1.ABC Inc.

plans to deploy Kaspersky Security Center and Kaspersky Endpoint

Security in a network segment that has no access to the internet. How would you
activate the products?
With a key file
With an activation code
Any activation method can be used
2.Which network polling methods are enabled by default in Kaspersky Security
Center Administration Server?
Quick Windows network polling
Full Windows network polling
Active Directory polling
IP range polling
3.Which component of Kaspersky Endpoint Security 12.1 for Windows analyzes
the behavior of already running executable files to detect malware activity?
Host Intrusion Prevention
Behavior Detection
Kaspersky Security Network
Network Threat Protection
4.After completing the Quick Start Wizard of the Kaspersky Security Center
Administration Server, you open the Kaspersky Endpoint Security 12.1 for
Windows policy to configure Application Control rules. It turns out that to set up
the rules, you need to select application categories from the list, which is empty.
What do you need to do to create Application Control rules?
1. Create application categories in the Application Control settings
2. Create application categories on the Operations | Third-Party Applications | Application
Categories page on the Administration Server
3. Just wait for the databases to be updated on the Administration Server
4. Create and run the Inventory task on at least one computer
5.ABC Inc. plans to deploy Kaspersky Endpoint Security on 10,000 endpoints and
manage protection through one Administration Server. Which database server is
recommended for Kaspersky Security Center in this case?
Microsoft SQL Server Standard
Microsoft SQL Server Express
MySQL Community Edition
MySQL Enterprise Edition
6.A workstation is managed remotely through Kaspersky Security Center 14.2
with the default settings. Which of the following events invoke pop-up
notifications in the local interface of Kaspersky Endpoint Security 12.1 for
Windows?
Threats have been detected
Application startup prohibited
Suspicious object detected
Network attack detected
7.The administrator wants to configure Device Control settings in the Kaspersky
Endpoint Security 12.1 for Windows policy, but the control options are not
displayed in the policy in the MMC console. How should the administrator fix
this?
Add a Kaspersky Endpoint Security for Business Select license to Kaspersky Security Center
Open the interface settings in the MMC console and select the ‘Display endpoint control settings’
checkbox
Run a ‘Change application components’ task and select the Standard installation type instead of the
Basic installation type
None of the above
8.Which function does Firewall perform in Kaspersky Endpoint Security for
Windows?
Blocks network packets according to the specified rules
Analyzes network activity to detect network attacks
Analyzes files downloaded over the network to detect infected objects
Analyzes email messages and blocks phishing links
9.The update task of Kaspersky Endpoint Security for Windows has ‘Update
settings for local mode’ and ‘Update settings for mobile mode’. Under which
conditions are ‘Update settings for mobile mode’ used?
The update task has no update settings for mobile mode
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met, and
the out-of-office policy is applied to the computer
If all sources specified in the settings for local mode are inaccessible
10.There is a stand-alone package on the Administration Server that installs
Kaspersky Endpoint Security with the default set of components. How can you
make the package install the 'BadUSB Attack Prevention' component as well?
Open the properties of the stand-alone package in the Administration Console and select the
necessary component
Select the component in the original Kaspersky Endpoint Security package and re-create the stand-
alone package
Open the folder where the stand-alone package is located and edit the list of components in the .kud
file
Open the folder where the stand-alone package is located and edit the installation string in the .kud
file
11.Which component of Kaspersky Endpoint Security for Windows except 'Web
Threat Protection' takes part in protection against phishing?
File Threat Protection
Mail Threat Protection
Web Control
None of the above
12.Which features provide extended threat detection capabilities in Kaspersky
EDR Optimum?
Correlation of detections with other events
IOC scanning
Correlation of telemetry with a database of indicators of attack
13.A network consists of: 27 computers running Microsoft Windows Server 2016
5 computers running Microsoft Windows Server 2012 130 computers running
Microsoft Windows 7 Professional 70 computers running Microsoft Windows 10.
How many remote installation tasks (minimum) do you need to create to install
Kaspersky Endpoint Security 12.1 for Windows on all machines?
1
2
3
232
14.There are 1000 computers in the company, approximately 200 of which are
servers. During the next year, the company plans to add about 500 computers to
the network (servers and workstations). All computers are currently located
within the Managed Devices group, but the administrator has decided to group
them according to operating system type. How can this be done without wasting
time, either now or later?
Sort the list of computers in the Managed Devices group by the operating system type, select
servers and drag them to one group, and the other computers to another group; repeat as necessary
Configure a computer relocation rule based on the operating system type
Use the Search functionality to find all computers with server operating systems and use the shortcut
menu to move them to a Servers group; do the same for non-server operating systems; repeat as
necessary
Create a selection of computers running server operating systems and another one for non-servers;
create computer relocation tasks for them
15.Which of the following operations can the Mail Threat Protection component of
Kaspersky Endpoint Security for Windows perform?
Scan webmail traffic
Scan SMTP/POP3/IMAP/NNTP traffic
Scan MAPI traffic in Microsoft Office Outlook
Filter email attachments
16.The user tries to download an archive with freeware from an HTTP website. If
there is an infected object in the archive, which component of Kaspersky
Endpoint Security for Windows will be the first to detect it?
Web Threat Protection
Firewall
Malware Scan task
File Threat Protection
17.How does the remote installation task of Kaspersky Endpoint Security 12.1 for
Windows behave by default if a third-party protection application is installed on a
computer?
Returns an error and prompts the administrator to uninstall the application manually
Uninstalls the third-party protection application automatically and proceeds with the installation
Installs Kaspersky Endpoint Security, but completes with a warning that the third-party protection
application must be uninstalled
Asks the user whether to uninstall the third-party protection application
18.This question is related to Kaspersky Endpoint Security for Windows. When
the Behavior Detection component recognizes dangerous activity, which of the
following actions can it take?
Disinfect
Terminate the program
Quarantine the file
Delete the file
19.How often do Network Agents synchronize settings with the Administration
Server by default?
Every 5 minutes
Every 15 minutes
Every 30 minutes
Every 60 minutes
20.Under which conditions does Kaspersky Endpoint Security switch to the out-
of-office mode if Network Agent is configured to ‘Enable out-of-office mode when
Administration Server is not available’?
1: After an unsuccessful synchronization with the Administration Server
2:After three unsuccessful synchronizations with the Administration Server or after all networks have
been disconnected
3:After an unsuccessful synchronization, if the client computer cannot resolve the Administration
Server name
4:After an unsuccessful synchronization, if the client computer does not receive an answer to the
following command: ping
21.This question is related to Kaspersky Security Center. Which of the following
conditions will cause the backup task to return an error on the Administration
Server?
1. The Administration Server account has no Write permissions for the backup target directory
2. The database server account has no Write permissions for the backup target directory
3. The drive where the backup directory is located lacks free space
4. The 'Download updates to the repository' task is running on the server (backup copying
cannot be started until updating is finished)
22.Select the most accurate description for the Host Intrusion Prevention
component:
It monitors file operations and scans files being accessed
It analyzes individual operations performed by applications and prohibits little-known applications
from taking potentially dangerous actions
It logs actions taken by applications and blocks applications that demonstrate dangerous activity
patterns
It intercepts software start attempts and blocks applications according to the rules configured by the
administrator
23.If the Block action is selected for the USB bus in Device Control of Kaspersky
Endpoint Security 12.1 for Windows, and Allow for the Removable Drives
category, will users be able to access removable drives connected over USB?
1. No
2. Yes
3. Yes, but only if they have local administrator privileges
4. Yes, but only encrypted drives
24.Which of the following database servers does Kaspersky Security Center
support?
Amazon RDS
MariaDB
Microsoft SQL
Microsoft Azure SQL database
MySQL
Oracle Database
PostgreSQL
Amazon Aurora
25.This question is related to Kaspersky Security Center. Which features or
components provide the data that populate the Executable Files list in the
Administration Console?
1. Kaspersky Security Center Network Agent
2. The Inventory task of Kaspersky Endpoint Security
3. The 'Find vulnerabilities and required updates' task of Kaspersky Endpoint Security
4. Application Control of Kaspersky Endpoint Security
26.You want to publish installation packages in Active Directory via Kaspersky
Security Center Administration Server. What packages can be published this
way?
1. Any packages available in the Installation Packages repository
2. Only Kaspersky product packages
3. Only Kaspersky Network Agent packages
4. None
27.Which of the following is a known limitation of the Web Control component in
Kaspersky Endpoint Security 12.1 for Windows?
It can’t block content by data type over an https connection
None of the above
It can’t block any website accessed over an https connection
It works only with mainstream web browsers such as Internet Explorer, Mozilla Firefox, Google
Chrome
28.The administrator chose to accept the KSN statement and allow the use of
KSN in the Quick Start Wizard during the installation of the Kaspersky Security
Center Administration Server. Later, management decided to opt out of using
KSN. How should the administrator disable the use of KSN in Kaspersky
Endpoint Security on client computers?
Disable the option that allows the use of KSN in the properties of the Administration Server
Disable the use of KSN in the Kaspersky Endpoint Security policy
Reinstall the Administration Server and choose not to use KSN in the Quick Start Wizard
It’s impossible
29.Which port does the Endpoint Detection and Response Optimum component
use to connect to the Kaspersky Security Center server?
13291
The Endpoint Detection and Response Optimum component does not establish connections to
Kaspersky Security Center server
8080
443
30.In which case will Kaspersky Endpoint Security for Windows consider a file to
be non-infected?
Signature or heuristic analysis regard the file as infected, while the KSN database considers it to be
clean
Signature and heuristic analysis regard the file as clean, while the KSN database considers the file
to be infected
31.Select the correct statement about groups in Kaspersky Security Center:
If a computer is included in several groups, the policy of the group that is higher in the list is applied
A computer cannot be included in several groups
If a computer is included in several groups, the policy that is higher in the Policies node is applied to
it
If a computer is included in several groups, a policy is not applied to it
32.Which technologies and tasks of Kaspersky Endpoint Security create an
incident card for EDR Optimum?
Exploit Prevention
File Threat Protection
Network Threat Protection
Mail Threat Protection
33.What does Firewall do with a packet that meets the conditions of several rules,
including allow and block?
Allows the packet
Applies the rule that is higher in the list
Blocks the packet
Applies the rule that is lower in the list
34.Which utility helps the administrator test the connection between the Network
Agent and the Administration Server and synchronize their settings?
klmover.exe
klnagchck.exe
GetSystemInfo.exe
35.What is the minimum amount of RAM required for installing Kaspersky
Endpoint Security 12.1 for Windows on a 32-bit operating system according to the
system requirements?
256MB
1024MB
512MB
2048MB
36.Which port of the Administration Server do Network Agents connect to under
the default settings?
TCP 13000
TCP 14000
TCP 13291
UDP 15000
37.Where can the administrator find the list of domains with scan errors?
1. In the Administration Console, in each computer’s properties
2. In the Administration Console, in each computer’s properties, or in the local interface of
Kaspersky Endpoint Security
3. Only in the local Kaspersky Endpoint Security interface on a computer
38.Which file attribute is used when you create an indicator of compromise for
the selected file from an alert card?
MD5 checksum
Full file path
SHA256 checksum
File name
39.This question is related to Kaspersky Endpoint Security and Kaspersky
Security Center. How can you tell which KL category a particular executable file
belongs to?
Consult the 'Executable files' repository in the Administration Console
Consult the ‘Application categories' section in the Administration Console
Consult the Application Activity Monitor in the local interface of Kaspersky Endpoint Security 12.1
40.How many policies can you create in a single group of managed devices for
Kaspersky Endpoint Security?
1
As many as you want
2
5 at most
One per version of Kaspersky Endpoint Security
41.During the installation of Kaspersky Security Center, the DNS name of the
Administration Server was specified as its connection address. Before deploying
Kaspersky Network Agents, the administrator has decided that the Server’s IP
address should be used for connections. How can the change be made?
Run the Quick Start Wizard again
Modify the Administration Server address in the properties of the Network Agent installation package
Modify the address in the Administration Server policy
Modify the address in the Network Agent policy
42.The administrator of Kaspersky Security Center connects the ММС console to
the locally installed Administration Server, creates an automatically filled
application category, and specifies the С:\Program Files\Microsoft\ folder as a
parameter. Which executable files will fall into this category?
Files whose MD5 checksum coincides with the checksum of a file located in C:\Program Files\
Microsoft\ on the Administration Server
Files that have the same certificate as a file located in С:\Program Files\Microsoft\ on the
Administration Server
Files whose SHA-256 checksum coincides with the checksum of a file located in С:\Program Files\
Microsoft\ on the Administration Server
Files whose metadata coincides with the metadata of a file located in С:\Program Files\Microsoft\ on
the Administration Server
43.What is the default password in the ‘Backup of Administration Server data’
task created by the Quick Start Wizard of Kaspersky Security Center?
kaspersky
There is no default password
Kaspersky
KL
44.How can you create network isolation exceptions in Endpoint Detection and
Response Optimum settings?
Select from a pre-configured set of profiles
Manually based on connection attributes (address, ports, direction, etc.)
Manually for the selected executable file
Import from ‘Network connection blocked’ events
45.Select the correct statements about the Web Threat Protection component of
Kaspersky Endpoint Security:
It scans data in outbound connections
It scans data in inbound connections established from outside
It scans HTTP and FTP protocols
It scans data in secure connections (SSL/TLS)
46.The administrator has created a stand-alone installation package for
Kaspersky Endpoint Security and Network Agent. Select the correct statements
about the stand-alone package:
The stand-alone package contains the Administration Server connection parameters (from the
settings of the Network Agent package)
The stand-alone package installs the Kaspersky Endpoint Security components that were selected in
the original package of Kaspersky Endpoint Security
The stand-alone package includes the username and password of an administrator (to enable a non-
administrator user to start it)
The stand-alone package contains only the installation parameters, while the files will be
downloaded from the Administration Server during the installation
47.What advantages does Kaspersky EDR Optimum provide compared to
Kaspersky Endpoint Security for Business Advanced?
Helps analyze the causes of an information security incident
Helps contain the spread of a threat: isolate a device, prevent execution of a suspicious file
Detects malicious files
None of the above
48.Can the start of group update tasks be randomized in Kaspersky Security
Center to avoid simultaneous connections of all client computers to the
Administration Server?
Yes
Yes, but only if the 'From 1000 to 5000 computers' or 'More than 5000 computers' option was
selected during the installation of the Administration Server
Yes, but only if the computers are organized into several subgroups with update tasks having
different schedules
No
49.How long does Kaspersky EDR Optimum isolate the computer from the
network by default?
30 minutes
5 hours
8 hours
There is no time limit (until canceled manually)
50.Which actions can a Kaspersky EDR Optimum IOC Scan task perform when it
detects an indicator on a computer?
Isolate the computer from the network
Make the Kaspersky protection application scan the endpoint for threats
Quarantine the object
Shut down the compute
Certified Professional: Kaspersky Endpoint Security and Management
(002.12.1)
Total Questions
33.2 / 50
Evaluation Score
66.4%
Passing Score
70%

1.How can you create network isolation exceptions in Endpoint Detection and
Response Optimum settings?
Select from a pre-configured set of profiles
Manually based on connection attributes (address, ports, direction, etc.)
Manually for the selected executable file
Import from ‘Network connection blocked’ events
2.Which of the following components of Kaspersky Endpoint Security 12.1 for
Windows do NOT scan files?
Web Threat Protection
BadUSB Attack Prevention
Network Threat Protection
Mail Threat Protection
3.A network consists of: 27 computers running Microsoft Windows Server 2016 5
computers running Microsoft Windows Server 2012 130 computers running
Microsoft Windows 7 Professional 70 computers running Microsoft Windows 10.
How many remote installation tasks (minimum) do you need to create to install
Kaspersky Endpoint Security 12.1 for Windows on all machines?
1
2
3
232
4.Which version of SQL server is included with the Kaspersky Security Center
Administration Server distribution?
Microsoft SQL Server 2016 Express
None of the above
Microsoft SQL Server 2017 Express
Microsoft SQL Server 2019 Express
5.You are trying to create a Kaspersky EDR Optimum IOC Scan task from an alert
card, but the file for which you want to make an indicator cannot be selected.
Why?
The alert card lacks the MD5 checksum of this file
An indicator has already been created for this file
The Quarantine action has already been performed for this file
An execution prevention rule has already been created for this file
6.Select the most accurate description for the Remediation Engine component:
It monitors file operations and scans files being accessed
It intercepts software start attempts and blocks applications according to the rules configured by the
administrator
It logs actions taken by applications and can roll them back if the software demonstrates dangerous
activity patterns
It analyzes individual operations performed by applications and prohibits little-known applications
from taking potentially dangerous actions
7.Which permission do you need to give to a trusted process in the Trusted Zone
of Kaspersky Endpoint Security so that File Threat Protection does NOT scan
files accessed by this process?
Do not scan files before opening
Do not monitor application activity
Allow interaction with the application interface
Special permissions are not necessary, File Threat Protection does not scan any files accessed by
trusted processes
8.What events does Kaspersky Security Center notify the administrator about
under the default settings?
All events
Critical Kaspersky Endpoint Security events
Critical Administration Server events
None
9.How does Kaspersky Endpoint Security 12.1 for Windows protect against file-
encrypting ransomware?
It mines cryptocurrency for the ransom in the background
It heuristically detects encryption attempts and blocks malware
It backs up documents that are being accessed, and if a document is encrypted by malware, it
restores it from a backup copy
It automatically brute-forces the key and decrypts the encrypted documents
10.ABC Inc. plans to deploy Kaspersky Endpoint Security on 10,000 endpoints
and manage protection through one Administration Server. Which database
server is recommended for Kaspersky Security Center in this case?
Microsoft SQL Server Standard
MySQL Community Edition
Microsoft SQL Server Express
MySQL Enterprise Edition
11.Which of the following installation methods does NOT work if the computer’s
shared folders are NOT accessible over the network?
Remote deployment using Windows resources
Remote installation using Active Directory
Installation from a stand-alone package
Installation using Network Agent
12.Which of the following components of Kaspersky Endpoint Security for
Windows can block executable file start?
Behavior Detection
Application Control
Host Intrusion Prevention
Device Control
Adaptive Anomaly Control
13.The update task of Kaspersky Endpoint Security for Windows has ‘Update
settings for local mode’ and ‘Update settings for mobile mode’. Under which
conditions are ‘Update settings for mobile mode’ used?
The update task has no update settings for mobile mode
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met, and
the out-of-office policy is applied to the computer
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met
If all sources specified in the settings for local mode are inaccessible
14.How does Kaspersky EDR Optimum enhance threat prevention capabilities?
Prevents the changing of system files
Prevents file execution based on the checksum or path mask
Quarantines files detected by an IOC scan task
Prevents the changing of registry keys based on path mask
15.Where are the installation logs of Kaspersky Endpoint Security and Network
Agent stored after a remote installation?
In %ProgramData%\Kaspersky Lab
In the user’s %Temp% folder
In the system %Temp% folder
In the root of the system drive
16.Alex-Desktop has been isolated from the network. Now, you want to obtain a
suspicious executable file for additional analysis without deleting the original file
from the isolated computer. How can this be done?
Create and run a task ‘Move file to Quarantine’
Create and run a ‘Get file’ task
You cannot obtain a file from an isolated computer using Endpoint Detection and Response
Optimum tools
17.A user tries to download an infected object over HTTPS. Which component of
Kaspersky Endpoint Security 12.1 for Windows will be the first to detect it?
Web Threat Protection
File Threat Protection
Host Intrusion Prevention
Network Threat Protection
18.Which of the following Administration Server parameters cannot be modified
without reinstalling Kaspersky Security Center?
Administration Server communication ports
SQL server address
Administration Server account
Shared folder location
19.What does the password that can be specified in the Network Agent policy
prevent?
Network Agent uninstallation
Stopping the Network Agent service
Starting the klnagchk.exe and klmover.exe utilities
Carrying out the command 'send heartbeat' that forces synchronization with the Server
20.On which operating systems can you NOT install Kaspersky Security Center
Administration Server?
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 R2
Windows 10
Windows 11
Windows Server 2016
Windows Server 2019
21.Select the correct statements about the KL-AK- account created by the
installation wizard of Kaspersky Security Center Administration Server:
It is included in the Domain Admins group
It is included in the BUILTIN\Administrators group
It is included in the KLAdmins group
It cannot be used to log on to the system locally
It has the same permissions as the BUILTIN\Administrators group
22.The administrator has selected the 'Assign Network Agent installation in
the Active Directory group policies' option in a remote installation task. When will
the Network Agent installation be finished on the target computers?
A few minutes after the task starts
A few minutes after the computers receive the Active Directory group policy
At the next restart of the computers
The next time the users log on to the domain from the target computers
23.After completing the Quick Start Wizard of the Kaspersky Security Center
Administration Server, you open the Kaspersky Endpoint Security 12.1 for
Windows policy to configure Application Control rules. It turns out that to set up
the rules, you need to select application categories from the list, which is empty.
What do you need to do to create Application Control rules?
Create application categories in the Application Control settings
Create application categories on the Operations | Third-Party Applications | Application Categories
page on the Administration Server
Just wait for the databases to be updated on the Administration Server
Create and run the Inventory task on at least one computer
24.You have installed Kaspersky Security Center, created a 'KES installation'
group in the management console and added computers to that group. You then
enabled automatic installation of Network Agent and Kaspersky Endpoint
Security in the group properties. What do you need to modify in the 'Install
applications remotely' task to successfully complete the installation?
Change the installation method
Specify the list of accounts to be used to run the task
Specify the key
Nothing needs to be changed
25.The administrator needs to prohibit the launch of several programs in the
network. What is the best way to achieve this?
In Application Control, select Denylist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Denylist mode and create block rules for the applications that must be
prohibited
In Application Control, select Allowlist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Allowlist mode and create block rules for the applications that must be
prohibited
26.Where can you find detailed results of a Kaspersky EDR Optimum IOC Scan
task? (For example, conditions that the detected files match)
On the ‘Results’ tab in the task properties
In the ‘Application settings | IOC Scan Results’ section in the task properties
The web console of Kaspersky Security Center doesn’t provide this information
In the statistics of the Kaspersky EDR Optimum application in the computer properties
27.There is a stand-alone package on the Administration Server that installs
Kaspersky Endpoint Security with the default set of components. How can you
make the package install the 'BadUSB Attack Prevention' component as well?
Open the properties of the stand-alone package in the Administration Console and select the
necessary component
Select the component in the original Kaspersky Endpoint Security package and re-create the stand-
alone package
Open the folder where the stand-alone package is located and edit the list of components in the .kud
file
Open the folder where the stand-alone package is located and edit the installation string in the .kud
file
28.Which action is specified for Adaptive Anomaly Control rules by default in the
Kaspersky Endpoint Security policy?
Allow
Block
Notify
Smart
29.Which features provide extended threat detection capabilities in Kaspersky
EDR Optimum?
Correlation of detections with other events
IOC scanning
Correlation of telemetry with a database of indicators of attack
30.How can you exclude a file from the scope of File Threat Protection?
Add the file or folder path to the list of exclusions
Add the program that accesses files to the list of trusted processes
Add the certificate with which files are signed to the computers’ certificate store and configure an
exclusion for this store
Modify the protection scope of File Threat Protection
Set the maximum file scan time
31.You want to prohibit users from starting any browser except for Internet
Explorer. You don’t want to block any other kinds of applications. Which
component of Kaspersky Endpoint Security for Windows is the right tool for the
job?
Application Control
Host Intrusion Prevention
Device Control
Web Control
Adaptive Anomaly Control
32.Can the start of group update tasks be randomized in Kaspersky Security
Center to avoid simultaneous connections of all client computers to the
Administration Server?
Yes
Yes, but only if the 'From 1000 to 5000 computers' or 'More than 5000 computers' option was
selected during the installation of the Administration Server
Yes, but only if the computers are organized into several subgroups with update tasks having
different schedules
No
33.Where can you find the list of computers blocked by the Network Threat
Protection component?
In the local interface of Kaspersky Endpoint Security, in the Network Monitor window that you can
open from the shortcut menu of the Network Threat Protection component
In the Kaspersky Security Center administration console, in the properties of the attacked computer
In the local interface of Kaspersky Endpoint Security, in the Network Monitor window that you can
open from the Monitoring section
34.What does a closed lock mean near a parameter in a group policy of
Kaspersky Endpoint Security?
The parameter cannot be changed in the local interface of Kaspersky Endpoint Security
The parameter can be changed only by the administrator who created the policy
The parameter cannot be changed in subgroup policies (unless inheritance is disabled)
The parameter is password-protected
35.This question is related to Kaspersky Security Center. Which of the following
conditions will cause the backup task to return an error on the Administration
Server?
The Administration Server account has no Write permissions for the backup target directory
The database server account has no Write permissions for the backup target directory
The drive where the backup directory is located lacks free space
The 'Download updates to the repository' task is running on the server (backup copying cannot be
started until updating is finished)
36.Select the most accurate description for the Host Intrusion Prevention
component:
It monitors file operations and scans files being accessed
It analyzes individual operations performed by applications and prohibits little-known applications
from taking potentially dangerous actions
It logs actions taken by applications and blocks applications that demonstrate dangerous activity
patterns
It intercepts software start attempts and blocks applications according to the rules configured by the
administrator
37.In the Web Control settings of a Kaspersky Endpoint Security 12.1 for
Windows policy, the administrator created a rule that prohibits all users from
opening facebook.com and a rule that allows the HR department to access
facebook.com. However, access to facebook.com has been blocked for everyone.
Why?
The blocking rule is higher than the allowing rule on the list
A blocking rule always has priority over allowing rules
Web Control exclusions must be specified in the Trusted Zone
The standard default allowing rule is disabled
38.Under which conditions does Kaspersky Endpoint Security switch to the out-
of-office mode if Network Agent is configured to ‘Enable out-of-office mode when
Administration Server is not available’?
After an unsuccessful synchronization with the Administration Server
After three unsuccessful synchronizations with the Administration Server or after all networks have
been disconnected
After an unsuccessful synchronization, if the client computer cannot resolve the Administration
Server name
After an unsuccessful synchronization, if the client computer does not receive an answer to the
following command: ping
39.Under which conditions does Kaspersky Endpoint Security switch to the out-
of-office mode with the default settings?
None. Conditions are not specified by default
After three unsuccessful synchronizations with the Administration Server or after all networks have
been disconnected
After an unsuccessful synchronization with the Administration Server
40.A network is protected with Kaspersky Endpoint Security for Windows and
managed by Kaspersky Security Center with the default settings. What should the
administrator do to completely prohibit the disabling of protection without
concealing it?
Protect the Uninstall / Modify / Restore commands with a password
Prohibit stopping of the Kaspersky Endpoint Security service
Protect disabling of protection and control components with a password
Protect the Exit command with a password
Block access to the Kaspersky Endpoint Security process
41.In which of the following situations do you NOT need to specify the
administrator account in the remote installation task?
The administrator account is disabled on the target computers
Network Agent is already installed on the target computers and connected to the Server
The account of the Administration Server service has administrator permissions on the target
computers
Windows 10 is installed on the target computers
The target computers have been prepared with the riprep.exe utility
A previous version of Kaspersky Endpoint Security is already installed on the target computers
42.This question is related to Kaspersky Security Center and Kaspersky Endpoint
Security 12.1 for Windows. You want to import the Active Directory structure to
the structure of managed computers. How can you do it?
Use the option 'Create group structure based on Active Directory structure' in the Quick Start Wizard
Use the option 'Create group structure based on Active Directory structure' in the group hierarchy
settings in the Web Console
Use the task 'Synchronize Active Directory structure'
Use a one-time relocation rule with the option to create missing groups for organizational units
43.A packet meets the conditions of several Firewall rules, including an allow rule
for packets and a block rule for applications. The block rule for applications is
higher than the allow rule for packets. What does Firewall do with such a packet?
Allows the packet
Applies the rule that is higher in the list
Blocks the packet
Applies the rule that is lower in the list
44.Which operating systems does Kaspersky Endpoint Security 12.1 for Windows
support?
Microsoft Windows 10 Home
All of the above
Microsoft Windows 10 Pro
Microsoft Windows 10 Education
Microsoft Windows 10 Enterprise
45.Which utility helps the administrator test the connection between the Network
Agent and the Administration Server and synchronize their settings?
klmover.exe
klnagchck.exe
GetSystemInfo.exe
46.You want to configure the Kaspersky Endpoint Security 12.1 for Windows
policy to prohibit the use of all browsers except Internet Explorer at the company.
To do so, you have created an application category named Browsers that
includes all applications from the Web Browsers KL category, and prohibited its
launch. How can you configure the exclusion for Internet Explorer?
Create an exclusion for Internet Explorer in the created Browsers category
Create a category for Internet Explorer, create a rule allowing the start of programs of this category
and place it higher on the list than the rule that prohibits the Browsers category
Create a category for Internet Explorer, create an allow rule for this category, and move it to the
bottom of the list of rules.
This scenario cannot be implemented in Kaspersky Endpoint Security 12.1 for Windows
47.When accessing a computer via a third-party remote desktop tool, the
administrator noticed that the interface of Kaspersky Endpoint Security 12.1 for
Windows doesn’t respond to commands. Which component or subsystem of
Kaspersky Endpoint Security 12.1 for Windows causes this behavior?
Firewall
Self-Defense
Behavior Detection
Host Intrusion Prevention
None of the above
48.Which of the following components of Kaspersky Endpoint Security for
Windows must be installed on a computer to ensure that Endpoint Detection and
Response Optimum can send the necessary information for creating a detection
card to Kaspersky Security Center?
File Threat Protection
None of the above
Host Intrusion Prevention
Behavior Detection or Adaptive Anomaly Control
49.An NFR license has expired after a proof of concept was implemented to
demonstrate the capabilities of Kaspersky Endpoint Security 12.1 for Windows.
Which functions of Kaspersky Endpoint Security will remain operational?
File Threat Protection and Malware Scan
All Kaspersky Endpoint Security features will stay operational, except for updates
Only File Threat Protection and Firewall will keep working
None of the above
50.The administrator isolates Alex-Desktop from the network. Select the correct
statement.
All current network connections will be terminated on the Alex-Desktop. Only the Network Agent will
be allowed to establish new connections
All active connections will be terminated and new ones will be blocked, except for Network Agent
connections and exceptions configured in the Kaspersky EDR Optimum policy
Alex-Desktop will be completely isolated from the network: any network activity will be blocked,
except Network Agent connections

Which of the following components of Kaspersky Endpoint Security 11 for Windows can
block executable file start?

Behavior Detection

Application Control

Host Intrusion Prevention

Device Control

Consider Kaspersky Endpoint Security 11 and Kaspersky Security Center 10. How can you tell
which KL category a particular executable file belongs to?

1. Consult the Executable files repository in the Administration Console

2. Consult the Application categories node in the Administration Console
3. Consult the Application Activity Monitor in the local interface of Kaspersky Endpoint
Security 11
 4. None of the above

To determine the KL category of a particular executable file in Kaspersky Endpoint Security

11 and Kaspersky Security Center 10, you can consult the Application categories node in the
Administration Console.

Which program types does the installer of Kaspersky Security Center Network Agent consider
incompatible and try to uninstall?

Third-party antiviruses

Third-party agents (such as ePO Agent)

Third-party backup tools

Third-party remote management tools (such as TeamViewer, VNC, RemoteAdmin)

None

The administrator wants to configure the policy of Kaspersky Endpoint Security 11 for
Windows to prohibit the use of all browsers except Internet Explorer in the company. For this
purpose, he or she creates an application category named Browsers, which coincides with the
Web Browsers KL category, and prohibits its start. How should the administrator configure the
exclusion for Internet Explorer?

Create an exclusion for Internet Explorer in the created Browsers category Create a category
for Internet Explorer,

create a rule allowing the start of programs of this category and place it higher on the list than
the rule that prohibits Browsers

Create a category for Internet Explorer, create an allow rule for this category, and move it to
the bottom of the list of rules

This scenario cannot be implemented in Kaspersky Endpoint Security 11 for Windows

Under which conditions does Kaspersky Endpoint Security switch to the out-of-office mode if
Network Agent is configured to ‘Enable out-of-office mode when Administration Server is not
available’?

1: After an unsuccessful synchronization with the Administration Server

2:After three unsuccessful synchronizations with the Administration Server or after all
networks have been disconnected

3:After an unsuccessful synchronization, if the client computer cannot resolve the

Administration Server name

4:After an unsuccessful synchronization, if the client computer does not receive an answer to
the following command: ping

After three unsuccessful synchronizations with the Administration Server or after all networks
have been disconnected.

This question is related to Kaspersky Security Center. Which of the following conditions will
cause the backup task to return an error on the Administration Server?

1. The Administration Server account has no Write permissions for the backup target directory

2. The database server account has no Write permissions for the backup target directory

3. The drive where the backup directory is located lacks free space

4. The 'Download updates to the repository' task is running on the server (backup copying
cannot be started until updating is finished)

The three most accurate answers that can cause the backup task to return an error on the
Administration Server are: 1. The Administration Server account has no Write permissions for
the backup target directory. 2. The database server account has no Write permissions for the
backup target directory. 3. The drive where the backup directory is located lacks free space.
These conditions can result in an error when performing the backup task on the Administration
Server.

If the Block action is selected for the USB bus in Device Control of Kaspersky Endpoint
Security 12.1 for Windows, and Allow for the Removable Drives category, will users be able
to access removable drives connected over USB?
 1. No

2. Yes

3. Yes, but only if they have local administrator privileges

4. Yes, but only encrypted drives

This question is related to Kaspersky Security Center. Which features or components provide
the data that populate the Executable Files list in the Administration Console?

1. Kaspersky Security Center Network Agent

2. The Inventory task of Kaspersky Endpoint Security

3. The 'Find vulnerabilities and required updates' task of Kaspersky Endpoint Security

4. Application Control of Kaspersky Endpoint Security

You want to publish installation packages in Active Directory via Kaspersky Security Center
Administration Server. What packages can be published this way?

1. Any packages available in the Installation Packages repository

2. Only Kaspersky product packages

3. Only Kaspersky Network Agent packages

4. None

how can you create isolation exceptions endpoint detection and response optimum settings

1: select from a pre-configured set of profiles

2:import from network connection blocked events

3:manually based on connection attributes (address,ports ,direction etc)

4: Manually for the selected executabe file

4.After completing the Quick Start Wizard of the Kaspersky Security Center Administration
Server, you open the Kaspersky Endpoint Security 12.1 for Windows policy to configure
Application Control rules. It turns out that to set up the rules, you need to select application
categories from the list, which is empty. What do you need to do to create Application Control
rules?

1. Create application categories in the Application Control settings

2. Create application categories on the Operations | Third-Party Applications | Application

Categories page on the Administration Server

3. Just wait for the databases to be updated on the Administration Server

4. Create and run the Inventory task on at least one computer

.This question is related to Kaspersky Endpoint Security for Windows. When the Behavior
Detection component recognizes dangerous activity, which of the following actions can it take?

1. Disinfect

2. Terminate the program

3. Quarantine the file

4. Delete the file

How often do Network Agents synchronize settings with the Administration Server by default?

By default, Network Agents sync settings with the Administration Server every 15 minutes.

Which technologies and tasks of Kaspersky Endpoint Security create an incident card for EDR
Optimum?

1. Exploit Prevention

2. File Threat Protection

3. Network Threat Protection

4. Mail Threat Protection

which of feature are by default available in kaspersky security center

1. Exploit Prevention

2. File Threat Protection

3. Network Threat Protection

4. Mail Threat Protection

5.device control

6.application control

Where can the administrator find the list of domains with scan errors?

1. In the Administration Console, in each computer’s properties

2. In the Administration Console, in each computer’s properties, or in the local interface of

Kaspersky Endpoint Security

3. Only in the local Kaspersky Endpoint Security interface on a computer

Hey! The administrator can find the list of domains with scan errors in the Administration
Console, either in each computer's properties or in the local interface of Kaspersky Endpoint
Security. This makes it convenient to track and address any scan errors effectively.

Which file attribute is used when you create an indicator of compromise for the selected file
from an alert card?

1. MD5 checksum

2. Full file path

3. SHA256 checksum

4. File name
A network is protected with Kaspersky Endpoint Security 12.1 and managed with Kaspersky
Security Center 14.2. The administrator has disabled the application interface display for users
in the Kaspersky Endpoint Security 12.1 for Windows policy. What is NOT hidden from
users? Choose 2 options

A Started processes of Kaspersky Endpoint Security

B Kaspersky Endpoint Security icon in the notification area

C Kaspersky Endpoint Security in the list of installed programs

D Kaspersky Endpoint Security shortcut in the Start menu

E Started services of Kaspersky Endpoint Security

You are trying to create a Kaspersky EDR Optimum IOC Scan task from an alert card, but the
file for which you want to make an indicator cannot be selected. Why? Choose one of the
options

A An indicator has already been created for this file

B The Quarantine action has already been performed for this file

C An execution prevention rule has already been created for this file

D The alert card lacks the checksum of this file

The reason you can't select the file to create an indicator for the Kaspersky EDR Optimum IOC
Scan task from the alert card might be because the alert card lacks the MD5 checksum of this
file. This information is essential for creating the indicator effectively.

Which of the following web browsers does Web Control of Kaspersky Endpoint Security 12.1
for Windows NOT support? Choose one of the options

A Mozilla Firefox

B Internet Explorer

C Google Chrome

D Web Control supports all these web browsers

Which of the following database servers does Kaspersky Security Center support? Choose 6
options
A MySQL

B PostgreSQL

C Oracle Database

D Amazon Aurora

E Microsoft Azure SQL database

F Amazon RDS

G MariaDB

H Microsoft SQL

The administrator intends to use stand-alone installation packages of Kaspersky Endpoint

Security 12.1 for Windows. However, a third-party firewall is installed on the computer with
Kaspersky Security Center Administration Server. Which of the following ports must be
opened in the firewall so that users can download the package using the automatically created
links? Choose 2 options

A 15000

B 80 and 443

C 8061

D 13291

E 8060

The administrator has installed Network Agent and Kaspersky Endpoint Security on a
workstation, but has not moved it to the Managed Devices group. What will happen in this
case? Choose one of the options

A:Events will NOT be delivered from the workstation to Kaspersky Security Center, but
policies and tasks will be enforced on it

B Events will NOT be delivered from the workstation to Kaspersky Security Center, policies
and tasks will NOT be enforced either

C Events will be delivered from the workstation to Kaspersky Security Center, but policies
and tasks will NOT be enforced on it
How can you make the Network Agent perform an unplanned synchronization from the client
side? Choose one of the options

A Run the following command: klnagchk -sendhb

B Run the klnagchk command without parameters

C Run the following command: klnagchk -sync

D It is impossible

How can you isolate a computer from the network? Choose 2 options

A Manually apply the tag ‘Isolated from network’ to the computer

B Create an ‘Isolate host’ task and run it on the computer

C Click the button ‘Isolate computer from the network’ in an alert card

D Click the button ‘Isolate computer from the network’ in the properties of Kaspersky
Endpoint Security for Windows installed on the computer

What is the default reaction of Application Privilege Control to programs that start earlier than
Kaspersky Endpoint Security? Choose one of the options

A None

B Automatically places them to the High Restricted group

C Automatically places them to the Low Restricted group

How can you configure the Host Intrusion Prevention component to improve protection against
ransomware? Choose one of the options

A Describe documents as a protected resource, and enable automatic backup for them

B Prohibit the starting of files from temporary folders and removable drives

C Describe documents as a protected resource, and prohibit programs with bad (unknown)
reputation from performing Write and Delete operations

D Enable the Advanced Disinfection technology

The administrator created a stand-alone package on the Administration Server last week. Now
the administrator is at an office computer and wants to copy the stand-alone package for local
installation. How can this be done with only the Administration Server address at hand?
Choose one of the options

A Open https:///pkginst/ in a web browser and download the necessary package

B Open http://:8060/pkginst/ in a web browser and download the necessary package

C Open https://:8061/pkginst/ in a web browser and download the necessary package

D Open the folder \\\KLSHARE\PkgInst from the computer and copy the necessary package

How can you find all computers that are isolated from the network? Choose one of the options

A The Kaspersky Security Center Web Console does not provide this capability

B Isolated computers are added to a special group ‘Isolated from network’

C Using the tag ‘Isolated from network’

Group tasks and a policy are defined for Kaspersky Endpoint Security 12.1 for Windows in the
Managed Devices group. You want to apply different settings to a particular subgroup. How
can this be done? Choose 2 options

A Create new tasks for the subgroup and disable inheritance in their settings

B Exclude the subgroup from the parent group’s tasks and create new tasks in the subgroup

C Create a new policy in the subgroup and disable inheritance in its settings

D Exclude the subgroup from the parent policy and create a new policy in the subgroup

E You can’t do this; tasks and policies are always inherited

On which operating systems can Kaspersky Security Center Administration Server be

installed? Choose 3 options

A Windows 11

B Windows 10
C Windows Server 2019

D Windows Server 2016

E Windows Server 2008

F Windows Server 2008 R2

When analyzing detailed information on an alert card from an isolated device, you found that
the malicious activity created a few non-executable files. How can you obtain these files for
analysis? Choose one of the options

A Only manually or using third-party utilities

B In the detection card, click the button ‘Move to Quarantine’

C Create and run either of the following tasks: ‘Move file to Quarantine’ or ‘Get file’

In which format can you upload indicators to an IOC scan task in Kaspersky EDR Optimum?
Choose one of the options

A Yara

B OpenIOC

C STIX D IOC

D: scan tasks don’t accept indicators from third-party sources

This question is related to Kaspersky Security Center. Which of the following conditions will
cause the backup task to return an error on the Administration Server? Choose 3 options

A The Administration Server account has no Write permissions for the backup target directory

B The database server account has no Write permissions for the backup target directory

C The drive where the backup directory is located lacks free space
D The 'Download updates to the repository' task is running on the server (backup copying
cannot be started until updating is finished)

Which permission do you need to give to a trusted process in the Trusted Zone of Kaspersky
Endpoint Security so that File Threat Protection does NOT scan files accessed by this process?
Choose one of the options

A Do not scan files before opening

B Special permissions are not necessary, File Threat Protection does not scan any files
accessed by trusted processes

C Allow interaction with the application interface

D Do not monitor application activity

What events does Kaspersky Security Center notify the administrator about under the default
settings? Choose one of the options

A Critical Administration Server events

B None

C All events

D Critical Kaspersky Endpoint Security events

Where are the installation logs of Kaspersky Endpoint Security and Network Agent stored after
a remote installation? Choose one of the options

A In the user’s %Temp% folder

B In the system %Temp% folder

C In %ProgramData%\Kaspersky Lab

D In the root of the system drive

Which certificate does Kaspersky Security Center Administration Server use for encrypted
connections with Kaspersky Network Agents? Choose one of the options

A The certificate automatically generated during the Administration Server installation

B The Administration Server does not encrypt connections with Network Agents

C The certificate specified by the administrator during the Administration Server installation

D Kaspersky certificate

Select the correct statements about policies in Kaspersky Security Center: Choose 4 options

A There can be NO more than one active policy for the same application in a group

B The administrator can exclude a subgroup from a policy’s scope

C Active subgroup policies inherit the locked settings of a parent group’s active policy by
default (as far as policies of the same application are concerned)

D The administrator can create a policy for a set of computers belonging to different groups

E There are active and inactive policies

F To enforce policy settings on computers, you must close the respective locks

A third-party antivirus application has been incorrectly uninstalled on a few computers. A

Kaspersky Endpoint Security 12.1 for Windows installation task finds its registry keys and
returns an error. The administrator wants to make the task ignore incompatible applications.
How can this be done? Choose one of the options

A Clear the checkbox 'Uninstall incompatible applications automatically' in the properties of

the remote installation task

B Clear the checkbox 'Uninstall incompatible applications automatically' in the properties of

the Kaspersky Network Agent installation package

C Clear the checkbox 'Uninstall incompatible applications automatically' in the properties of

the Kaspersky Endpoint Security 12.1 for Windows installation package

D You cannot do this by adjusting package or task settings in the Kaspersky Security Center
Administration Console

Where can the administrator find the list of domains with scan errors? Choose one of the
options

A In the Administration Console, in each computer’s properties

B In the Administration Console, in each computer’s properties, or in the local interface of
Kaspersky Endpoint Security

C Only in the local Kaspersky Endpoint Security interface on a computer

The network is protected with Kaspersky Endpoint Security 12.1 and managed with Kaspersky
Security Center 14.2. You have created a Malware Scan task. Can you configure the system
drive to only scan for malware when the screensaver is on or the Windows session is locked?

Choose one of the options

A Yes, you can create a malware scan task for the system drive and select the ‘Run only when
the computer is idle’ checkbox in its properties

B No

C Yes, you can select the ‘Run only when the computer is idle’ checkbox in the Kaspersky
Endpoint Security policy

The computer where the Kaspersky Security Center Administration Server is installed has
broken down. The administrator connects another computer to the network, deploys the
Administration Server on it, and restores data from a backup. Which parameters of the new
Administration Server must be the same as those of the old one for the clients to be able to
connect successfully? Choose one of the options

A IP address, NetBIOS name or DNS name, depending on the connection settings configured
on the clients

B MAC address and default gateway

C DHCP server address

D None of the above

Where can you approve installation of a Kaspersky Endpoint Security update in the Kaspersky
Security Center Web Console? Choose one of the options

A In the properties of the Kaspersky Endpoint Security update task

B Operations | Repositories | Installation packages

C Operations | Patch Management | Software Updates

D Operations | Kaspersky Applications | Seamless Updates

How does Host Intrusion Prevention select a trust level for a program? Choose 2 options

A Using a local heuristic algorithm

B Using information from Kaspersky Security Network

C Using trust levels explicitly specified in the policy

D Using the results of background scanning by the online service virustotal.com

How long is the information collected for alert cards stored in Kaspersky Security Center?
Choose one of the options

A 90 days

B 30 days

C This period is specified in the Kaspersky Endpoint Security for Windows policy

D As long as the respective detection events are stored

What does the password that can be specified in the Network Agent policy prevent? Choose
one of the options

A: Starting the klnagchk.exe and klmover.exe utilities

B :Carrying out the command 'send heartbeat' that forces synchronization with the Server
C: Network Agent uninstallation

D: Stopping the Network Agent service

How can you create network isolation exceptions in Endpoint Detection and Response
Optimum settings? Choose 3 options

A: Select from a pre-configured set of profiles

B: Import from ‘Network connection blocked’ events

C: Manually for the selected executable file

D: Manually based on connection attributes (address, ports, direction, etc.)

Which objects can you use to create indicators for an IOC Scan task from an alert card in
Kaspersky EDR Optimum? Choose 2 options

A: Files (including executable files of processes)

B: Network connections

C: Usernames

D: Registry keys

This question is related to a network protected with Kaspersky Endpoint Security and managed
via Kaspersky Security Center. There is a group update task scheduled to start 'When new
updates are downloaded to the repository'. The databases are regularly updated in the
repository, but the group task starts on the client computers only after a planned
synchronization rather than immediately. Why? Choose one of the options

A It is intended to function in this manner

B: A distribution point is not assigned to the group

C: UDP port 15000 is inaccessible on the client computer (for example, blocked by Firewall)

D: UDP port 15000 is inaccessible on the Administration Server (for example, blocked by
Firewall)
Which of the following components of Kaspersky Endpoint Security for Windows can block
executable file start? Choose 3 options

A: Application Control

B:Adaptive Anomaly Control

C: Host Intrusion Prevention

D: Device Control

E: Behavior Detection

What does the network size selected in the Kaspersky Security Center Administration Server
installation wizard affect? Choose 2 options

A The limit of events in the Administration Server database

B The synchronization interval in the KSC Network Agent policy

C Web Console interface settings

D ММС console interface settings

E The schedule of group tasks

Which control components of Kaspersky Endpoint Security 12.1 for Windows can apply
access rules on schedule? Choose 2 options

A Application Control

B Adaptive Anomaly Control

C Host Intrusion Prevention

D Device Control
E Web Control

The administrator of Kaspersky Security Center connects the ММС console to the locally
installed Administration Server, creates an automatically filled application category, and
specifies the С:\Program Files\Microsoft\ folder as a parameter. Which executable files will
fall into this category? Choose one of the options

A: Files whose metadata coincides with the metadata of a file located in С:\Program Files\
Microsoft\ on the Administration Server

B: Files that have the same certificate as a file located in С:\Program Files\Microsoft\ on the
Administration Server

C: Files whose SHA-256 checksum coincides with the checksum of a file located in С:\
Program Files\Microsoft\ on the Administration Server

D: Files whose MD5 checksum coincides with the checksum of a file located in C:\Program
Files\Microsoft\ on the Administration Server Next

The administrator plans to use SNMP protocol to monitor status and receive notifications from
the Administration Server. However, the 'SNMP agent' component is missing from the list of
Administration Server components in the installation wizard. Why? Choose one of the options

A 'SNMP agent' is an Administration Console component, not a Server component

B The 'SNMP agent' component has a separate installer

C: 'SNMP agent' is not displayed if the SNMP service (a component of Windows operating
system) is not installed on the computer

D: 'SNMP agent' is always installed, it does not need to be selected as an option

Which control components of Kaspersky Endpoint Security 12.1 for Windows allow you to
specify different restrictions for different users? Choose 4 options

A: Application Control

B: Web Control

C: Host Intrusion Prevention

D: Adaptive Anomaly Control

E: Device Control
How does Kaspersky Endpoint Security 12.1 for Windows protect against file-encrypting
ransomware? Choose 2 options

A: It heuristically detects encryption attempts and blocks malware

B: It automatically brute-forces the key and decrypts the encrypted documents

C: It mines cryptocurrency for the ransom in the background

D: It backs up documents that are being accessed, and if a document is encrypted by malware,
it restores it from a backup copy

Removable drives are blocked by Device Control; however, some users can still use their
smartphones as USB storage devices. What do you need to change in the policy to prohibit this
workaround without affecting any other USB devices? Choose one of the options

A: Block Multifunctional Devices in Device Control

B: Block Portable Devices (MTP) in Device Control

C: Block the USB bus in Device Control

D: It can’t be done; Kaspersky Endpoint Security 12.1 for Windows cannot block such devices

What happens when the cloud mode is enabled for the protection components? Choose one of
the options

A:When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security uses a lite version of antivirus databases, but sends more requests to the KSN cloud

B:When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security can send executable and non-executable files or their parts to the KSN cloud

C: When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security sends more statistical information to the KSN cloud and uses the full version of
antivirus databases

The administrator wants to configure Device Control settings in the Kaspersky Endpoint
Security 12.1 for Windows policy, but the control options are not displayed in the policy in the
MMC console. How should the administrator fix this? Choose one of the options

A None of the above

B Open the interface settings in the MMC console and select the ‘Display endpoint control
settings’ checkbox

C Add a Kaspersky Endpoint Security for Business Select license to Kaspersky Security Center

D Run a ‘Change application components’ task and select the Standard installation type instead
of the Basic installation type

-----------------------------------------------------------------------------------------------------------------

Activation with code requires-internet access -code may contain many licenses for various
applications.

Activation key can e used when no internet access

When does Network Agent connect to the Administration Server?

page 10
A)When a packet arrives to the Agent’s UDP port from the Server
B)When there is an event to be sent to the Server
C)Periodically (by default, once every 15 min)

2-Consider Kaspersky Security Center 10 and Kaspersky Endpoint Security 11 for

Windows.You want to import the Active Directory structure to the structure of managed
computers. How to achieve this?
page 129
A)Web console Devices | Edit Groups | Import

3-What is the purpose of virus scan tasks, if File Threat Protection is permanently running on
the computers with the default settings?
Page 159

4- The network is protected with Kaspersky Endpoint Security 11 and

managed with Kaspersky Security Center 10. Can you configure the
system drive to be scanned for viruses only when the screensaver is on or the
Windows session is locked?
A) Yes, you can select the check box Scan when the computer is idling in the
Kaspersky Endpoint Security 11 policy
5-How does Host Intrusion Prevention select a trust level for a program?
page 183
A)It uses information from Kaspersky Security Network
B)It takes explicitly specified trust levels from the policy, if any

6-Where can you find the list of computers blocked by the Network Threat
Protection component?
page 201
A)In the local interface of Kaspersky Endpoint Security, in the Network Monitor
window that you can open from the Protection Components window

7-The administrator is trying to find a schedule for a virus scan task, but at any
moment of time either a
large number of computers are off, or the users ask to disable scanning because it
slows down the computer. What would you advise?
A)
Enable the mode Scan when the computer is idling in the task

8-How can you configure Host Intrusion Prevention to improve protection against ransomware?
page 185
A)

Describe documents as a protected resource, and prohibit programs with bad (unknown) from
performing Write And Delete operations
9-The administrator has found out that Kaspersky Endpoint Security conflicts with homeware,
and added an exclusion to the policy. How to make the exclusion work on the computers
immediately after Kaspersky Endpoint Security is installed rather than after computers download
the policy?
page 65
A)
Add a configuration file with the exclusion to the installation package of Kaspersky Endpoint
Security (you can export the settings on an already configured computer)

10-After completing the Quick Start wizard of the Kaspersky Security Center 10 Administration
Server, the administrator opens the policy of Kaspersky Endpoint Security 11 for Windows to
configure Application Control rules. It turns out that to set up the rules, you need to select
application categories from the list, which is empty. What should the administrator do to be able
to create Application Control rules?
A)
Create application categories in the Advanced | Application management | Application
categories node on the Administration Server

11-Which networks are trusted in the Firewall policy of Kaspersky Endpoint Security 11 under
the default settings?
page 199
A)
None,There are no trusted networks in a policy by default, and Untru
sted and High restricted programs have no network access.

12-The administrator of Kaspersky Security Center 10 connects the console to the locally
installed Administration Server, creates an automatically filled application category, andspecifies
the С:\Program Files\Microsoft\folder as a parameter. Which executable files will get into this
category?
Page 236
A)The files whose SHA-256 checksum coincides with the checksum of a file located in С:
\Program Files\Microsoft\on the Administration Server

13-Which functions of Kaspersky Endpoint Security for Windows are NOT available under the
KESB Select license?
page 15

A)Encryption
14
-
Removable drives are blocked by device control in Kaspersky Endpoint Security 11 for
Windows; however, some users can still use their Apple iPhones as a USB mass storage
device. What should be changed to prohibit such possibility without affecting any other USB
devices?
A)Block Portable devices (MTP) in Device Control

15-In which of the following situations you need NOT specify the administrator account in the
remote installation task?
Page 82
A)Network Agent is already installed on the computer and connected to the Server
B)The account of the Administration Server service has administrator permissions on the
computer
C)The computer has been prepared with the RIPrep.exe utility

16-Which of the following components of Kaspersky Endpoint Security 11 for Windows provides
proactive defense against unknown threats by analyzing the sequence of actions performed bya
program?
A)Behavior Detection

17-The administrator has selected to Assign Network Agent installation in the Active Directory
group policies in the remote installation task. How will the Network Agent installation files get on
the computer?
page 99
A)Computers will download them from the shared folder on the Administration Server

18-There is a standard computer selection named

Many viruses detected in the Kaspersky Security Center 10 Administration Console. What does
“many” mean?
page 303
A)The number specified in the selection properties

19-Which components of Kaspersky Endpoint Security for Windows can be installed on a server
operating system?
Page 62

20-What happens when the extended KSN mode is enabled?

A)Select the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to
send the Kaspersky Security Network server statistical information that is obtained from
application operation, and to send files (or parts of files) that could be used by criminals to harm
a computer or data to Kaspersky for additional analysis.

B)Clear the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to
use the basic functions of Kaspersky Security Network.

21-The Administrator has configured the Kaspersky Endpoint Security 11 installation package to
perform a Basic installation Which of the following components will be installed on
workstations?
A) Behavior detection+Exploit prevention+remedation engine+Host intrusion prevention for
workstation only
22-Select the correct statements about tasks in Kaspersky Security Center
Page 14

23-Which of the following database servers can Kaspersky Security Center work with?
page 24
24-Which of the following task types pertain to Kaspersky Endpoint Security for Windows?
Change application components

25-Consider a network protected with Kaspersky Endpoint Security 11 and managed through
Kaspersky Security Center 10. There is a group update task scheduled to start
When new updates are downloaded to the repository. The databases are regularly updated in
the repository, but the group task starts on the client computers only after a planned
synchronization rather than immediately. Why?
page 315
A)
That’s how it works

26.The update task of Kaspersky Endpoint Security for Windows has Update settings for local
mode and Update settings for mobile mode. Under which conditions are Update settings for
mobile mode used?

A)Updating in mobile mode Mobile mode is the mode of Kaspersky Endpoint Security operation,
when a computer leaves the organization network perimeter (offline computer). For more details
about working with offline computers and out-of-office users,refer to Kaspersky Security Center
Help.An offline computer outside of the organization's network cannot connect to the
Administration Server to update databases and application modules. By default, only Kaspersky
update servers are used as update source for updating databases and application modules in
mobile mode. The use of a proxy server to connect to the Internet is determined by a special
out-of-office policy The out-of-office policy must be created separately. When Kaspersky
Endpoint Security is switched to mobile mode, the update task is started every two hours.To
configure the update settings for mobile mode:
1.
In the main window of Web Console, selectDevices
→Tasks.The table with tasks opens.
2.
Click the Update task for Kaspersky Endpoint Security.The task properties window opens.The
Update task is created automatically by the Initial Configuration Wizard of Kaspersky Security
Center 11 Web Console.Go to theApplication settings section.

3.Go to the Mobile mode tab.

4.Configure the sources of updates. The sources of updates can be Kaspersky update servers,
other FTP-and HTTP servers, local folders, or network folders.
5.Click theSave button. As a result, the databases and application modules will be updated on
user computers when they switch to mobile mode.

27-Installation on which of the following operating systems does Kaspersky Endpoint Security
for Windows 11 support?
Page 57

28-Under which conditions does Kaspersky Endpoint Security switch to the out-of-office mode
with the default settings?
A)No conditions are specified by default
29-On which Windows Server 2012 editions can Kaspersky Security Center10 Administration
Server be installed?
page 22

30-The administrator wants to configure Device Control settings in the policy of Kaspersky
Endpoint Security 11 for Windows, but the control options are not displayed in the policy. How
should the administrator fix this?

A)Run a Change application components task and select the Standard installation type instead
of the Basic installationtype
B)Load a Kaspersky Endpoint Security for Business Select license into Kaspersky Security
Center

31-There is a standalone package on the Administration Server that installs Kaspersky Endpoint
Security with the standard set of components. How to make the package also install the
BadUSB Attack Prevention component?
A)Configure Installation package and recreate the package

32-Select the correct statements about the KL-AK-account created by the installation wizard of
Kaspersky Security Center Administration Server:
Page 40

33-You have found out that the Firewall hampers an application that belongs to the High
Restricted group. Which of the following measures can solve the issue?
page 200
A)
Create allow packet rules for the application’s ports and protocols, and move them to the top of
the list of rules
B)
Manually put the application’s executable files into the Low restricted or Trusted group in the
Kaspersky Endpoint Security policy

34-Consider group A that contains a policy of Kaspersky Endpoint Security 11. Group A has
subgroup B, which also contains a policy of Kaspersky Endpoint Security 11. Which settings can
be edited in the policy of group B?
A)None, open lock only allow modification in endpoint interface.35-Where can you specify the
conditions under which Kaspersky Endpoint Security 11 switches to the out-of-office policy?
A)In the policy of Kaspersky Endpoint Security

36-Consider Kaspersky Security Center 10. Which of the following conditions can make the
backup copying task return an error on the Administration Server?
page 342

A)The Administration Server account has no Write permissions for the backup target directory
B)The database server account has no Write permissions for the backup target directory
C)The drive where the backup directory is located lacks free space37
-
During the installation of Kaspersky Security Center 11,the DNS name of the Administration
Server was specified for its connection address. Before deploying Kaspersky Network Agents,
the administrator decides that the Server’s IP address should be used for connections. How
would you make this change?
Page 37
A)Server connection address and ports can be changed in the properties of Network Agent
installation package

38-What is the minimum amount of RAM required to install Kaspersky Endpoint Security for
Windows (11.1.0) on a 32-bit Windows operating system
page 58

39-Which group tasks and policies does the Quick Start wizard create on the Administration
Server if it is started from the MMC console?
Page 54

40-Which of the following Administration Server parameters cannot be modified without

reinstalling Kaspersky Security Center?

page 41
A) Sql Server address

41-The administrator plans to use the SNMP protocol to receive messages from the
Administration Server and monitor statuses. However, the SNMP agent component is missing
from the list of Administration Server components in the installation wizard. Why?
page 28

A)SNMP Agent is not displayed if the SNMP service (a component of Windows operating
system) is not installed on the computer

The SNMP agent is necessary if you want the Administration Server to send notifications over
SNMP. This component requires the SNMP service (a Windows component) to be insta
lled on the computer. If the SNMP service is absent, the SNMP agent will not be shown in the
list of Administration Server components during the installation.

42-Which network polling methods are enabled by default in Kaspersky Security Center 11
Administration Server?

43-Which of the following can be specified as the Administration Server connection address for
Network Agents in Kaspersky Security Center 11?
Page 36
A) IP address (IPv4 only), DNS or NetBIOS

44-You want to publish installation packages in Active Directory via the Kaspersky Security
Center 11 Administration Server. Which installation packages can be published this way?
page 99
A)To publish the Network Agent package to a domain group policy, in the task (or in the
installation wizard), select Assign Network Agent installation in the Active Directory group
policies
B)This method is applicable to the Network Agent only, because after the Agent is installed,
other programs are supposed to be installed using the Agent.
45-Which level of permissions is required to be able to install Kaspersky Endpoint Security for
Windows on the computer?
page 82
A)Local Administrator
46-Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?
page 40
A)8060, 8061
47-How does Host Intrusion Prevention react by default to the programs that start before
Kaspersky Endpoint Security 11.1?
page 183
A)Low restricted

48-Into which trust group does Host Intrusion Prevention move programs by default for which
it cannot receive information from KSN?
page 183
A)Low restricted

49-The administrator has decided to enable scanning for encrypted connections. Which
components of Kaspersky Endpoint Security will use it?
page 169
A)Encrypted traffic scanning is enabled by default and pertains to the following components:—
Web Threat Protection
—
Mail Threat Protection
—
Web Control

50-What does the Firewall do with a packet that meets conditions of several rules, including an
allow rule for packets and a block rule for applications? The block rule for applications is higher
on the list than the allow rule for packets.

A)Applies the rule that is higher in the list

B)Blocks the packet

51-How will Web Threat Protection scan https traffic under the default settings if a website uses
an EV certificate?

A)At the first connection, the certificate will be substituted, https traffic will be scanned. At
subsequent connections, the certificate will NOT be substituted, https traffic will NOT be
scanned

52-How can you disable the Background scan task on the client computers?
Page 160
A)To disable the Background scan task, in the properties of Kaspersky Endpoint Security policy,
open Application Settings | LocalTasks | Background scan and clear the check box Scan when
the computer is idling.

53-The user tries to connect to a website over https. Kaspersky Endpoint Security installed on
the computer is under the policy created by the Quick Start Wizard. An error occurs when
scanning encrypted traffic. What will happen in that case?
page 169
A)With the default settings, if errors arise when scanning a secure connection, the domain will
be automatically added to the list of Domains with scan errors and its whole traffic will be
skipped without scanning.
54-How can the administrator consult the list of domains with secure connection scan errors?
page 170
A)Only in the local interface of Kaspersky Endpoint Security on the user’s computer

55-In which of the following cases will Kaspersky Endpoint Security 11.1 for Windows consider
a file to be non-infected?
page
163
A)Signature or heuristic analysis returned the Infected verdict, while the KSN database
considers the file to be clean

56-Which of the following can the Mail Threat Protection component of Kaspersky Endpoint
Security 11.1 for Windows do?
Page 171
A)
Scan MAPI traffic in Microsoft Office Outlook
B)
Scan SMTP/POP3/IMAP/NNTP traffic
C)
Filter email attachments

57-A computer running Windows 2012 Server is protected with Kaspersky Endpoint Security
11.1 having the default settings. The administrator wants to use it as a print server, but no prints
are being successful. What would be the reason for this?
A)Firewall blocks network activity of the print server

58-Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners on
the web pages visited by the users. How can you achieve this?
A)Create a rule in the Web Control settings to block the content category Banners

59-A commercial license has expired in an organization, and the money for purchasing a new
license will be allocated only in a month. Which functions of Kaspersky Endpoint Security 11.1
for Windows will NOT work until the new license is in place?
page 334
A)All components keep working, but update tasks will not start and KSN servers are
inaccessible. Protection level gradually decreases.
60-Consider Kaspersky Security Center 11. What data is included into a backup copy of the
Administration Server created with a dedicated Kaspersky Security Center task?
Page 340
A)A backup copy of the Kaspersky Security Center data includes all visible and invisible
configuration settings. This includes the event database (which contains more than just the
events), administration group structure, tasks and policies, report templates, installation
packages, selections of computers and events, the Administration Server certificate, and more.
Updates are not included, because they quickly become outdated, and there is no reason to
keep an old copy.
61-Many computers have the Critical status with the Not scanned for a long time description in
Kaspersky Security Center 11 Adm inistration Console. The administrator thinks that it is not a
problem and does not want this condition to influence computer statuses.
A)Modify the status change conditions in the administration groups’ properties

Kaspersky Endpoint Security Exam (studylib.net)

Question 1

To deploy protection in a network, you need to install Network Agents (1), install Kaspersky
Endpoint Security (2), install the Administration Server (3). Select the recommended
deployment plan:

A. 1, 2, 3
B. 2, 3, 1
C. 3, 1, 2
D. 3, 2, 1

Question 2

Which of the following does Kaspersky Security Network do?

Informs protection components of Kaspersky Endpoint Security whether a file is malicious

Communicates file reputation (trust level) to the Firewall and Host Intrusion Prevention

Provides detailed description of threats for events and reports of Kaspersky Security Center

Protects the file versions provided by software manufacturers against false positives

Question 3

Where can you specify the conditions under which Kaspersky Endpoint

Security 11 switches to the out-of-office policy?

In the policy of Kaspersky Endpoint Security

In the group properties

In the Network Agent policy

The conditions are hard-coded and you cannot modify them

In the Administration Server policy

Question 4

Which of the following components of Kaspersky Endpoint Security 11

for Windows provides proactive defense against unknown threats by

analyzing the sequence of actions performed by a program?

Application Control

Host Intrusion Prevention

Behavior Detection

Question 5

Which of the following protocols can be specified in the Firewall rules in

Kaspersky Endpoint Security 11 for Windows?

ARP

TCP

UDP

ICMP

SNMP

SMTP

Question 6

Which updates will be downloaded to the Administration Server repository by default in Kaspersky
Security Center 10?

Only Kaspersky Endpoint Security 11 for Windows

Only for the Kaspersky Lab applications installed on the client computers and those for which

there are installation packages in the repository

Only for the components used by the Kaspersky Lab applications on the client computers
For the applications whose plugins are installed on the Administration Server

Question 7

Consider Kaspersky Endpoint Security 11 for Windows. When the Behavior Detection component
recognizes dangerous activities, which of the following actions can it take?

Disinfect

Terminate the program

Move the file to Quarantine

Delete the file

Question 8

Can the start of group update tasks be randomized in Kaspersky Security Center 10 to avoid
simultaneous connections of all client computers to the Administration Server?

Yes

Yes, but only if the From 1000 to 5000 computers or More than 5000 computersoption

was selected during the installation of the Administration Server

Yes, but only if the computers are organized into several subgroups with update tasks having

different schedules

No

Question 9

Which network polling methods are enabled by default in Kaspersky Security Center 10 Administration
Server?

Quick Windows Network Poll

Full Windows Network Poll

Active Directory polling

IP range polling

Question 10

The administrator has disconnected an old computer from the network. When will its record disappear
from the Network poll\Domains node in the Administration Console, provided the Administration Server
has the default settings?

After the next quick Windows network poll

After the next full Windows network poll

In 7 days

In 60 days

Question 11

If Standard installation is selected within the properties of the installation package of Kaspersky Endpoint
Security 11 for Windows, which of the following components will NOT be installed under Windows
Server 2012?

File Threat Protection

Mail Threat Protection

Network Threat Protection

Application Control

Device Control

Question 12

The administrator is trying to find a schedule for a virus scan task, but at any moment of time either a
large number of computers are off, or the users ask to disable scanning because it slows down the
computer. What would you advise?

Enable the mode Concede resources to other applications in the Kaspersky Endpoint Security policy

Enable the mode Scan when the computer is idling in the task

Select the check box Allow management of group tasks in the Kaspersky Endpoint Security

policy to enable users start virus scanning manually

Give up virus scan tasks and select the Highsecurity level in File Threat Protection

Question 13

Which of the following reports does the Deliver reports task (which is created by the Administration
Server Quick Start wizard) email by default?

All reports whose templates are available on the Administration Server

Protection status report

Threats report

Threats report, Protection status report, Database usage report, and Kaspersky Lab software

version report
Question 14

Which of the following database servers can Kaspersky Security Center work with?

Oracle

Microsoft SQL

MySQL

DB2

PostgreSQL
1.This question is related to Kaspersky Security Center and Kaspersky Endpoint
Security 12.1 for Windows. You want to import the Active Directory structure to
the structure of managed computers. How can you do it?
Use the option 'Create group structure based on Active Directory structure' in the Quick Start Wizard
Use a one-time relocation rule with the option to create missing groups for organizational units
Use the option 'Create group structure based on Active Directory structure' in the group hierarchy
settings in the Web Console
Use the task 'Synchronize Active Directory structure'
2.How can you stop isolating a computer from the network?
Run a ‘Remove isolation’ task on it
Click the button ‘Unblock computer isolated from the network’ in the detection card
Remove the tag ‘Isolated from network’
Click the button ‘Unblock computer isolated from the network’ in the properties of Kaspersky
Endpoint Security for Windows installed on the computer
3.With regards to Kaspersky Security Center, which policy settings are
considered to be compulsory?
Settings of an active policy
Locked settings
Unlocked settings
4.Which technologies and tasks of Kaspersky Endpoint Security create an
incident card for EDR Optimum?
Exploit Prevention
Mail Threat Protection
File Threat Protection
Network Threat Protection
5.How can you make the Network Agent perform an unplanned synchronization
from the client side?
Run the klnagchk command without parameters
Run the following command: klnagchk -sendhb
Run the following command: klnagchk -sync
It is impossible
6.A computer running Windows 7 is protected with Kaspersky Endpoint Security
12.1 for Windows. You want to prohibit USB scanners from connecting to this
computer, but allow removable USB drives. How can this be done?
Block ‘Cameras and scanners’ in Device Control
Block USB bus in Device Control
Block multifunctional devices in Device Control
Kaspersky Endpoint Security cannot block USB scanners
7.Which control components of Kaspersky Endpoint Security 12.1 for Windows
allow you to specify different restrictions for different users?
Application Control
Host Intrusion Prevention
Device Control
Web Control
Adaptive Anomaly Control
8.You created a policy for Kaspersky Endpoint Security with the default settings
in the Quick Start Wizard. Then you clicked ‘Prevent execution’ on an alert card,
but the file was not blocked in the test environment. What else must be done to
prevent file execution?
Select the ‘Enable Detection and Response’ checkbox in the policy
All of the above
Select the ‘Execution prevention’ checkbox in the policy
Select ‘Block and write to report’ in the policy
9.Which of the following Administration Server parameters cannot be modified
without reinstalling Kaspersky Security Center?
Administration Server communication ports
SQL server address
Administration Server account
Shared folder location
10.What happens when the cloud mode is enabled for the protection
components?
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security uses
a lite version of antivirus databases, but sends more requests to the KSN cloud
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security sends
more statistical information to the KSN cloud and uses the full version of antivirus databases
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security can
send executable and non-executable files or their parts to the KSN cloud
11.Which component of Kaspersky Endpoint Security 12.1 for Windows analyzes
the behavior of already running executable files to detect malware activity?
Host Intrusion Prevention
Behavior Detection
Kaspersky Security Network
Network Threat Protection
12.The administrator needs to organize computers from a subnet into a group.
The administrator knows that, historically, some computers of this subnet receive
addresses in the range 192.168.100.100 to 192.168.100.199, and other computers
have names starting with ‘PROD’. There are no computers with these addresses
or names anywhere else in the network. How should device moving rules be
configured?
Create a moving rule and specify both conditions in it: the range of IP addresses and the name mask
Device moving rules cannot solve this task
Create a moving rule and specify both conditions in it: the range of IP addresses and the name
mask, and also select the checkbox 'Apply the rule if at least one of the conditions is matched'
Create two moving rules for the same group: in one of them, specify the IP range condition, and in
the other one, the name mask
13.Which of the following components of Kaspersky Endpoint Security 12.1 for
Windows does NOT use KSN technology?
File Threat Protection
Network Threat Protection
Malware scan tasks
Exploit Prevention
Web Threat Protection
14.This question is related to Kaspersky Security Center. The administrator
selected the 'Path to folder' parameter as a condition for an application category
and specified the C:\Program Files\Microsoft\ value. Which executable files will
meet this condition?
The files whose checksums coincide with the checksums of the files that were located in folder С:\
Program Files\Microsoft\ on the Administration Server when the category was being created
The files whose checksums coincide with checksums of the files located in С:\Program Files\
Microsoft\ on the Administration Server. Every time the Administration Server is restarted, the list of
checksums is updated to reflect the current folder contents
The files whose metadata coincides with the metadata of a file located in С:\Program Files\Microsoft\
on the Administration Server
The files whose path begins with С:\Program Files\Microsoft\
15.How can you exclude a file from the scope of File Threat Protection?
Add the file or folder path to the list of exclusions
Add the program that accesses files to the list of trusted processes
Add the certificate with which files are signed to the computers’ certificate store and configure an
exclusion for this store
Modify the protection scope of File Threat Protection
Set the maximum file scan time
16.Which of the following is a known limitation of the Web Control component in
Kaspersky Endpoint Security 12.1 for Windows?
It can’t block content by data type over an https connection
None of the above
It can’t block any website accessed over an https connection
It works only with mainstream web browsers such as Internet Explorer, Mozilla Firefox, Google
Chrome
17.An administrator needs to remotely install Network Agent and Kaspersky
Endpoint Security on five laptops that have different local administrator accounts
and are not on the domain. What would you advise?
Create an individual remote installation task for each laptop
Create a single remote installation task and specify the accounts of all the administrators in its
properties
Create a single remote installation task and run it five times; change the target computer and the
administrator account each time
18.What is the primary function of the Kaspersky Network Agent?
Store the event database
Provide communication between the administration server and Kaspersky protection applications
Provide local and remote access to the Administration Server interface
Provide web access to the Administration Server interface
19.What does the password that can be specified in the Network Agent policy
prevent?
Network Agent uninstallation
Stopping the Network Agent service
Starting the klnagchk.exe and klmover.exe utilities
Carrying out the command 'send heartbeat' that forces synchronization with the Server
20.How do you disable the Background Scan task on client computers?
Delete the Background Scan task from the list of tasks in Kaspersky Security Center
Turn off the ‘Enable background scan’ option in the policy of Kaspersky Endpoint Security for
Windows, in Application Settings | Local Tasks | Background Scan
Delete the Background Scan task from the list of tasks in the computer properties
21.Group tasks and a policy are defined for Kaspersky Endpoint Security 12.1 for
Windows in the Managed Devices group. You want to apply different settings to a
particular subgroup. How can this be done?
Exclude the subgroup from the parent policy and create a new policy in the subgroup
Exclude the subgroup from the parent group’s tasks and create new tasks in the subgroup
Create new tasks for the subgroup and disable inheritance in their settings
Create a new policy in the subgroup and disable inheritance in its settings
You can’t do this; tasks and policies are always inherited
22.A network is protected with Kaspersky Endpoint Security 12.1 and managed
with Kaspersky Security Center 14.2. The administrator has disabled the
application interface display for users in the Kaspersky Endpoint Security 12.1 for
Windows policy. What is NOT hidden from users?
Started processes of Kaspersky Endpoint Security
Kaspersky Endpoint Security icon in the notification area
Kaspersky Endpoint Security shortcut in the Start menu
Started services of Kaspersky Endpoint Security
Kaspersky Endpoint Security in the list of installed programs
23.What happens when extended KSN mode is enabled?
Kaspersky Security Center switches to KSN Proxy mode and starts caching all requests sent to the
KSN cloud
More statistical information is sent to the KSN cloud; executable and non-executable files or their
parts can also be sent
Kaspersky Security Center establishes a persistent communication channel to the KSN cloud and
caches part of the information from the KSN cloud on the local drive
24.Which control components of Kaspersky Endpoint Security 12.1 for Windows
can apply access rules on schedule?
Host Intrusion Prevention
Device Control
Web Control
Application Control
Adaptive Anomaly Control
25.This question is related to Kaspersky Security Center. Which of the following
conditions will cause the backup task to return an error on the Administration
Server?
The Administration Server account has no Write permissions for the backup target directory
The database server account has no Write permissions for the backup target directory
The drive where the backup directory is located lacks free space
The 'Download updates to the repository' task is running on the server (backup copying cannot be
started until updating is finished)
26.How often do Network Agents synchronize settings with the Administration
Server by default?
Every 5 minutes
Every 15 minutes
Every 30 minutes
Every 60 minutes
27.What does the File Threat Protection scope include with the default settings?
All removable drives
All hard drives
All network drives
Kernel memory
Disk boot sectors
28.The administrator needs to prohibit the launch of several programs in the
network. What is the best way to achieve this?
In Application Control, select Denylist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Denylist mode and create block rules for the applications that must be
prohibited
In Application Control, select Allowlist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Allowlist mode and create block rules for the applications that must be
prohibited
29.Which file attribute is used when you create an indicator of compromise for
the selected file from an alert card?
MD5 checksum
SHA256 checksum
File name
Full file path
30.A workstation is managed remotely through Kaspersky Security Center 14.2
with the default settings. Which of the following events invoke pop-up
notifications in the local interface of Kaspersky Endpoint Security 12.1 for
Windows?
Threats have been detected
Application startup prohibited
Suspicious object detected
Network attack detected
31.An NFR license has expired after a proof of concept was implemented to
demonstrate the capabilities of Kaspersky Endpoint Security 12.1 for Windows.
Which functions of Kaspersky Endpoint Security will remain operational?
File Threat Protection and Malware Scan
All Kaspersky Endpoint Security features will stay operational, except for updates
Only File Threat Protection and Firewall will keep working
None of the above
32.In the console, you’ve found several Kaspersky EDR Optimum IOC scan tasks
that have the same name: ‘IOC Scan from alert ’. Which of the following is true?
These tasks were created from the same alert card
These tasks were created for the same indicators
These tasks were created with the same actions to be performed when the indicators are detected
33.Which function does Firewall perform in Kaspersky Endpoint Security for
Windows?
Blocks network packets according to the specified rules
Analyzes network activity to detect network attacks
Analyzes files downloaded over the network to detect infected objects
Analyzes email messages and blocks phishing links
34.Which component of Kaspersky Endpoint Security for Windows except 'Web
Threat Protection' takes part in protection against phishing?
File Threat Protection
None of the above
Mail Threat Protection
Web Control
35.How long does Kaspersky EDR Optimum isolate the computer from the
network by default?
30 minutes
8 hours
5 hours
There is no time limit (until canceled manually)
36.Alex-Desktop has been isolated from the network. Now, you want to obtain a
suspicious executable file for additional analysis without deleting the original file
from the isolated computer. How can this be done?
Create and run a task ‘Move file to Quarantine’
Create and run a ‘Get file’ task
You cannot obtain a file from an isolated computer using Endpoint Detection and Response
Optimum tools
37.Select the correct statements about policies in Kaspersky Security Center:
There are active and inactive policies
The administrator can create a policy for a set of computers belonging to different groups
The administrator can exclude a subgroup from a policy’s scope
To enforce policy settings on computers, you must close the respective locks
There can be NO more than one active policy for the same application in a group
Active subgroup policies inherit the locked settings of a parent group’s active policy by default (as far
as policies of the same application are concerned)
38.Which of the following remote installation methods can be used in the 'Install
Application remotely' task in Kaspersky Security Center if the Network Agent is
NOT selected to be deployed?
Using Group Policy Objects (GPO) in the Active Directory
Using Logon Scripts in the Active Directory
Using operating system tools: shared folders and remote procedure call (RPC)
Using Network Agent
39.Where does Kaspersky Security Center store endpoint events that the
administrator can see in the reports?
In text events logs of Kaspersky Security Center
In the Kaspersky Security Center database
In the Windows event log
In Kaspersky Security Network
40.Which level of permissions is necessary and sufficient to install Kaspersky
Endpoint Security on a computer?
User
Local administrator
Power user
Domain administrator
41.What is the purpose of the klmover.exe utility?
It helps check Agent–Server connection
It helps modify the parameters that the Network Agent uses to connect to the Administration Server
It synchronizes the Network Agent and the Administration Server settings
42.Which of the following can you specify as the Administration Server
connection address for Kaspersky Network Agents in Kaspersky Security
Center?
MAC address
IPv4 address
NetBIOS name
DNS name
IPv6 address
Email address
43.Select the correct statements about the Web Threat Protection component of
Kaspersky Endpoint Security:
It scans data in outbound connections
It scans HTTP and FTP protocols
It scans data in secure connections (SSL/TLS)
It scans data in inbound connections established from outside
44.Which of the following operating systems does Kaspersky Security Center
NOT support?
Microsoft Windows XP Pro SP2
All of the above
Microsoft Windows Vista
Microsoft Windows 7 Ultimate SP1
Microsoft Windows 8 Pro
Microsoft Windows 10 Enterprise
45.The administrator intends to use stand-alone installation packages of
Kaspersky Endpoint Security 12.1 for Windows. However, a third-party firewall is
installed on the computer with Kaspersky Security Center Administration Server.
Which of the following ports must be opened in the firewall so that users can
download the package using the automatically created links?
80 and 443
8060
8061
15000
13291
46.Which type of network access do programs that belong to the Untrusted group
get on Microsoft Windows 7 protected by Kaspersky Endpoint Security with
default settings?
None, because the Host Intrusion Prevention component will block them
Full network access
Access only to trusted networks
Access to trusted and local networks
47.You are trying to create a Kaspersky EDR Optimum IOC Scan task from an
alert card, but the file for which you want to make an indicator cannot be
selected. Why?
The alert card lacks the MD5 checksum of this file
An indicator has already been created for this file
The Quarantine action has already been performed for this file
An execution prevention rule has already been created for this file
48.If the administrator mistypes the Administration Server address in the
installation wizard, where can this address be modified in the Administration
Console?
In the properties of the Network Agent installation package
In the properties of the installation package of Kaspersky Endpoint Security
In the properties of the Administration Server node
49.On a computer where Administration Server is installed, the hard drive has
failed and the data has been lost. Fortunately, the administrator has a backup
copy of the Administration Server configuration and data, which was created by
standard tools of Kaspersky Security Center. How can the administrator start the
recovery procedure?
Use the recovery mode in the installation wizard of the Administration Server
Run the ‘Restore from backup’ task in the Administration Console
Use the recovery mode in the Quick Start Wizard of the Administration Server
Use a special utility for backup and restore
50.Which removable drive access operations can Device Control allow or block in
Kaspersky Endpoint Security for Windows?
Read
Write
Execute
Delete
Device Control cannot block specific removable drive access operations