firewall)

Incorrect answerThis schedule is expected to work in this manner by design

A Distribution Point is not assigned to the group

UDP port 15000 is inaccessible on the Administration Server (for example, blocked by the
firewall)

47. Consider Kaspersky Security Center 11. Which of the following conditions can make the
backup copying task return an error on the Administration Server?Partiellement correct 2/3
Correct answerThe Administration Server account has no "Write" permissions for the backup
target directory
Correct answerThe drive where the backup directory is located lacks free space
Incorrect answerThe "Download updates to the repository" task is running on the server
(backup copying cannot begin until the updating completes)

The database server account has no "Write" permissions for the backup target directory

48. How can you achieve this?


Incorrect answerModify the status change conditions in the policy of Kaspersky Endpoint
Security for Windows

Modify the status change conditions in the administration groups’ properties

Modify the status change conditions in the Administration Server properties

It is not possible

49. Where can you approve installation of a Maintenance Release of Kaspersky Endpoint
Security in the Kaspersky Security Center Web Console?
Incorrect answerOperations | Kaspersky Lab applications | Kaspersky Lab software updates
and patches

In the properties of the Kaspersky Endpoint Security Update task

Operations | Repositories | Installation packages

Operations | Kaspersky Lab applications | Seamless updates

50. About which events does Kaspersky Security Center notify the administrator under the
default settings?
Incorrect answerAbout all

About critical events of the Administration Server

About critical events of the Kaspersky Endpoint Security

About none

1. How does the remote installation task of Kaspersky Endpoint Security for Windows
(11.1.0) behave by default if a third-party protection application is detected on a computer?

Returns an error and prompts the administrator to uninstall the application manually

Prompts the user whether to uninstall the third-party protection application

Installs Kaspersky Endpoint Security, but completes with a warning that the third-party
protection application must be uninstalled

Correct answerUninstalls the third-party protection application automatically and proceeds


with the installation
2. How can the administrator enable editing for all settings of the subgroup's policy? Select all
applicable solutions.Partiellement correct 1/2
Correct answerClear the "Inherit settings from upper-level policy" check box in the group B
policy
Incorrect answerIn the policy of group A, exclude subgroup B from the policy scope

Make the group A policy inactive

Clear the "Force inheritance of settings in child policies" check box in the group A policy

3. ABC Inc. plans to deploy Kaspersky Endpoint Security on 10,000 endpoints and manage
protection through one Administration Server. Which database server would you recommend
to choose for Kaspersky Security Center?
Correct answerMicrosoft SQL Server Standard

MySQL Enterprise Edition

Microsoft SQL Server Express

MySQL Community Edition

4. How can you achieve this?

Clear the check box "Uninstall incompatible applications automatically" in the properties of
the remote installation task
Clear the check box "Uninstall incompatible applications automatically" in the properties of
the installation package of Kaspersky Endpoint Security

Clear the check box "Uninstall incompatible applications automatically" in the properties of
the installation package of Kaspersky Network Agent

Correct answerYou cannot achieve this using the Kaspersky Security Center Administration
Console
5. On which editions of Windows Server 2012 can Kaspersky Security Center 11
Administration Server be installed?
Correct answerFoundation
Correct answerEssentials
Correct answerStandard
Correct answerDatacenter

None of the above

6. You are planning to deploy Kaspersky Endpoint Security for Business to implement a
centrally managed network protection. Which applications will you need to install on the
network computers?
Correct answerKaspersky Security Center
Correct answerKaspersky Security Center Network Agent

Kaspersky Endpoint Security for Windows Console

Correct answerKaspersky Endpoint Security for Windows

Microsoft SQL Server Agent

7. Where does Kaspersky Security Center store events of the computers that the administrator
can see in the reports?

In text event logs

In Kaspersky Security Network

Correct answerIn the SQL/MySQL database

In the Windows Event Log

8. If the administrator mistyped the Administration Server address in the installation wizard,
where can this address be modified in the Administration Console?Partiellement correct 1/2

In the properties of the Network Agent installation package

Incorrect answerIn the "Administration Server" properties


Correct answerIn properties of the node "Advanced | Remote installation | Installation
packages" in the MMC console

In the properties of the installation package of Kaspersky Endpoint Security


9. Select the correct statement:
Incorrect answerIf a computer is included in several groups, the policy of the group that is
higher in the list is applied

If a computer is included in several groups, a policy is not applied to it

A computer cannot be included in several groups

If a computer is included in several groups, the policy that is higher in the Policies node is
applied to it

10. Which group tasks and policies does the Quick Start wizard create on the Administration
Server when started from the Web console?Partiellement correct 2/3
Correct answerA policy for Kaspersky Security Center Network Agent

A policy for Kaspersky Endpoint Security for Windows

An out-of-office policy for Kaspersky Endpoint Security for Windows

A Virus Scan task for Kaspersky Endpoint Security for Windows

A Rollback task for Kaspersky Endpoint Security for Windows

Incorrect answerA ‘Find vulnerabilities and required updates’ task for Network Agent
Correct answerAn Update task for Kaspersky Endpoint Security for Windows
11. Which level of permissions is sufficient for installing Kaspersky Endpoint Security for
Windows?

User

Incorrect answerDomain administrator

Local administrator

Power user

12. What does a closed lock mean near a parameter in a group policy of Kaspersky Endpoint
Security?
Correct answerThis parameter cannot be changed in the local interface of Kaspersky Endpoint
Security

This parameter is password-protected

This parameter can be changed only by the administrator who created the policy

Correct answerThis parameter cannot be changed in the subgroups’ policies (unless


inheritance is disabled)
13. Which components are NOT available in Kaspersky Endpoint Security 11.1 for
Windows?
Host Intrusion Prevention

Correct answerWindows Integrity Check

BitLocker Management

Web Control

Correct answerIM Anti-Virus


14. You want to organize computers into groups to be able to specify different protection
parameters for them. In which node of Kaspersky Security Center console are such groups to
be created?

Device selections

Policies

Unassigned devices

Correct answerManaged devices


15. Which program types does Kaspersky Endpoint Security installer consider to be
incompatible and try to delete?
Correct answerThird-party antiviruses

Third-party remote management tools (such as TeamViewer, VNC, RemoteAdmin, etc.)

Third-party backup tools

Correct answerThird-party firewalls


16. A policy of Kaspersky Endpoint Security 11.1 for Windows is configured for group A.
Group A has subgroup B, which contains another policy of Kaspersky Endpoint Security 11.1
for Windows. Which settings can be edited in the policy of group B?

Any

Correct answerThe parameters that are NOT locked in the policy of group A

The parameters that are locked in the policy of group A

Correct answerAny, if the "Inherit settings from upper-level policy" check box is cleared in
the group B policy
17. How many concurrent active policies of Kaspersky Endpoint Security 11.1 for Windows
can there be within a single group?

2 at most

5
Incorrect answerAs many as you want
18. The administrator needs a standalone installation package of Kaspersky Endpoint Security
for Windows (11.1.0) that will automatically uninstall incompatible applications during the
installation. How would you create one in Kaspersky Security Center 11?

Any standalone package of Kaspersky Endpoint Security for Windows (11.1.0) automatically
uninstalls incompatible applications

Incorrect answerMake sure that the check box "Uninstall incompatible applications
automatically" is selected in the properties of the regular installation package of Kaspersky
Network Agent prior to creating a standalone installation package

Make sure that the check box "Uninstall incompatible applications automatically" is selected
in the properties of the regular installation package of Kaspersky Endpoint Security 11.1 for
Windows prior to creating a standalone installation package

Select the check box "Uninstall incompatible applications automatically in the properties" of
the standalone installation package

19. When configuring a standalone installation package of Kaspersky Endpoint Security 11.1
for Windows in Kaspersky Security Center for computers that do not have access to the
network, how would you include custom protection settings into the package?
Incorrect answerExport the policy of Kaspersky Endpoint Security 11.1 for Windows with the
necessary settings to a file and copy this file into the folder that contains the standalone
package files

Export the settings from the local Kaspersky Endpoint Security interface and copy this file
into the folder where the standalone package is located

Export the settings from the local Kaspersky Endpoint Security interface and specify this file
as the configuration file in the properties of the regular installation package prior to creating a
standalone package

Export the policy of Kaspersky Endpoint Security 11.1 for Windows with the configured
settings to a file and specify this file as the configuration file in the properties of the regular
installation package prior to creating a standalone package

20. Consider Kaspersky Security Center 11. There is a "Virus scan" task in the "Managed
devices" group, and there is a subgroup named "Servers" for which you want to change the
schedule of anti-virus scanning. How can you achieve this?
Correct answerExclude the "Servers" subgroup from the scan scope of the "Virus scan" task
configured in the "Managed devices" group, and create another "Virus scan" task with the
necessary settings in the "Servers" subgroup

A task configured in a parental group always runs in a subgroup

Create another "Virus scan" task with the necessary settings in the "Servers" subgroup and
disable inheritance in its properties
Create another "Virus scan" task with the same name and the necessary settings in the
"Servers" subgroup; it will run instead of the parent group task

21. The administrator plans to use the SNMP protocol to receive messages from the
Administration Server and monitor statuses. However, the "SNMP agent" component is
missing from the list of Administration Server components in the installation wizard. Why?

"SNMP agent" is an Administration Console component, not a Server component

Correct answer"SNMP agent" is not displayed if the SNMP service (a component of


Windows operating system) is not installed on the computer

"SNMP agent" is always installed, it does not need to be selected as an option

The "SNMP agent" component has a separate installer

22. Which of the following database servers does Kaspersky Security Center 11 support?

Microsoft SQL Server 2005

Correct answerMicrosoft SQL Server 2008 R2


Correct answerMicrosoft SQL Server 2012
Correct answerMicrosoft SQL Server 2014
Correct answerMicrosoft SQL Server 2016
Correct answerMicrosoft SQL Server 2017
23. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows Server 2003

Microsoft Windows Server 2003 R2

Correct answerMicrosoft Windows Server 2008


Correct answerMicrosoft Windows Server 2008 R2
Correct answerMicrosoft Windows Server 2012
Correct answerMicrosoft Windows Server 2012 R2

Correct answerMicrosoft Windows Server 2016

24. Select the most correct description for the Remediation Engine component:

It monitors file operations and scans files being accessed

It intercepts software start attempts and blocks applications according to the rules configured
by the administrator
Incorrect answerIt analyzes individual operations performed by applications and prohibits
little-known applications from taking potentially dangerous actions

It logs actions taken by applications and can roll them back if the software demonstrates
dangerous activity patterns

25. You have found out that the Firewall hampers an application that belongs to the High
Restricted group. Which of the following measures can solve the issue?

Create allow packet rules for the application’s ports and protocols, and place them to the top
of the list of rules

Manually put the application’s executable files into the "Low restricted" or "Trusted" group in
the Kaspersky Endpoint Security policy

Add the application’s executable file to the list of paths excluded from scanning in the Trusted
zone

Incorrect answerAdd the application’s executable file to the list of trusted in the Trusted zone
and select the check box "Do not scan network traffic" for it
26. How should the administrator disable the use of KSN in Kaspersky Endpoint Security
11.1 on the client computers?

Clear the check box that allows the use of KSN in the properties of the Administration Server

Incorrect answerIt is not possible

Reinstall the Administration Server and choose not to use KSN in the Quick start wizard

Disable the use of KSN in Kaspersky Endpoint Security 11.1 policy

27. The administrator has decided to enable scanning for encrypted connections. Which
components of Kaspersky Endpoint Security will use it?Partiellement correct 2/3
Correct answerWeb Threat Protection

Mail Threat Protection

Incorrect answerAMSI Protection provider


Correct answerWeb Control

Adaptive Anomaly Control

28. A legitimate application that users need for their work is being categorized as "Untrusted"
and blocked by Kaspersky Endpoint Security 11.1 for Windows. You want to prevent this
without weakening protection too much. What are your options?
Correct answerManually put the application into a group other than "Untrusted" in the Host
Intrusion Prevention settings

Disable the Host Intrusion Prevention component


Disable the use of KSN

Correct answerAdd the application to the "Trusted zone" with the option "Do not monitor
application activity"
29. Which access to network do programs get that belong to the High Restricted group on
Microsoft Windows Server 2012 R2 protected with Kaspersky Endpoint Security 11.1 under
the default settings?
Incorrect answerNone, because the Host Intrusion Prevention component will block them

Access to trusted and local networks

Access only to trusted networks

Full network access

30. How does Kaspersky Endpoint Security 11.1 for Windows protect against ransomware that
encrypts files?

Allows the packet

Applies the rule that is lower in the list

Correct answerApplies the rule that is higher in the list

Blocks the packet

31. The user tries to connect to a website over https. Kaspersky Endpoint Security installed on
the computer is under the policy created by the Quick Start Wizard. An error occurs when
scanning encrypted traffic. What will happen in that case?
Incorrect answerKaspersky Endpoint Security will block the https connection to the website.
The user will see the corresponding pop-up notification by Kaspersky Endpoint Security

The website will be automatically added to the local list of exclusions (domains with secure
connection scan errors). Encrypted traffic will not be scanned for this website. The user will
successfully connect to the website

The https connection to the website will fail and return an error

32. Which connections are High Restricted applications prohibited from establishing in
Trusted networks under the default settings?

None

Incorrect answerAny

DNS, email, remote desktop connections, and ICMP protocol

DNS requests and connections over mail protocols


33. The administrator wants to prohibit notebooks from connecting to Wi-Fi while using a
wired connection. Which component of Kaspersky Endpoint Security can help to achieve
this?
Correct answerAnti-Bridging

Firewall

Host Intrusion Prevention

34. A user tries to download an infected object over HTTPS. Which component of Kaspersky
Endpoint Security 11.1 for Windows will be the first to detect it?
Correct answerWeb Threat Protection

Network Threat Protection

Host Intrusion Prevention

File Threat Protection

35. How does Host Intrusion Prevention select a trust level for a program?Partiellement
correct 1/2
Correct answerIt uses information from Kaspersky Security Network
Incorrect answerIt uses the results of background scanning by the online service
"virustotal.com"

It uses the trust levels explicitly specified in the policy

It uses a local heuristic algorithm

36. How does Kaspersky Endpoint Security 11.1 for Windows protect against ransomware
that encrypts files?

It generates bitcoin cryptocurrency for the ransom in the background

Correct answerIt backs up documents and if a document gets encrypted by malware, it


restores it from a backup copy

It automatically brute-forces the key and decrypts the encrypted documents

Correct answerIt heuristically detects encryption attempts and blocks malware


37. Where can you specify the conditions under which Kaspersky Endpoint Security 11.1 is to
switch to the out-of-office policy?
Incorrect answerIn the policy of Kaspersky Endpoint Security

In the group properties

In the Administration Server policy

The conditions are hard-coded and you cannot modify them


In the Network Agent policy

38. Which of the following is a known limitation of the Web Control component in Kaspersky
Endpoint Security 11.1 for Windows?

It can’t block content by data type over an https connection

It can’t block any website accessed over an https connection

It works only with the mainstream web browsers, such as Internet Explorer, Mozilla Firefox,
Google Chrome

Correct answerNone of the above


39. Which action is specified for Adaptive Anomaly Control rules in the Kaspersky Endpoint
Security policy by default?

Allow

Smart

Notify

Incorrect answerBlock
40. What should the administrator do to be able to create Application Control rules?

Create application categories in the Application Control settings

Incorrect answerCreate and run the "Inventory" task on at least one computer

Just wait for the databases to be updated on the Administration Server

Create application categories in the "Advanced | Application management | Application


categories" node on the Administration Server

41. Consider Kaspersky Security Center 11. The administrator selected the "Path to folder"
parameter as a condition for an application category and specified the "C:\Program Files\
Microsoft\" value. Which executable files will meet this condition?

The files whose checksums coincide with the checksums of the files that were located in
folder "С:\Program Files\Microsoft\" on the Administration Server when the category was
being created

The files whose path begins with "С:\Program Files\Microsoft\"

Incorrect answerThe files whose metadata coincides with the metadata of the files located in
"С:\Program Files\Microsoft\" on the Administration Server

The files whose checksums coincide with checksums of files located in "С:\Program Files\
Microsoft\" on the Administration Server. Every time the Administration Server is restarted,
the list of checksums is updated to reflect the current folder contents
42. The administrator of the АВС company needs to prohibit starting several programs in the
network. What is the best way to achieve this?

In Application Control, select the "Black list" mode and create allow rules for the applications
whose start is to be prohibited

Incorrect answerIn Application Control, select the "White list" mode and create block rules
for the applications whose start is to be prohibited

In Application Control, select the "White list" mode and create allow rules for the applications
whose start is to be prohibited

In Application Control, select the "Black list" mode and create block rules for the applications
whose start is to be prohibited

43. The administrator wants to configure Device Control settings in the policy of Kaspersky
Endpoint Security 11.1 for Windows, but the control options are not displayed in the policy.
How should the administrator fix this?

Load a Kaspersky Endpoint Security for Business "Advanced" license into Kaspersky
Security Center

Correct answerOpen the Kaspersky Security Center interface settings and select the "Display
endpoint control settings" check box

Run a "Change application components" task and select the "Standard" installation type
instead of the "Basic installation" type

None of the above

44. Which of the control components of Kaspersky Endpoint Security 11.1 for Windows can
apply access rules on schedule? Partiellement correct 1/2

Host Intrusion Prevention

Incorrect answerApplication Control

Adaptive Anomaly Control

Correct answerWeb Control

Device Control

45. How can you make the computers’ status normal again?

Delete the virus detection events from the Administration Server database

The status will normalize automatically in 24 hours

Delete the infected objects from the "Backup" repository


Correct answerCarry out the "Reset Virus Counter" command
46. With which utility can you check connection between the Network Agent and the
Administration Server and synchronize their settings?

klmover.exe

GetSystemInfo.exe

Correct answerklnagchck.exe
47. How can you achieve this?

It is not possible

Modify the status change conditions in the policy of Kaspersky Endpoint Security for
Windows

Correct answerModify the status change conditions in the administration groups’ properties

Modify the status change conditions in the Administration Server properties

48. How can the administrator start the recovery procedure?

Use the recovery mode in the installation wizard of the Administration Server

Correct answerUse a special utility for backup and restore

Run the “Restore from backup” task in the Administration Console

Use the recovery mode in the Quick Start wizard of the Administration Server

49. Which ports must be opened on the server for the client computers to be able to update
successfully?

HTTP port 80

TCP port 13000

Incorrect answerTCP ports 8060 and 8061

UDP ports 137 and 138, TCP ports 139 and 445

50. Consider Kaspersky Security Center 11. Which of the following conditions can make the
backup copying task return an error on the Administration Server?
Correct answerThe Administration Server account has no "Write" permissions for the backup
target directory
Correct answerThe drive where the backup directory is located lacks free space

The "Download updates to the repository" task is running on the server (backup copying
cannot begin until the updating completes)
Correct answerThe database server account has no "Write" permissions for the backup target
directory

1. Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?

80 and 443

15,000

13291

Correct answer8061
Correct answer8060
2. Select the correct statements about tasks in Kaspersky Security Center:Partially
correct 1/2

There are active and inactive tasks

There may not be more than one task for the same application in a group

Incorrect answerTo make task settings enforced on the computers, the respective locks must
be closed
Correct answerThe administrator can exclude a subgroup from a task’s scope

By default, subgroups’ tasks inherit settings of the parent group’s tasks (as far as tasks of the
same type are concerned)

The administrator can create a task for a set of computers belonging to different groups

3. Consider Kaspersky Security Center 11. There is a "Virus scan" task in the
"Managed devices" group, and there is a subgroup named "Servers" for which you
want to change the schedule of anti-virus scanning. How can you achieve this?
Correct answerExclude the "Servers" subgroup from the scan scope of the "Virus scan" task
configured in the "Managed devices" group, and create another "Virus scan" task with the
necessary settings in the "Servers" subgroup
A task configured in a parental group always runs in a subgroup

Create another "Virus scan" task with the necessary settings in the "Servers" subgroup and
disable inheritance in its properties

Create another "Virus scan" task with the same name and the necessary settings in the
"Servers" subgroup; it will run instead of the parent group task

4. You want to organize computers into groups to be able to specify different protection
parameters for them. In which node of Kaspersky Security Center console are such
groups to be created?

Device selections

Policies

Unassigned devices

Correct answerManaged devices


5. Which of the following components will NOT be installed under Windows Server 2012
from the default installation package of Kaspersky Endpoint Security 11.1 for
Windows?Partially correct 1/2

File Threat Protection

Correct answerMail Threat Protection

Network Threat Protection

Adaptive Anomaly Control


Application Control

Device Control

Incorrect answerAMSI Protection provider


6. How would you make this change?

Run the Quick Start wizard again

Correct answerModify the Administration Server address in the properties of the Network
Agent installation package

Modify the address in the Network Agent policy

Modify the address in the Administration Server policy

7. Which of the following are Kaspersky Security Center tasks?Partially correct 1/2
Correct answerPerform Windows Update synchronization

Change Administration group

Change Administration Server

Incorrect answerSynchronize Active Directory structure


8. Which policy settings are compulsory in Kaspersky Security Center?
Incorrect answerSettings of an active policy

Locked policy settings

Unlocked policy settings

9. Which of the following components can be used under the KESB Select license, but is
NOT installed by default in Kaspersky Endpoint Security?

IM Anti-Virus
Incorrect answerThere are no such components

BadUSB Attack Prevention

Network Threat Protection

10. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows XP

Microsoft Windows Vista

Correct answerMicrosoft Windows 7


Correct answerMicrosoft Windows 8
Correct answerMicrosoft Windows 8.1
Correct answerMicrosoft Windows 10
11. Which settings of the "Install applications remotely" task do you need to modify for
the installation to complete successfully?

Specify the license key

Correct answerSpecify the list of accounts to be used to run the task

Change the installation method

Nothing is to be changed

12. Which components are NOT available in Kaspersky Endpoint Security 11.1 for
Windows?

Host Intrusion Prevention

Correct answerWindows Integrity Check

BitLocker Management
Web Control

Correct answerIM Anti-Virus


13. The administrator plans to use the SNMP protocol to receive messages from the
Administration Server and monitor statuses. However, the "SNMP agent" component is
missing from the list of Administration Server components in the installation wizard.
Why?

"SNMP agent" is an Administration Console component, not a Server component

Correct answer"SNMP agent" is not displayed if the SNMP service (a component of


Windows operating system) is not installed on the computer

"SNMP agent" is always installed, it does not need to be selected as an option

The "SNMP agent" component has a separate installer

14. Which of the following capabilities are implemented as group tasks in Kaspersky
Endpoint Security for Windows (11.1.0)?
Correct answerUpdate
Correct answerChange Application Components

Network Threat Protection

Correct answerVirus Scan


15. Which of the following database servers does Kaspersky Security Center 11
support?
Correct answerMicrosoft SQL Server 2012
Correct answerMicrosoft SQL Server 2017 on Windows

Microsoft SQL Server 2017 on Linux

Amazon RDS for MySQL

Correct answerMicrosoft Azure SQL Database


Correct answerAmazon RDS for SQL Server
Correct answerMySQL Enterprise 5.7
16. Which of the following remote installation methods can be used in the "Install
Application remotely" task in Kaspersky Security Center 11 when the Network Agent is
not selected to be deployed?Partially correct 1/2
Incorrect answerUsing Group Policy Objects (GPO) in the Active Directory
Correct answerUsing Network Agent

Using operating system tools: Shared folders and remote procedure call (RPC)

Using Logon Scripts in the Active Directory

17. Which component is NOT available in Kaspersky Endpoint Security 11.1 for
Windows?

Firewall

Full Disk Encryption

Correct answerFile and Folder Backup

Device Control

18. How can the administrator enable editing for all settings of the subgroup's policy?
Select all applicable solutions.Partially correct 1/2
Correct answerClear the "Inherit settings from upper-level policy" check box in the group B
policy

In the policy of group A, exclude subgroup B from the policy scope

Make the group A policy inactive

Incorrect answerClear the "Force inheritance of settings in child policies" check box in the
group A policy
19. You are planning to deploy Kaspersky Endpoint Security for Business to implement
a centrally managed network protection. Which applications will you need to install on
the network computers?
Correct answerKaspersky Security Center
Correct answerKaspersky Security Center Network Agent
Kaspersky Endpoint Security for Windows Console

Correct answerKaspersky Endpoint Security for Windows

Microsoft SQL Server Agent

20. Which of the following virtual platforms does Kaspersky Security Center 11
support?
Correct answerVMware vSphere
Correct answerMicrosoft Hyper-V Server
Correct answerCitrix XenServer
Correct answerParallels Desktop
Correct answerVMware Workstation
Correct answerOracle VM VirtualBox

KVM

21. How to configure computer relocation rules?

Create a relocation rule and specify both conditions in it: The range of IP addresses and the
name mask

Relocation rules cannot solve this task

Create two relocation rules for the same group: In one of them, specify the IP range condition,
and in the other one, the name mask

Incorrect answerCreate a relocation rule and specify both conditions in it: The range of IP
addresses and the name mask, and also select the checkbox "Apply the rule if at least one of
the conditions is matched"
22. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows Server 2003

Microsoft Windows Server 2003 R2

Correct answerMicrosoft Windows Server 2008


Correct answerMicrosoft Windows Server 2008 R2
Correct answerMicrosoft Windows Server 2012
Correct answerMicrosoft Windows Server 2012 R2
Correct answerMicrosoft Windows Server 2016
23. Which of the following database servers does Kaspersky Security Center 11
support?

Microsoft SQL Server 2005

Correct answerMicrosoft SQL Server 2008 R2


Correct answerMicrosoft SQL Server 2012
Correct answerMicrosoft SQL Server 2014
Correct answerMicrosoft SQL Server 2016
Correct answerMicrosoft SQL Server 2017

24. How does Kaspersky Endpoint Security 11.1 for Windows protect against
ransomware that encrypts files?

It generates bitcoin cryptocurrency for the ransom in the background

Correct answerIt backs up documents and if a document gets encrypted by malware, it


restores it from a backup copy

It automatically brute-forces the key and decrypts the encrypted documents

Correct answerIt heuristically detects encryption attempts and blocks malware


25. You have found out that the Firewall hampers an application that belongs to the
High Restricted group. Which of the following measures can solve the issue?Partially
correct 1/2

Create allow packet rules for the application’s ports and protocols, and place them to the top
of the list of rules

Correct answerManually put the application’s executable files into the "Low restricted" or
"Trusted" group in the Kaspersky Endpoint Security policy
Incorrect answerAdd the application’s executable file to the list of paths excluded from
scanning in the Trusted zone

Add the application’s executable file to the list of trusted in the Trusted zone and select the
check box "Do not scan network traffic" for it

26. What can the user do to access a removable drive?


Use the "Pause protection and control" command in the right-click menu of Kaspersky
Endpoint Security in the notification area

None of the above

Correct answerSubmit a request and ask for access

Connect the drive to the USB port on the monitor

27. Which of the following can File Threat Protection of Kaspersky Endpoint Security
11.1 for Windows do?
Correct answerScan files on drives on access

Control access to the registry

Scan any files, regardless of the source and interception method

Scan files on drives on demand

28. Which parameters do you need to disable in the policy to stop Kaspersky Endpoint
Security from sending extended statistical information and files or their parts to the
KSN cloud?

Extended KSN mode

Incorrect answerKaspersky Security Network

Use of KSN Proxy

Cloud mode

29. What does the File Threat Protection scope include with the default settings?Partially
correct 1/3

All removable drives


Correct answerAll hard drives
Incorrect answerDisk boot sectors
Incorrect answerKernel Memory

All network drives

30. Which permission is to be given to a trusted process in Trusted zone of Kaspersky


Endpoint Security to make File Threat Protection NOT scan files that the process
accesses?

Do not scan opened files

Special permissions are not necessary, File Threat Protection does not scan any files accessed
by trusted processes

Do not block interaction with the application interface

Incorrect answerDo not monitor application activity


31. Under which conditions does Kaspersky Endpoint Security switch to the out-of-office
mode with the default settings?

None. The conditions are not specified by default

After an unsuccessful synchronization with the Administration Server

Incorrect answerAfter three successive failed synchronizations with the Administration Server
or after all networks have been disconnected
32. Into which trust group does Host Intrusion Prevention move programs by default for
which it cannot receive information from KSN?

Trusted

Low Restricted

High Restricted
Incorrect answerUntrusted
33. In which case can you comparatively safely disable scan of network drives by File
Threat Protection of Kaspersky Endpoint Security?

Web Threat Protection is enabled on the computers, which scans data transferred over the
network

Protection software is installed on the servers where network drives are located

A scheduled virus scan task is configured for the computers, which scans network drives

Incorrect answerNetwork Threat Protection is enabled on the computers, which scans data
transferred over the network
34. Which of the following protocols can be specified in the Firewall rules in Kaspersky
Endpoint Security 11.1 for Windows?

ARP

Correct answerTCP

SMTP

Correct answerICMP

SNMP

Correct answerUDP
35. Consider Kaspersky Endpoint Security 11.1 for Windows. Which of the following
actions can be limited with the help of password protection configured in the policy?
Partially correct 3/4
Correct answerExit Kaspersky Endpoint Security
Incorrect answerStop Kaspersky Endpoint Security service

Delete the key

Correct answerUninstall Kaspersky Endpoint Security


Correct answerDisable the Control components
36. The administrator has decided to enable scanning for encrypted connections. Which
components of Kaspersky Endpoint Security will use it?
Correct answerWeb Threat Protection
Correct answerMail Threat Protection

Adaptive Anomaly Control

Correct answerWeb Control

AMSI Protection provider

37. How should the administrator disable the use of KSN in Kaspersky Endpoint
Security 11.1 on the client computers?
Incorrect answerClear the check box that allows the use of KSN in the properties of the
Administration Server

It is not possible

Reinstall the Administration Server and choose not to use KSN in the Quick start wizard

Disable the use of KSN in Kaspersky Endpoint Security 11.1 policy

38. Consider Kaspersky Endpoint Security 11.1 and Kaspersky Security Center 11. How
can you tell which "KL category" a particular executable file belongs to?Partially correct
1/2

Consult the "Executable files" repository in the ММС Administration Console

Consult the "Application categories" node in the ММС Administration Console

Correct answerConsult the Application Activity Monitor in the local interface of Kaspersky
Endpoint Security 11.1

None of the above

39. Which action is specified for Adaptive Anomaly Control rules in the Kaspersky
Endpoint Security policy by default?
Incorrect answerAllow

Smart
Notify

Block

40. Which of the control components of Kaspersky Endpoint Security 11.1 for Windows
can apply access rules on schedule?Partially correct 1/2
Incorrect answerHost Intrusion Prevention

Application Control

Adaptive Anomaly Control

Correct answerWeb Control

Device Control

41. Which of the following web browsers does Web Control support in Kaspersky
Endpoint Security 11.1 for Windows?
Correct answerInternet Explorer
Correct answerMozilla Firefox
Correct answerGoogle Chrome

None of the above

42. Which of the control components permit specifying different limitations for different
users within Kaspersky Endpoint Security 11.1 for Windows?Partially correct 3/4
Correct answerApplication Control
Incorrect answerHost Intrusion Prevention

Adaptive Anomaly Control

Correct answerWeb Control


Correct answerDevice Control
43. You need to prohibit starting executable files from removable drives while allowing
the "Read" and "Write" operations. Which component of Kaspersky Endpoint Security
11.1 for Windows helps to perform this task?

Application Control
Host Intrusion Prevention

Adaptive Anomaly Control

Kaspersky Endpoint Security 11.1 for Windows cannot perform this task

Incorrect answerDevice Control


44. Consider Kaspersky Security Center 11. The administrator selected the "Path to
folder" parameter as a condition for an application category and specified the "C:\
Program Files\Microsoft\" value. Which executable files will meet this condition?

The files whose checksums coincide with the checksums of the files that were located in
folder "С:\Program Files\Microsoft\" on the Administration Server when the category was
being created

Correct answerThe files whose path begins with "С:\Program Files\Microsoft\"

The files whose metadata coincides with the metadata of the files located in "С:\Program
Files\Microsoft\" on the Administration Server

The files whose checksums coincide with checksums of files located in "С:\Program Files\
Microsoft\" on the Administration Server. Every time the Administration Server is restarted,
the list of checksums is updated to reflect the current folder contents

45. Consider Kaspersky Security Center 11. What data is included into a backup copy of
the Administration Server created with a dedicated Kaspersky Security Center task?
Correct answerThe structure of managed computers

Contents of the "Kaspersky Lab software updates and patches" storage

Correct answerThe Administration Server database


Correct answerRegular (non-standalone) application installation packages
46. The update task of Kaspersky Endpoint Security for Windows has settings for the
"Local mode" and settings for the "Mobile mode". Under which conditions are update
settings for the "Mobile mode" used?

An update task does not have update settings for mobile mode
If all sources specified in the settings for the local mode are inaccessible

Incorrect answerIf the conditions of switching to the mobile mode (which are specified in the
Network Agent policy) are met, and an out-of-office policy is applied to the computer

If the conditions of switching to the mobile mode (which are specified in the Network Agent
policy) are met

47. What is the default password in the "Backup of Administration Server data" task
created by the Quick Start wizard of Kaspersky Security Center 11?

kasperskylab

KasperskyLab

KL

Correct answerThere is no default password


48. The databases are regularly updated in the repository, but the group task starts on
the client computers only after a planned synchronization rather than immediately.
Why?
Correct answerUDP port 15000 is inaccessible on the client computer (for example, blocked
by the firewall)

This schedule is expected to work in this manner by design

A Distribution Point is not assigned to the group

UDP port 15000 is inaccessible on the Administration Server (for example, blocked by the
firewall)

49. How can you make the computers’ status normal again?

Delete the virus detection events from the Administration Server database
The status will normalize automatically in 24 hours

Delete the infected objects from the "Backup" repository

Correct answerCarry out the "Reset Virus Counter" command


50. Kaspersky Security Center 11 uses a remote database. To make a backup copy of all
data stored in the database, the administrator needs to:

Just run the "Backup of Administration Server data" task, everything will be done
automatically

Run the "klbackup.exe" utility on the computer where the database is located

Run the "klbackup.exe" utility on the Administration Server, but with the "–path" switch

Incorrect answerNone of the above

1. The administrator starts the Administration Server Quick Start Wizard from the Web
console. In which of the following cases will the wizard create a Send Reports task?

If the option More than 5000 networked devices has been selected in the installation wizard

The Quick Start wizard does not create the Send reports task

If the Installation Wizard finds a correctly configured local mail client

Incorrect answerIf email notification parameters have been specified in the Quick Start
Wizard
2. Which of the following components can be used under the KESB Select license, but is
NOT installed by default in Kaspersky Endpoint Security?
Incorrect answerIM Anti-Virus

There are no such components

BadUSB Attack Prevention

Network Threat Protection


3. Which of the following operating systems does Kaspersky Endpoint Security for Windows
(11.1.0) support?

Microsoft Windows Server 2019 Foundation

Correct answerMicrosoft Windows Server 2019 Datacenter


Correct answerMicrosoft Windows Server 2019 Standard
Correct answerMicrosoft Windows Server 2019 Essentials
4. Consider Kaspersky Security Center 11 and Kaspersky Endpoint Security 11.1 for
Windows. You want to import the Active Directory structure to the structure of managed
computers. How to achieve this?

Use the option to "Create groups structure" in the Quick Start Wizard

Use the task "Synchronize Active Directory structure"

Correct answerUse a one-time relocation rule with the option to create missing groups for
organizational units
Correct answerUse the option to "Create groups structure" in the right-click menu of the
"Managed devices" node in the MMC console
5. Which of the following operating systems does Kaspersky Endpoint Security for Windows
(11.1.0) support?

Microsoft Windows 10 Home

Microsoft Windows 10 Pro

Microsoft Windows 10 Education

Microsoft Windows 10 Enterprise

Correct answerAll of the above


6. Which level of permissions is sufficient for installing Kaspersky Endpoint Security for
Windows?

User

Domain administrator

Correct answerLocal administrator

Power user

7. How does the remote installation task of Kaspersky Endpoint Security for Windows
(11.1.0) behave by default if a third-party protection application is detected on a computer?

Returns an error and prompts the administrator to uninstall the application manually

Prompts the user whether to uninstall the third-party protection application


Installs Kaspersky Endpoint Security, but completes with a warning that the third-party
protection application must be uninstalled

Correct answerUninstalls the third-party protection application automatically and proceeds


with the installation
8. How can the administrator enable editing for all settings of the subgroup's policy? Select all
applicable solutions.
Correct answerClear the "Inherit settings from upper-level policy" check box in the group B
policy

In the policy of group A, exclude subgroup B from the policy scope

Correct answerMake the group A policy inactive

Clear the "Force inheritance of settings in child policies" check box in the group A policy

9. How would you make this change?

Run the Quick Start wizard again

Correct answerModify the Administration Server address in the properties of the Network
Agent installation package

Modify the address in the Network Agent policy

Modify the address in the Administration Server policy

10. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows Server 2003

Microsoft Windows Server 2003 R2

Correct answerMicrosoft Windows Server 2008


Correct answerMicrosoft Windows Server 2008 R2
Correct answerMicrosoft Windows Server 2012
Correct answerMicrosoft Windows Server 2012 R2
Correct answerMicrosoft Windows Server 2016
11. The administrator has selected to "Assign Network Agent installation in the Active
Directory group policies" in a remote installation task. How will the Network Agent
installation files get on the computers?

Computers will receive them from the domain controller together with the Active Directory
group policy

The Administration Server will copy the files to the computers’ temporary folders over the
network beforehand

Computers will download them from the shared folder on the domain controller
Correct answerComputers will download them from the shared folder on the Administration
Server
12. How to make the exclusion work on the computers immediately after Kaspersky Endpoint
Security is installed rather than after computers download the policy?

Move new computers to the group where the policy is configured before installing Kaspersky
Endpoint Security

Set the Network Agent’s synchronization interval to 0 minutes

Correct answerAdd a configuration file with the exclusion to the installation package of
Kaspersky Endpoint Security (you can export the settings on an already configured computer)

Export the policy to a file and copy it into the folder where the installation package files of
Kaspersky Endpoint Security are located

13. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows XP

Microsoft Windows Vista

Correct answerMicrosoft Windows 7


Correct answerMicrosoft Windows 8
Correct answerMicrosoft Windows 8.1
Correct answerMicrosoft Windows 10
14. Which of the following task types pertain to Kaspersky Endpoint Security for Windows
(11.1.0)?
Incorrect answerInstall application remotely

Change application components

Incorrect answerFind vulnerabilities and required updates

Uninstall application remotely

Integrity check

15. Which of the following virtual platforms does Kaspersky Security Center 11 support?
Correct answerVMware vSphere
Correct answerMicrosoft Hyper-V Server
Correct answerCitrix XenServer
Correct answerParallels Desktop
Correct answerVMware Workstation
Correct answerOracle VM VirtualBox

KVM
16. Under which scenario would a Kaspersky Endpoint Security 11.1 installation require a
system restart?

If the product is installed on a non-server operating system

If the Device Control component is installed

Correct answerIf a program incompatible with Kaspersky Endpoint Security 11.1 is detected
on the computer and the installer uninstalls it
Correct answerIf the product is installed on an operating system where Windows Defender is
enabled
17. Which of the following remote installation methods can be used in the "Install Application
remotely" task in Kaspersky Security Center 11 when the Network Agent is not selected to be
deployed?

Using Group Policy Objects (GPO) in the Active Directory

Correct answerUsing Network Agent


Correct answerUsing operating system tools: Shared folders and remote procedure call (RPC)

Using Logon Scripts in the Active Directory

18. Which of the following database servers does Kaspersky Security Center 11 support?

Microsoft SQL Server 2005

Correct answerMicrosoft SQL Server 2008 R2


Correct answerMicrosoft SQL Server 2012
Correct answerMicrosoft SQL Server 2014
Correct answerMicrosoft SQL Server 2016
Correct answerMicrosoft SQL Server 2017
19. There is a standalone package on the Administration Server that installs Kaspersky
Endpoint Security with the default set of components. How to make the package also install
the "BadUSB Attack Prevention" component?
Incorrect answerOpen the properties of the standalone package in the Administration Console
and select the necessary component

Open the folder where the standalone package is located and edit the installation string in
the .kud file

Open the folder where the standalone package is located and edit the list of components in the
.kud file

Select the component in the original Kaspersky Endpoint Security package and re-create the
standalone package

20. In which cases does the Administration Server update databases in the installation
packages of Kaspersky Endpoint Security

When the administrator clicks the button "Update databases" in the package properties
When the package is created

Incorrect answerDaily, after databases are updated in the repository


Incorrect answerEvery time after databases are updated in the repository
21. Which of the following versions of SQL server is included with the Kaspersky Security
Center 11 Administration Server distribution?

Microsoft SQL Server 2008 R2 Express

Incorrect answerMicrosoft SQL Server 2014 Express

Microsoft SQL Server 2016 Express

Microsoft SQL Server 2017 Express

None of the above

22. On which operating systems can Kaspersky Security Center 11 Administration Server be
installed?

Windows Server 2003

Correct answerWindows Server 2008 R2


Correct answerWindows 10
Correct answerWindows Server 2012 R2
Correct answerWindows Server 2016
Correct answerWindows Server 2019
23. Which functionality of Kaspersky Security Center is NOT available under the KESB
Select license?
Incorrect answerMobile Device Management

Control Components Management

Protection Components Management

Systems Management

24. How can you exclude a file from the File Threat Protection scope?
Correct answerAdd the path to the file or folder to the list of exclusions
Correct answerAdd the program that accesses the file to the list of trusted processes
Correct answerModify the protection scope of File Threat Protection
Correct answerAdd the certificate with which the file is signed to the computers’ certificate
store and configure an exclusion for this store

Set the file scan time limit to maximum

25. A user tries to download an infected object over HTTPS. Which component of Kaspersky
Endpoint Security 11.1 for Windows will be the first to detect it?
Correct answerWeb Threat Protection
Network Threat Protection

Host Intrusion Prevention

File Threat Protection

26. Which compound objects does File Threat Protection scan under the default settings?

Archives

Installation packages

Office files

Incorrect answerNone
27. Which of the following can the Mail Threat Protection component of Kaspersky Endpoint
Security 11.1 for Windows do?

Scan webmail traffic

Correct answerFilter email attachments


Correct answerScan SMTP/POP3/IMAP/NNTP traffic
Correct answerScan MAPI traffic in Microsoft Office Outlook
28. Consider Kaspersky Endpoint Security 11.1 for Windows. When the Behavior Detection
component recognizes dangerous activities, which of the following actions can it take?

Disinfect

Correct answerDelete the file

Move the file to Quarantine

Correct answerTerminate the program


29. In which case can you comparatively safely disable scan of network drives by File Threat
Protection of Kaspersky Endpoint Security?
Incorrect answerWeb Threat Protection is enabled on the computers, which scans data
transferred over the network

Protection software is installed on the servers where network drives are located

A scheduled virus scan task is configured for the computers, which scans network drives

Network Threat Protection is enabled on the computers, which scans data transferred over the
network

30. Which component or subsystem of Kaspersky Endpoint Security 11.1 for Windows causes
this behaviour?
Incorrect answerFirewall

Self-Defense
Behaviour Detection

Host Intrusion Prevention

None of the above

31. Nothing is copied, and Kaspersky Endpoint Security does not display any messages. What
has happened?
Incorrect answerThe flash drive has been blocked by the Device Control

File Threat Protection has detected and deleted the malware

Self-defense of Kaspersky Endpoint Security 11.1 has blocked access to the infected object on
the removable device

None of the above

32. What does the password that can be specified in the Network Agent policy prevent?
Correct answerNetwork Agent uninstallation

Carrying out the command "send heartbeat" that forces a synchronization with the Server

Starting the "klnagchk.exe" and "klmover.exe" utilities

Stopping the Network Agent service

33. Which component of Kaspersky Endpoint Security 11.1 for Windows except "Web Threat
Protection" takes part in protection against phishing?

File Threat Protection

Incorrect answerMail Threat Protection

Web Control

None of the above

34. What does the Firewall do with a packet that meets conditions of several rules, including
allow and block?

Allows the packet

Applies the rule that is lower in the list

Correct answerApplies the rule that is higher in the list

Blocks the packet


35. Under which conditions does Kaspersky Endpoint Security switch to the out-of-office
mode with the enabled option "Switch to out-of-office policy when Administration Server is
not available"?

After an unsuccessful synchronization with the Administration Server

After an unsuccessful synchronization, if the client computer does not receive an answer to
the command "ping <Administration Server address>"

After an unsuccessful synchronization, if the client computer fails to resolve the


Administration Server name

Correct answerAfter three successive failed synchronizations with the Administration Server
or after all networks have been disconnected
36. What does the File Threat Protection scope include with the default settings?
Correct answerAll removable drives
Correct answerAll hard drives

Disk boot sectors

Kernel Memory

Correct answerAll network drives


37. How does Kaspersky Endpoint Security 11.1 for Windows protect against ransomware
that encrypts files?

It generates bitcoin cryptocurrency for the ransom in the background

Correct answerIt backs up documents and if a document gets encrypted by malware, it


restores it from a backup copy

It automatically brute-forces the key and decrypts the encrypted documents

Correct answerIt heuristically detects encryption attempts and blocks malware

38. Consider Kaspersky Security Center 11. The administrator selected the "Path to folder"
parameter as a condition for an application category and specified the "C:\Program Files\
Microsoft\" value. Which executable files will meet this condition?

The files whose checksums coincide with the checksums of the files that were located in
folder "С:\Program Files\Microsoft\" on the Administration Server when the category was
being created

Correct answerThe files whose path begins with "С:\Program Files\Microsoft\"

The files whose metadata coincides with the metadata of the files located in "С:\Program
Files\Microsoft\" on the Administration Server
The files whose checksums coincide with checksums of files located in "С:\Program Files\
Microsoft\" on the Administration Server. Every time the Administration Server is restarted,
the list of checksums is updated to reflect the current folder contents

39. The administrator of the АВС company needs to prohibit starting several programs in the
network. What is the best way to achieve this?

In Application Control, select the "Black list" mode and create allow rules for the applications
whose start is to be prohibited

In Application Control, select the "White list" mode and create block rules for the applications
whose start is to be prohibited

Incorrect answerIn Application Control, select the "White list" mode and create allow rules
for the applications whose start is to be prohibited

In Application Control, select the "Black list" mode and create block rules for the applications
whose start is to be prohibited

40. What should the administrator do to be able to create Application Control rules?

Create application categories in the Application Control settings

Create and run the "Inventory" task on at least one computer

Incorrect answerJust wait for the databases to be updated on the Administration Server

Create application categories in the "Advanced | Application management | Application


categories" node on the Administration Server

41. Which resources, when blocked by the control components of Kaspersky Endpoint
Security 11.1 for Windows, can be temporarily allowed with the help of a special access key
provided by the administrator?
Correct answerDevices

Software

Web resources

None of the above

42. Which executable files will get into this category?

The files whose MD5 checksum coincides with the checksum of a file located in "C:\Program
Files\Microsoft\" on the Administration Server

Incorrect answerThe files whose metadata coincides with the metadata of the files located in
"С:\Program Files\Microsoft\" on the Administration Server
The files that have the same certificate as any of the files located in "С:\Program Files\
Microsoft\" on the Administration Server

The files whose SHA-256 checksum coincides with the checksum of a file located in "С:\
Program Files\Microsoft\" on the Administration Server

43. However, access to facebook.com has been blocked for everyone. Why?
Correct answerThe blocking rule is higher than the allowing rule on the list

The default allow rule is disabled

Web Control exclusions are to be specified in the "Trusted zone"

A blocking rule always has priority over allowing rules

44. Which removable drive access operations can Device Control allow or block in Kaspersky
Endpoint Security 11.1 for Windows?
Correct answerRead

Execute

Device Control cannot block specific removable drive access operations

Delete

Correct answerWrite

45. The update task of Kaspersky Endpoint Security for Windows has settings for the "Local
mode" and settings for the "Mobile mode". Under which conditions are update settings for the
"Mobile mode" used?

An update task does not have update settings for mobile mode

If all sources specified in the settings for the local mode are inaccessible

If the conditions of switching to the mobile mode (which are specified in the Network Agent
policy) are met, and an out-of-office policy is applied to the computer

Correct answerIf the conditions of switching to the mobile mode (which are specified in the
Network Agent policy) are met
46. Consider Kaspersky Security Center 11. What data is included into a backup copy of the
Administration Server created with a dedicated Kaspersky Security Center task?
Correct answerThe structure of managed computers

Contents of the "Kaspersky Lab software updates and patches" storage

Correct answerThe Administration Server database


Correct answerRegular (non-standalone) application installation packages
47. How can you make the Network Agent perform an unplanned synchronization from
the client side?
Incorrect answerCarry out the "klnagchk" command without parameters

It is impossible

Carry out the command "klnagchk -sendhb"

Carry out the command "klnagchk -sync"

48. Which ports must be opened on the server for the client computers to be able to update
successfully?

HTTP port 80

Correct answerTCP port 13000

TCP ports 8060 and 8061

UDP ports 137 and 138, TCP ports 139 and 445

49. Kaspersky Security Center 11 uses a remote database. To make a backup copy of all data
stored in the database, the administrator needs to:

Just run the "Backup of Administration Server data" task, everything will be done
automatically

Run the "klbackup.exe" utility on the computer where the database is located

Incorrect answerRun the "klbackup.exe" utility on the Administration Server, but with the "–
path" switch

None of the above

50. Which parameters of the new Administration Server must be the same as those of the old
one for the clients to be able to connect successfully?

MAC address and default gateway

Incorrect answerDNS server address

IP address, NetBIOS name, or DNS name—depending on the connection settings configured


on the clients

None of the above


002.11.1 - Exam: Kaspersky Endpoint Security and Management [e]>Deployment
1. You want to publish installation packages in Active Directory via the Kaspersky Security
Center 11 Administration Server. Which installation packages can be published this way?
Incorrect answerAny packages available in the "Installation packages" repository

Packages of Kaspersky Lab products only

Only Kaspersky Network Agent packages

None

2. What does a closed lock mean near a parameter in a group policy of Kaspersky Endpoint
Security?
Correct answerThis parameter cannot be changed in the local interface of Kaspersky Endpoint
Security

This parameter is password-protected

This parameter can be changed only by the administrator who created the policy

Correct answerThis parameter cannot be changed in the subgroups’ policies (unless


inheritance is disabled)
3. Which of the following capabilities are implemented as group tasks in Kaspersky Endpoint
Security for Windows (11.1.0)?
Correct answerUpdate
Correct answerChange Application Components

Network Threat Protection

Correct answerVirus Scan


4. The administrator has selected to "Assign Network Agent installation in the Active
Directory group policies" in the remote installation task. When will the Network Agent
installation be finished on the target computers?

In a few minutes after the task starts

The next time that the users log on to the domain from the target computers

At the next restart of the computers

Incorrect answerIn a few minutes after the computers receive the Active Directory group
policy
5. ABC Inc. plans to deploy Kaspersky Security Center and Kaspersky Endpoint Security in a
network segment where there is no access to the Internet. What is the best way to activate the
products in this case?
With a key file

Any activation method can be used

Incorrect answerWith an activation code


6. Which of the following operating systems does Kaspersky Endpoint Security for Windows
(11.1.0) support?

Microsoft Windows Server 2019 Foundation

Correct answerMicrosoft Windows Server 2019 Datacenter


Correct answerMicrosoft Windows Server 2019 Standard
Correct answerMicrosoft Windows Server 2019 Essentials
7. Which of the following operating systems does Kaspersky Security Center 11 NOT
support?

Microsoft Windows XP Pro SP2

Microsoft Windows Vista

Microsoft Windows 7 Ultimate SP1

Incorrect answerMicrosoft Windows 8 Pro


Incorrect answerMicrosoft Windows 10 Enterprise
8. How does the remote installation task of Kaspersky Endpoint Security for Windows
(11.1.0) behave by default if a third-party protection application is detected on a computer?

Returns an error and prompts the administrator to uninstall the application manually

Prompts the user whether to uninstall the third-party protection application

Installs Kaspersky Endpoint Security, but completes with a warning that the third-party
protection application must be uninstalled

Correct answerUninstalls the third-party protection application automatically and proceeds


with the installation
9. Which of the following installation methods does NOT work if the computer’s shared
folders are NOT accessible over the network?

Remote deployment using Windows resources

Installation using Network Agent

Incorrect answerRemote installation using Active Directory

Installation from a standalone package

10. Which port of the Administration Server do Network Agents connect to under the default
settings?
Correct answerTCP 13000
UDP 15000

TCP 13291

TCP 14000

11. On which operating systems can Kaspersky Security Center 11 Administration Server
NOT be installed?
Correct answerWindows Server 2003

Windows Server 2008 R2

Correct answerWindows Vista

Windows 10

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

12. The administrator has selected to "Assign Network Agent installation in the Active
Directory group policies" in a remote installation task. How will the Network Agent
installation files get on the computers?

Computers will receive them from the domain controller together with the Active Directory
group policy

The Administration Server will copy the files to the computers’ temporary folders over the
network beforehand

Computers will download them from the shared folder on the domain controller

Correct answerComputers will download them from the shared folder on the Administration
Server
13. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?Partiellement correct 1/2

Microsoft Small Business Server 2011

Correct answerMicrosoft Windows Server 2012 Foundation


Incorrect answerMicrosoft Windows Server 2012 R2 Server Core Mode

Microsoft Windows Embedded Enterprise

14. Which group tasks and policies does the Quick Start wizard create on the Administration
Server when started from the MMC console?Partiellement correct 3/4
Correct answerA policy for Kaspersky Security Center Network Agent
A policy for Kaspersky Endpoint Security for Windows

An out-of-office policy for Kaspersky Endpoint Security for Windows

Incorrect answerA Virus Scan task for Kaspersky Endpoint Security for Windows

A Rollback task for Kaspersky Endpoint Security for Windows

Correct answerA ‘Find vulnerabilities and required updates’ task for Network Agent
Correct answerAn Update task for Kaspersky Endpoint Security for Windows
15. When does Network Agent connect to the Administration Server?
Correct answerWhen a packet arrives to the Agent’s UDP port from the Server

When the user logs on to the system

Correct answerPeriodically (by default, once every 15 min)


Correct answerWhen there is an event to be sent to the Server
16. Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?

80 and 443

15,000

13291

Correct answer8061
Correct answer8060
17. Which program types does the installer of Kaspersky Security Center Network Agent
consider to be incompatible and try to delete?
Incorrect answerThird-party antiviruses

Third-party agents (such as ePO Agent)

Third-party backup tools

Third-party remote management tools (such as TeamViewer, VNC, RemoteAdmin, etc.)

None

18. Which components of Kaspersky Endpoint Security for Windows (11.1.0) can NOT be
installed on a server operating system?Partiellement correct 1/3

Adaptive Anomaly Control

Incorrect answerBehavior Detection


Correct answerHost Intrusion Prevention

Device Control
Incorrect answerAMSI Protection provider

Application Control

19. Which of the following are Kaspersky Security Center tasks?Partiellement correct 1/2
Correct answerPerform Windows Update synchronization
Incorrect answerChange Administration group

Change Administration Server

Synchronize Active Directory structure

20. Which of the following components will NOT be installed under Windows Server 2012
from the default installation package of Kaspersky Endpoint Security 11.1 for Windows?
Partiellement correct 1/2

File Threat Protection

Correct answerMail Threat Protection


Incorrect answerNetwork Threat Protection

Adaptive Anomaly Control

Application Control

Device Control

AMSI Protection provider

21. Which level of permissions is sufficient for installing Kaspersky Endpoint Security for
Windows?

User

Domain administrator

Correct answerLocal administrator

Power user

22. How to make the exclusion work on the computers immediately after Kaspersky Endpoint
Security is installed rather than after computers download the policy?

Move new computers to the group where the policy is configured before installing Kaspersky
Endpoint Security

Set the Network Agent’s synchronization interval to 0 minutes

Correct answerAdd a configuration file with the exclusion to the installation package of
Kaspersky Endpoint Security (you can export the settings on an already configured computer)
Export the policy to a file and copy it into the folder where the installation package files of
Kaspersky Endpoint Security are located

23. How can the administrator enable editing for all settings of the subgroup's policy? Select
all applicable solutions.
Correct answerClear the "Inherit settings from upper-level policy" check box in the group B
policy

In the policy of group A, exclude subgroup B from the policy scope

Correct answerMake the group A policy inactive

Clear the "Force inheritance of settings in child policies" check box in the group A policy

24. How can they do it, supposing they have local administrator rights?Partiellement correct
1/2

Uninstall Kaspersky Endpoint Security

Stop the service of Kaspersky Endpoint Security

Terminate the process of Kaspersky Endpoint Security

Correct answerUninstall Network Agent and then disable automatic startup of Kaspersky
Endpoint Security 11.1
25. Select the correct statements about exclusions for files and folders in Kaspersky Endpoint
Security:
Correct answerYou can use environment variables, such as "%programfiles%"
Correct answerA folder’s path must end with "\"

You can use regular expressions, such as "@"\w\\(?:Ft|Dev)\\Branch\\?$""

Correct answerYou can use wildcards: "?" and "*"


26. How does Host Intrusion Prevention select a trust level for a program?
Correct answerIt uses information from Kaspersky Security Network

It uses the results of background scanning by the online service "virustotal.com"

Correct answerIt uses the trust levels explicitly specified in the policy

It uses a local heuristic algorithm

27. Which of the following components of Kaspersky Endpoint Security 11.1 for Windows
does not use the KSN technology?

File Threat Protection


Virus Scan tasks

Network Threat Protection

Incorrect answerWeb Threat Protection

Exploit Prevention

28. The administrator wants to prohibit notebooks from connecting to Wi-Fi while using a
wired connection. Which component of Kaspersky Endpoint Security can help to achieve
this?
Correct answerAnti-Bridging

Firewall

Host Intrusion Prevention

29. How can the administrator consult the list of domains with secure connection scan errors?

Via the Administration Console, in the computer properties

Only in the local interface of Kaspersky Endpoint Security on the user’s computer

Incorrect answerVia the Administration Console (in the computer properties), or in the local
interface of Kaspersky Endpoint Security
30. The administrator has decided to enable scanning for encrypted connections. Which
components of Kaspersky Endpoint Security will use it?
Correct answerWeb Threat Protection
Correct answerMail Threat Protection

AMSI Protection provider

Correct answerWeb Control

Adaptive Anomaly Control

31. What happens when the cloud mode is enabled for the protection components?

When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security
uses a lite version of anti-virus databases, but sends more requests to the KSN cloud

When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security
can send executable and non-executable files or their parts to the KSN cloud

Incorrect answerWhen the cloud mode is enabled for the protection components, Kaspersky
Endpoint Security sends extended statistical information to the KSN cloud and uses the full
version of anti-virus databases
32. The administrator wants to exclude operations performed by a particular user from the
scan scope of protection components of Kaspersky Endpoint Security 11.1 for Windows.
Which of the following components support this kind of exclusion?
File Threat Protection

Behavior Detection

Incorrect answerWeb Threat Protection

None of the above

33. What does the File Threat Protection scope include with the default settings?
Correct answerAll removable drives
Correct answerAll hard drives

Disk boot sectors

Kernel Memory

Correct answerAll network drives


34. Under which conditions does Kaspersky Endpoint Security switch to the out-of-office
mode with the enabled option "Switch to out-of-office policy when Administration Server is
not available"?

After an unsuccessful synchronization with the Administration Server

After an unsuccessful synchronization, if the client computer does not receive an answer to
the command "ping <Administration Server address>"

After an unsuccessful synchronization, if the client computer fails to resolve the


Administration Server name

Correct answerAfter three successive failed synchronizations with the Administration Server
or after all networks have been disconnected
35. Select the correct statements about Web Threat Protection of Kaspersky Endpoint
Security:
Correct answerIt scans data in outbound connections
Correct answerIt scans data in secure connections (SSL/TLS)
Correct answerIt scans HTTP and FTP protocols

It scans data in inbound connections established from outside

36. Which of the following can File Threat Protection of Kaspersky Endpoint Security 11.1
for Windows do?
Correct answerScan files on drives on access

Control access to the registry

Scan any files, regardless of the source and interception method

Scan files on drives on demand


37. Which of the following components of Kaspersky Endpoint Security 11.1 for Windows
provides proactive defense against unknown threats by analyzing the sequence of actions
performed by a program?

AMSI Protection provider

Correct answerBehaviour Detection

Host Intrusion Prevention

38. Which of the control components permit specifying different limitations for different users
within Kaspersky Endpoint Security 11.1 for Windows?
Correct answerApplication Control

Host Intrusion Prevention

Correct answerAdaptive Anomaly Control


Correct answerWeb Control
Correct answerDevice Control
39. How can you configure an exclusion for Internet Explorer?

Create an exclusion for Internet Explorer in the created "Browsers" category

This scenario cannot be implemented in Kaspersky Endpoint Security 11.1 for Windows

Create a category for Internet Explorer, create an allow rule for this category, and move it to
the bottom of the list of rules

Incorrect answerCreate a category for Internet Explorer, create a rule allowing the start of
programs of this category, and place it higher on the list than the rule that prohibits
"Browsers"
40. Which component of Kaspersky Endpoint Security 11.1 for Windows divides applications
into 4 groups: "Trusted", "Low Restricted", "High Restricted", and "Untrusted"?
Incorrect answerApplication Control

Exploit Prevention

Behavior Detection

Host Intrusion Prevention

41. The administrator wants to configure Device Control settings in the policy of Kaspersky
Endpoint Security 11.1 for Windows, but the control options are not displayed in the policy.
How should the administrator fix this?

Load a Kaspersky Endpoint Security for Business "Advanced" license into Kaspersky
Security Center

Correct answerOpen the Kaspersky Security Center interface settings and select the "Display
endpoint control settings" check box
Run a "Change application components" task and select the "Standard" installation type
instead of the "Basic installation" type

None of the above

42. The administrator has included a USB flash drive in the list of trusted devices in the
Device Control policy of Kaspersky Endpoint Security 11.1 for Windows. Who can use this
drive?

Any user

Correct answerThe users specified in the policy by the administrator

Any user who has local administrative privileges

Only the administrator who made the device trusted in the policy

43. Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners
on the web pages visited by the users. How can you achieve this?

Enable the Anti-Banner component

Enable the option to block banner links in the Web Threat Protection settings

Correct answerCreate a rule in the Web Control settings to block the content category
"Banners"

None of the above

44. Which of the control components of Kaspersky Endpoint Security 11.1 for Windows can
apply access rules on schedule?

Host Intrusion Prevention

Application Control

Adaptive Anomaly Control

Correct answerWeb Control

Correct answerDevice Control

45. How can you make the Network Agent perform an unplanned synchronization from
the client side?

Carry out the "klnagchk" command without parameters


Incorrect answerIt is impossible

Carry out the command "klnagchk -sendhb"

Carry out the command "klnagchk -sync"

46. About which events does Kaspersky Security Center notify the administrator under the
default settings?

About all

About critical events of the Administration Server

Incorrect answerAbout critical events of the Kaspersky Endpoint Security

About none

47. Kaspersky Security Center 11 uses a remote database. To make a backup copy of all data
stored in the database, the administrator needs to:
Correct answerJust run the "Backup of Administration Server data" task, everything will be
done automatically

Run the "klbackup.exe" utility on the computer where the database is located

Run the "klbackup.exe" utility on the Administration Server, but with the "–path" switch

None of the above

48. Can the start of group update tasks be randomized in Kaspersky Security Center 11 to
avoid simultaneous connections of all client computers to the Administration Server?

Yes

Yes, but only if the "From 1000 to 5000 computers" or "More than 5000 computers" option
was selected during the installation of the Administration Server

Incorrect answerYes, but only if the computers are organized into several subgroups with
update tasks having different schedules

No

49. Where can you approve installation of a Maintenance Release of Kaspersky Endpoint
Security in the Kaspersky Security Center Web Console?

Operations | Kaspersky Lab applications | Kaspersky Lab software updates and patches

In the properties of the Kaspersky Endpoint Security Update task

Operations | Repositories | Installation packages


Correct answerOperations | Kaspersky Lab applications | Seamless updates
50. Which ports must be opened on the server for the client computers to be able to update
successfully?

HTTP port 80

Correct answerTCP port 13000

TCP ports 8060 and 8061

UDP ports 137 and 138, TCP ports 139 and 445

1. In which cases does the Administration Server update databases in the installation packages
of Kaspersky Endpoint Security
Correct answerWhen the administrator clicks the button "Update databases" in the package
properties
Correct answerWhen the package is created

Daily, after databases are updated in the repository

Every time after databases are updated in the repository

2. How many concurrent active policies of Kaspersky Endpoint Security 11.1 for Windows
can there be within a single group?

Incorrect answer2 at most

As many as you want

3. Select the correct statement:

If a computer is included in several groups, the policy of the group that is higher in the list is
applied

If a computer is included in several groups, a policy is not applied to it

A computer cannot be included in several groups

Incorrect answerIf a computer is included in several groups, the policy that is higher in the
Policies node is applied to it
4. Which port of the Administration Server do Network Agents connect to under the default
settings?
Correct answerTCP 13000

UDP 15000
TCP 13291

TCP 14000

5. How would you make this change?

Run the Quick Start wizard again

Correct answerModify the Administration Server address in the properties of the Network
Agent installation package

Modify the address in the Network Agent policy

Modify the address in the Administration Server policy

6. Which of the following capabilities are implemented as group tasks in Kaspersky Endpoint
Security for Windows (11.1.0)?
Correct answerUpdate
Correct answerChange Application Components

Network Threat Protection

Correct answerVirus Scan


7. Which of the following Administration Server parameters cannot be modified without
reinstalling Kaspersky Security Center?

Administration Server communication ports

Incorrect answerShared folder location

SQL server address

Administration Server account

8. How to make the exclusion work on the computers immediately after Kaspersky Endpoint
Security is installed rather than after computers download the policy?

Move new computers to the group where the policy is configured before installing Kaspersky
Endpoint Security

Set the Network Agent’s synchronization interval to 0 minutes

Correct answerAdd a configuration file with the exclusion to the installation package of
Kaspersky Endpoint Security (you can export the settings on an already configured computer)

Export the policy to a file and copy it into the folder where the installation package files of
Kaspersky Endpoint Security are located
9. When configuring a standalone installation package of Kaspersky Endpoint Security 11.1
for Windows in Kaspersky Security Center for computers that do not have access to the
network, how would you include custom protection settings into the package?

Export the policy of Kaspersky Endpoint Security 11.1 for Windows with the necessary
settings to a file and copy this file into the folder that contains the standalone package files

Incorrect answerExport the settings from the local Kaspersky Endpoint Security interface and
copy this file into the folder where the standalone package is located

Export the settings from the local Kaspersky Endpoint Security interface and specify this file
as the configuration file in the properties of the regular installation package prior to creating a
standalone package

Export the policy of Kaspersky Endpoint Security 11.1 for Windows with the configured
settings to a file and specify this file as the configuration file in the properties of the regular
installation package prior to creating a standalone package

10. On which editions of Windows Server 2012 can Kaspersky Security Center 11
Administration Server be installed?
Correct answerFoundation
Correct answerEssentials
Correct answerStandard
Correct answerDatacenter

None of the above

11. Select the correct statements about tasks in Kaspersky Security Center:Partiellement
correct 1/2

There are active and inactive tasks

There may not be more than one task for the same application in a group

Incorrect answerTo make task settings enforced on the computers, the respective locks must
be closed

The administrator can exclude a subgroup from a task’s scope

By default, subgroups’ tasks inherit settings of the parent group’s tasks (as far as tasks of the
same type are concerned)

Correct answerThe administrator can create a task for a set of computers belonging to
different groups
12. Which components are NOT available in Kaspersky Endpoint Security 11.1 for
Windows?

Host Intrusion Prevention

Correct answerWindows Integrity Check


Correct answerIM Anti-Virus

Web Control

BitLocker Management

13. Which functionality of Kaspersky Endpoint Security for Windows is NOT available under
the KESB Select license?
Correct answerFull Disk Encryption
Correct answerFile Level Encryption
Correct answerAdaptive Anomaly Control

Integrity Check

Device Control

14. The administrator has created a standalone installation package for Kaspersky Endpoint
Security and Network Agent. Select the correct statements about the standalone
package:Partiellement correct 1/2
Correct answerThe standalone package contains the Administration Server connection
parameters (from the settings of the Network Agent package)
Incorrect answerThe standalone package contains only the installation parameters, while the
files will be downloaded from the shared folder of the Administration Server during the
installation

The standalone package installs the Kaspersky Endpoint Security components that were
selected in the original package of Kaspersky Endpoint Security

The standalone package includes the username and password of an administrator, to enable a
non-administrator user to run it

15. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows 10 Home

Microsoft Windows 10 Pro

Microsoft Windows 10 Education

Microsoft Windows 10 Enterprise

Correct answerAll of the above


16. Which level of permissions is sufficient for installing Kaspersky Endpoint Security for
Windows?

User

Domain administrator
Correct answerLocal administrator

Power user

17. Which of the following database servers does Kaspersky Security Center 11 support?

Microsoft SQL Server 2005

Correct answerMicrosoft SQL Server 2008 R2


Correct answerMicrosoft SQL Server 2012
Correct answerMicrosoft SQL Server 2014
Correct answerMicrosoft SQL Server 2016
Correct answerMicrosoft SQL Server 2017
18. What is the minimum amount of RAM required to install Kaspersky Endpoint Security for
Windows (11.1.0) on a 32-bit Windows operating system?

256 MB

Incorrect answer512 MB

1024 MB

2048 MB

19. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows Server 2019 Foundation

Correct answerMicrosoft Windows Server 2019 Datacenter


Correct answerMicrosoft Windows Server 2019 Standard
Correct answerMicrosoft Windows Server 2019 Essentials
20. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?
Correct answerMicrosoft Windows Server 2012 R2 Foundation
Correct answerMicrosoft Windows Server 2012 R2 Essentials
Correct answerMicrosoft Windows Server 2012 R2 Standard

Microsoft Windows Server 2012 R2 Enterprise

Correct answerMicrosoft Windows Server 2012 R2 Datacenter


21. Which program types does the installer of Kaspersky Security Center Network Agent
consider to be incompatible and try to delete?

Third-party antiviruses

Third-party agents (such as ePO Agent)

Third-party backup tools


Incorrect answerThird-party remote management tools (such as TeamViewer, VNC,
RemoteAdmin, etc.)

None

22. Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?

80 and 443

15,000

13291

Correct answer8061
Correct answer8060
23. Which of the following operating systems does Kaspersky Endpoint Security for
Windows (11.1.0) support?

Microsoft Windows XP

Microsoft Windows Vista

Correct answerMicrosoft Windows 7


Correct answerMicrosoft Windows 8
Correct answerMicrosoft Windows 8.1
Correct answerMicrosoft Windows 10
24. How should the administrator disable the use of KSN in Kaspersky Endpoint Security
11.1 on the client computers?

Clear the check box that allows the use of KSN in the properties of the Administration Server

It is not possible

Reinstall the Administration Server and choose not to use KSN in the Quick start wizard

Correct answerDisable the use of KSN in Kaspersky Endpoint Security 11.1 policy
25. How can the administrator consult the list of domains with secure connection scan errors?

Via the Administration Console, in the computer properties

Correct answerOnly in the local interface of Kaspersky Endpoint Security on the user’s
computer

Via the Administration Console (in the computer properties), or in the local interface of
Kaspersky Endpoint Security

26. A workstation is managed remotely through Kaspersky Security Center 11 with the
default settings. Which of the following events invoke pop-up notifications in the local
interface of Kaspersky Endpoint Security 11.1 for Windows?
An infected object has been detected

Correct answerAn application start has been blocked

A network attack has been detected

A suspicious object has been detected

27. Select the correct statements about exclusions for files and folders in Kaspersky Endpoint
Security:
Correct answerYou can use environment variables, such as "%programfiles%"
Correct answerA folder’s path must end with "\"

You can use regular expressions, such as "@"\w\\(?:Ft|Dev)\\Branch\\?$""

Correct answerYou can use wildcards: "?" and "*"


28. Which of the following components of Kaspersky Endpoint Security 11.1 for Windows do
NOT scan files?
Incorrect answerWeb Threat Protection

Network Threat Protection

BadUSB Attack Prevention

Incorrect answerMail Threat Protection


29. What does the Firewall do with a packet that meets conditions of several rules, including
allow and block?

Allows the packet

Applies the rule that is lower in the list

Correct answerApplies the rule that is higher in the list

Blocks the packet

30. Which access to network do programs get that belong to the Untrusted group on Microsoft
Windows 7 protected with Kaspersky Endpoint Security 11.1 under the default settings?

None, because the Host Intrusion Prevention component will block them

Access to trusted and local networks

Access only to trusted networks

Incorrect answerFull network access


31. What does the password that can be specified in the Network Agent policy prevent?
Correct answerNetwork Agent uninstallation

Carrying out the command "send heartbeat" that forces a synchronization with the Server
Starting the "klnagchk.exe" and "klmover.exe" utilities

Stopping the Network Agent service

32. Select the correct statements about how "File Threat Protection" safeguards a computer
with the default settings:Partiellement correct 1/2
Incorrect answerScans all file types

Scans all files, even those that have not been changed

Correct answerScans only new and changed files

Scans potentially dangerous files

33. The administrator is trying to find an optimal schedule for a virus scan task, but at any
moment of time either a large number of computers are off, or the users ask to disable
scanning because it slows down the computer. What would you advise?

Enable the mode "Concede resources to other applications" in the Kaspersky Endpoint
Security policy

Not to use Virus Scan tasks

Select the check box "Allow management of group tasks" in the Kaspersky Endpoint Security
policy to enable users start virus scanning manually

Correct answerEnable the mode "Scan when the computer is idling" in the task
34. Select the most correct description for the Remediation Engine component:

It monitors file operations and scans files being accessed

Incorrect answerIt intercepts software start attempts and blocks applications according to the
rules configured by the administrator

It analyzes individual operations performed by applications and prohibits little-known


applications from taking potentially dangerous actions

It logs actions taken by applications and can roll them back if the software demonstrates
dangerous activity patterns

35. What happens when the cloud mode is enabled for the protection components?
Correct answerWhen the cloud mode is enabled for the protection components, Kaspersky
Endpoint Security uses a lite version of anti-virus databases, but sends more requests to the
KSN cloud

When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security
can send executable and non-executable files or their parts to the KSN cloud
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security
sends extended statistical information to the KSN cloud and uses the full version of anti-virus
databases

36. How does Host Intrusion Prevention select a trust level for a program?
Correct answerIt uses information from Kaspersky Security Network

It uses the results of background scanning by the online service "virustotal.com"

Correct answerIt uses the trust levels explicitly specified in the policy

It uses a local heuristic algorithm

37. Which networks are Trusted in the Firewall policy of Kaspersky Endpoint Security 11.1
under the default settings?
Correct answerNone

127.0.0.1/32

192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8

The networks to which the Administration Server is connected

38. If the "Block" action is selected for the USB bus in Device Control of Kaspersky Endpoint
Security 11.1 for Windows, and "Allow" for the "Removable drives" category, will the users
be able to access removable drives connected over USB?

No

Yes

Incorrect answerYes, but only the users who have Local Administrator privileges

Yes, but only encrypted drives

39. How can you configure an exclusion for Internet Explorer?


Correct answerCreate an exclusion for Internet Explorer in the created "Browsers" category

This scenario cannot be implemented in Kaspersky Endpoint Security 11.1 for Windows

Create a category for Internet Explorer, create an allow rule for this category, and move it to
the bottom of the list of rules

Create a category for Internet Explorer, create a rule allowing the start of programs of this
category, and place it higher on the list than the rule that prohibits "Browsers"

40. You want to block the start of a program on Windows servers. How can you do it with
Kaspersky Endpoint Security 11.1 for Windows?

It is impossible for servers


Add the program to the "Untrusted" list in the Host Intrusion Prevention component settings

Correct answerBlock its start using Application Control


41. Which of the control components of Kaspersky Endpoint Security 11.1 for Windows can
apply access rules on schedule?

Host Intrusion Prevention

Application Control

Adaptive Anomaly Control

Correct answerWeb Control


Correct answerDevice Control
42. Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners
on the web pages visited by the users. How can you achieve this?

Enable the Anti-Banner component

Enable the option to block banner links in the Web Threat Protection settings

Correct answerCreate a rule in the Web Control settings to block the content category
"Banners"

None of the above

43. What should be changed to prohibit this possibility without affecting any other USB
devices?

Block "USB bus" in the Device Control

No way, such a device cannot be blocked by Kaspersky Endpoint Security 11.1 for Windows

Correct answerBlock "Portable devices (MTP)" in Device Control

Block multifunctional devices in the Device Control

44. Consider Kaspersky Endpoint Security 11.1 and Kaspersky Security Center 11. How can
you tell which "KL category" a particular executable file belongs to?Partiellement correct 1/2

Consult the "Executable files" repository in the ММС Administration Console

Incorrect answerConsult the "Application categories" node in the ММС Administration


Console
Correct answerConsult the Application Activity Monitor in the local interface of Kaspersky
Endpoint Security 11.1

None of the above


45. Kaspersky Security Center 11 uses a remote database. To make a backup copy of all data
stored in the database, the administrator needs to:
Correct answerJust run the "Backup of Administration Server data" task, everything will be
done automatically

Run the "klbackup.exe" utility on the computer where the database is located

Run the "klbackup.exe" utility on the Administration Server, but with the "–path" switch

None of the above

46. A commercial license has expired in an organization, and the money for purchasing a new
license will be allocated only in a month. Which functions of Kaspersky Endpoint Security
11.1 for Windows will NOT work until the new license is in place?

Virus Scan tasks

Management via Kaspersky Security Center

Correct answerUpdate

Real-time protection components

47. What is the purpose of the klmover.exe utility?

It helps to check the Agent—Server connection

It helps to modify the parameters that Network Agent uses to connect to the Administration
Server

Incorrect answerIt synchronizes the Network Agent’s settings with the Administration Server
48. How often do Network Agents synchronize settings with the Administration Server under
the default settings?

Every 5 minutes

Every 60 minutes

Every 30 minutes

Correct answerEvery 15 minutes


49. About which events does Kaspersky Security Center notify the administrator under the
default settings?

About all

Incorrect answerAbout critical events of the Administration Server

About critical events of the Kaspersky Endpoint Security


About none

50. Where can you approve installation of a Maintenance Release of Kaspersky Endpoint
Security in the Kaspersky Security Center Web Console?

Operations | Kaspersky Lab applications | Kaspersky Lab software updates and patches

In the properties of the Kaspersky Endpoint Security Update task

Operations | Repositories | Installation packages

Correct answerOperations | Kaspersky Lab applications | Seamless updates

You might also like