Dumps
Dumps
1.How can you create network isolation exceptions in Endpoint Detection and
Response Optimum settings?
Select from a pre-configured set of profiles
Manually based on connection attributes (address, ports, direction, etc.)
Manually for the selected executable file
Import from ‘Network connection blocked’ events
2.Which of the following components of Kaspersky Endpoint Security 12.1 for
Windows do NOT scan files?
Web Threat Protection
BadUSB Attack Prevention
Network Threat Protection
Mail Threat Protection
3.A network consists of: 27 computers running Microsoft Windows Server 2016 5
computers running Microsoft Windows Server 2012 130 computers running
Microsoft Windows 7 Professional 70 computers running Microsoft Windows 10.
How many remote installation tasks (minimum) do you need to create to install
Kaspersky Endpoint Security 12.1 for Windows on all machines?
1
2
3
232
4.Which version of SQL server is included with the Kaspersky Security Center
Administration Server distribution?
Microsoft SQL Server 2016 Express
None of the above
Microsoft SQL Server 2017 Express
Microsoft SQL Server 2019 Express
5.You are trying to create a Kaspersky EDR Optimum IOC Scan task from an alert
card, but the file for which you want to make an indicator cannot be selected.
Why?
The alert card lacks the MD5 checksum of this file
An indicator has already been created for this file
The Quarantine action has already been performed for this file
An execution prevention rule has already been created for this file
6.Select the most accurate description for the Remediation Engine component:
It monitors file operations and scans files being accessed
It intercepts software start attempts and blocks applications according to the rules configured by the
administrator
It logs actions taken by applications and can roll them back if the software demonstrates dangerous
activity patterns
It analyzes individual operations performed by applications and prohibits little-known applications
from taking potentially dangerous actions
7.Which permission do you need to give to a trusted process in the Trusted Zone
of Kaspersky Endpoint Security so that File Threat Protection does NOT scan
files accessed by this process?
Do not scan files before opening
Do not monitor application activity
Allow interaction with the application interface
Special permissions are not necessary, File Threat Protection does not scan any files accessed by
trusted processes
8.What events does Kaspersky Security Center notify the administrator about
under the default settings?
All events
Critical Kaspersky Endpoint Security events
Critical Administration Server events
None
9.How does Kaspersky Endpoint Security 12.1 for Windows protect against file-
encrypting ransomware?
It mines cryptocurrency for the ransom in the background
It heuristically detects encryption attempts and blocks malware
It backs up documents that are being accessed, and if a document is encrypted by malware, it
restores it from a backup copy
It automatically brute-forces the key and decrypts the encrypted documents
10.ABC Inc. plans to deploy Kaspersky Endpoint Security on 10,000 endpoints
and manage protection through one Administration Server. Which database
server is recommended for Kaspersky Security Center in this case?
Microsoft SQL Server Standard
MySQL Community Edition
Microsoft SQL Server Express
MySQL Enterprise Edition
11.Which of the following installation methods does NOT work if the computer’s
shared folders are NOT accessible over the network?
Remote deployment using Windows resources
Remote installation using Active Directory
Installation from a stand-alone package
Installation using Network Agent
12.Which of the following components of Kaspersky Endpoint Security for
Windows can block executable file start?
Behavior Detection
Application Control
Host Intrusion Prevention
Device Control
Adaptive Anomaly Control
13.The update task of Kaspersky Endpoint Security for Windows has ‘Update
settings for local mode’ and ‘Update settings for mobile mode’. Under which
conditions are ‘Update settings for mobile mode’ used?
The update task has no update settings for mobile mode
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met, and
the out-of-office policy is applied to the computer
If the conditions (specified in the Network Agent policy) for switching to mobile mode are met
If all sources specified in the settings for local mode are inaccessible
14.How does Kaspersky EDR Optimum enhance threat prevention capabilities?
Prevents the changing of system files
Prevents file execution based on the checksum or path mask
Quarantines files detected by an IOC scan task
Prevents the changing of registry keys based on path mask
15.Where are the installation logs of Kaspersky Endpoint Security and Network
Agent stored after a remote installation?
In %ProgramData%\Kaspersky Lab
In the user’s %Temp% folder
In the system %Temp% folder
In the root of the system drive
16.Alex-Desktop has been isolated from the network. Now, you want to obtain a
suspicious executable file for additional analysis without deleting the original file
from the isolated computer. How can this be done?
Create and run a task ‘Move file to Quarantine’
Create and run a ‘Get file’ task
You cannot obtain a file from an isolated computer using Endpoint Detection and Response
Optimum tools
17.A user tries to download an infected object over HTTPS. Which component of
Kaspersky Endpoint Security 12.1 for Windows will be the first to detect it?
Web Threat Protection
File Threat Protection
Host Intrusion Prevention
Network Threat Protection
18.Which of the following Administration Server parameters cannot be modified
without reinstalling Kaspersky Security Center?
Administration Server communication ports
SQL server address
Administration Server account
Shared folder location
19.What does the password that can be specified in the Network Agent policy
prevent?
Network Agent uninstallation
Stopping the Network Agent service
Starting the klnagchk.exe and klmover.exe utilities
Carrying out the command 'send heartbeat' that forces synchronization with the Server
20.On which operating systems can you NOT install Kaspersky Security Center
Administration Server?
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 R2
Windows 10
Windows 11
Windows Server 2016
Windows Server 2019
21.Select the correct statements about the KL-AK- account created by the
installation wizard of Kaspersky Security Center Administration Server:
It is included in the Domain Admins group
It is included in the BUILTIN\Administrators group
It is included in the KLAdmins group
It cannot be used to log on to the system locally
It has the same permissions as the BUILTIN\Administrators group
22.The administrator has selected the 'Assign Network Agent installation in
the Active Directory group policies' option in a remote installation task. When will
the Network Agent installation be finished on the target computers?
A few minutes after the task starts
A few minutes after the computers receive the Active Directory group policy
At the next restart of the computers
The next time the users log on to the domain from the target computers
23.After completing the Quick Start Wizard of the Kaspersky Security Center
Administration Server, you open the Kaspersky Endpoint Security 12.1 for
Windows policy to configure Application Control rules. It turns out that to set up
the rules, you need to select application categories from the list, which is empty.
What do you need to do to create Application Control rules?
Create application categories in the Application Control settings
Create application categories on the Operations | Third-Party Applications | Application Categories
page on the Administration Server
Just wait for the databases to be updated on the Administration Server
Create and run the Inventory task on at least one computer
24.You have installed Kaspersky Security Center, created a 'KES installation'
group in the management console and added computers to that group. You then
enabled automatic installation of Network Agent and Kaspersky Endpoint
Security in the group properties. What do you need to modify in the 'Install
applications remotely' task to successfully complete the installation?
Change the installation method
Specify the list of accounts to be used to run the task
Specify the key
Nothing needs to be changed
25.The administrator needs to prohibit the launch of several programs in the
network. What is the best way to achieve this?
In Application Control, select Denylist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Denylist mode and create block rules for the applications that must be
prohibited
In Application Control, select Allowlist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Allowlist mode and create block rules for the applications that must be
prohibited
26.Where can you find detailed results of a Kaspersky EDR Optimum IOC Scan
task? (For example, conditions that the detected files match)
On the ‘Results’ tab in the task properties
In the ‘Application settings | IOC Scan Results’ section in the task properties
The web console of Kaspersky Security Center doesn’t provide this information
In the statistics of the Kaspersky EDR Optimum application in the computer properties
27.There is a stand-alone package on the Administration Server that installs
Kaspersky Endpoint Security with the default set of components. How can you
make the package install the 'BadUSB Attack Prevention' component as well?
Open the properties of the stand-alone package in the Administration Console and select the
necessary component
Select the component in the original Kaspersky Endpoint Security package and re-create the stand-
alone package
Open the folder where the stand-alone package is located and edit the list of components in the .kud
file
Open the folder where the stand-alone package is located and edit the installation string in the .kud
file
28.Which action is specified for Adaptive Anomaly Control rules by default in the
Kaspersky Endpoint Security policy?
Allow
Block
Notify
Smart
29.Which features provide extended threat detection capabilities in Kaspersky
EDR Optimum?
Correlation of detections with other events
IOC scanning
Correlation of telemetry with a database of indicators of attack
30.How can you exclude a file from the scope of File Threat Protection?
Add the file or folder path to the list of exclusions
Add the program that accesses files to the list of trusted processes
Add the certificate with which files are signed to the computers’ certificate store and configure an
exclusion for this store
Modify the protection scope of File Threat Protection
Set the maximum file scan time
31.You want to prohibit users from starting any browser except for Internet
Explorer. You don’t want to block any other kinds of applications. Which
component of Kaspersky Endpoint Security for Windows is the right tool for the
job?
Application Control
Host Intrusion Prevention
Device Control
Web Control
Adaptive Anomaly Control
32.Can the start of group update tasks be randomized in Kaspersky Security
Center to avoid simultaneous connections of all client computers to the
Administration Server?
Yes
Yes, but only if the 'From 1000 to 5000 computers' or 'More than 5000 computers' option was
selected during the installation of the Administration Server
Yes, but only if the computers are organized into several subgroups with update tasks having
different schedules
No
33.Where can you find the list of computers blocked by the Network Threat
Protection component?
In the local interface of Kaspersky Endpoint Security, in the Network Monitor window that you can
open from the shortcut menu of the Network Threat Protection component
In the Kaspersky Security Center administration console, in the properties of the attacked computer
In the local interface of Kaspersky Endpoint Security, in the Network Monitor window that you can
open from the Monitoring section
34.What does a closed lock mean near a parameter in a group policy of
Kaspersky Endpoint Security?
The parameter cannot be changed in the local interface of Kaspersky Endpoint Security
The parameter can be changed only by the administrator who created the policy
The parameter cannot be changed in subgroup policies (unless inheritance is disabled)
The parameter is password-protected
35.This question is related to Kaspersky Security Center. Which of the following
conditions will cause the backup task to return an error on the Administration
Server?
The Administration Server account has no Write permissions for the backup target directory
The database server account has no Write permissions for the backup target directory
The drive where the backup directory is located lacks free space
The 'Download updates to the repository' task is running on the server (backup copying cannot be
started until updating is finished)
36.Select the most accurate description for the Host Intrusion Prevention
component:
It monitors file operations and scans files being accessed
It analyzes individual operations performed by applications and prohibits little-known applications
from taking potentially dangerous actions
It logs actions taken by applications and blocks applications that demonstrate dangerous activity
patterns
It intercepts software start attempts and blocks applications according to the rules configured by the
administrator
37.In the Web Control settings of a Kaspersky Endpoint Security 12.1 for
Windows policy, the administrator created a rule that prohibits all users from
opening facebook.com and a rule that allows the HR department to access
facebook.com. However, access to facebook.com has been blocked for everyone.
Why?
The blocking rule is higher than the allowing rule on the list
A blocking rule always has priority over allowing rules
Web Control exclusions must be specified in the Trusted Zone
The standard default allowing rule is disabled
38.Under which conditions does Kaspersky Endpoint Security switch to the out-
of-office mode if Network Agent is configured to ‘Enable out-of-office mode when
Administration Server is not available’?
After an unsuccessful synchronization with the Administration Server
After three unsuccessful synchronizations with the Administration Server or after all networks have
been disconnected
After an unsuccessful synchronization, if the client computer cannot resolve the Administration
Server name
After an unsuccessful synchronization, if the client computer does not receive an answer to the
following command: ping
39.Under which conditions does Kaspersky Endpoint Security switch to the out-
of-office mode with the default settings?
None. Conditions are not specified by default
After three unsuccessful synchronizations with the Administration Server or after all networks have
been disconnected
After an unsuccessful synchronization with the Administration Server
40.A network is protected with Kaspersky Endpoint Security for Windows and
managed by Kaspersky Security Center with the default settings. What should the
administrator do to completely prohibit the disabling of protection without
concealing it?
Protect the Uninstall / Modify / Restore commands with a password
Prohibit stopping of the Kaspersky Endpoint Security service
Protect disabling of protection and control components with a password
Protect the Exit command with a password
Block access to the Kaspersky Endpoint Security process
41.In which of the following situations do you NOT need to specify the
administrator account in the remote installation task?
The administrator account is disabled on the target computers
Network Agent is already installed on the target computers and connected to the Server
The account of the Administration Server service has administrator permissions on the target
computers
Windows 10 is installed on the target computers
The target computers have been prepared with the riprep.exe utility
A previous version of Kaspersky Endpoint Security is already installed on the target computers
42.This question is related to Kaspersky Security Center and Kaspersky Endpoint
Security 12.1 for Windows. You want to import the Active Directory structure to
the structure of managed computers. How can you do it?
Use the option 'Create group structure based on Active Directory structure' in the Quick Start Wizard
Use the option 'Create group structure based on Active Directory structure' in the group hierarchy
settings in the Web Console
Use the task 'Synchronize Active Directory structure'
Use a one-time relocation rule with the option to create missing groups for organizational units
43.A packet meets the conditions of several Firewall rules, including an allow rule
for packets and a block rule for applications. The block rule for applications is
higher than the allow rule for packets. What does Firewall do with such a packet?
Allows the packet
Applies the rule that is higher in the list
Blocks the packet
Applies the rule that is lower in the list
44.Which operating systems does Kaspersky Endpoint Security 12.1 for Windows
support?
Microsoft Windows 10 Home
All of the above
Microsoft Windows 10 Pro
Microsoft Windows 10 Education
Microsoft Windows 10 Enterprise
45.Which utility helps the administrator test the connection between the Network
Agent and the Administration Server and synchronize their settings?
klmover.exe
klnagchck.exe
GetSystemInfo.exe
46.You want to configure the Kaspersky Endpoint Security 12.1 for Windows
policy to prohibit the use of all browsers except Internet Explorer at the company.
To do so, you have created an application category named Browsers that
includes all applications from the Web Browsers KL category, and prohibited its
launch. How can you configure the exclusion for Internet Explorer?
Create an exclusion for Internet Explorer in the created Browsers category
Create a category for Internet Explorer, create a rule allowing the start of programs of this category
and place it higher on the list than the rule that prohibits the Browsers category
Create a category for Internet Explorer, create an allow rule for this category, and move it to the
bottom of the list of rules.
This scenario cannot be implemented in Kaspersky Endpoint Security 12.1 for Windows
47.When accessing a computer via a third-party remote desktop tool, the
administrator noticed that the interface of Kaspersky Endpoint Security 12.1 for
Windows doesn’t respond to commands. Which component or subsystem of
Kaspersky Endpoint Security 12.1 for Windows causes this behavior?
Firewall
Self-Defense
Behavior Detection
Host Intrusion Prevention
None of the above
48.Which of the following components of Kaspersky Endpoint Security for
Windows must be installed on a computer to ensure that Endpoint Detection and
Response Optimum can send the necessary information for creating a detection
card to Kaspersky Security Center?
File Threat Protection
None of the above
Host Intrusion Prevention
Behavior Detection or Adaptive Anomaly Control
49.An NFR license has expired after a proof of concept was implemented to
demonstrate the capabilities of Kaspersky Endpoint Security 12.1 for Windows.
Which functions of Kaspersky Endpoint Security will remain operational?
File Threat Protection and Malware Scan
All Kaspersky Endpoint Security features will stay operational, except for updates
Only File Threat Protection and Firewall will keep working
None of the above
50.The administrator isolates Alex-Desktop from the network. Select the correct
statement.
All current network connections will be terminated on the Alex-Desktop. Only the Network Agent will
be allowed to establish new connections
All active connections will be terminated and new ones will be blocked, except for Network Agent
connections and exceptions configured in the Kaspersky EDR Optimum policy
Alex-Desktop will be completely isolated from the network: any network activity will be blocked,
except Network Agent connections
Which of the following components of Kaspersky Endpoint Security 11 for Windows can
block executable file start?
Behavior Detection
Application Control
Device Control
Consider Kaspersky Endpoint Security 11 and Kaspersky Security Center 10. How can you tell
which KL category a particular executable file belongs to?
Which program types does the installer of Kaspersky Security Center Network Agent consider
incompatible and try to uninstall?
Third-party antiviruses
None
The administrator wants to configure the policy of Kaspersky Endpoint Security 11 for
Windows to prohibit the use of all browsers except Internet Explorer in the company. For this
purpose, he or she creates an application category named Browsers, which coincides with the
Web Browsers KL category, and prohibits its start. How should the administrator configure the
exclusion for Internet Explorer?
Create an exclusion for Internet Explorer in the created Browsers category Create a category
for Internet Explorer,
create a rule allowing the start of programs of this category and place it higher on the list than
the rule that prohibits Browsers
Create a category for Internet Explorer, create an allow rule for this category, and move it to
the bottom of the list of rules
2:After three unsuccessful synchronizations with the Administration Server or after all
networks have been disconnected
4:After an unsuccessful synchronization, if the client computer does not receive an answer to
the following command: ping
After three unsuccessful synchronizations with the Administration Server or after all networks
have been disconnected.
This question is related to Kaspersky Security Center. Which of the following conditions will
cause the backup task to return an error on the Administration Server?
1. The Administration Server account has no Write permissions for the backup target directory
2. The database server account has no Write permissions for the backup target directory
3. The drive where the backup directory is located lacks free space
4. The 'Download updates to the repository' task is running on the server (backup copying
cannot be started until updating is finished)
The three most accurate answers that can cause the backup task to return an error on the
Administration Server are: 1. The Administration Server account has no Write permissions for
the backup target directory. 2. The database server account has no Write permissions for the
backup target directory. 3. The drive where the backup directory is located lacks free space.
These conditions can result in an error when performing the backup task on the Administration
Server.
If the Block action is selected for the USB bus in Device Control of Kaspersky Endpoint
Security 12.1 for Windows, and Allow for the Removable Drives category, will users be able
to access removable drives connected over USB?
1. No
2. Yes
This question is related to Kaspersky Security Center. Which features or components provide
the data that populate the Executable Files list in the Administration Console?
3. The 'Find vulnerabilities and required updates' task of Kaspersky Endpoint Security
You want to publish installation packages in Active Directory via Kaspersky Security Center
Administration Server. What packages can be published this way?
4. None
how can you create isolation exceptions endpoint detection and response optimum settings
4.After completing the Quick Start Wizard of the Kaspersky Security Center Administration
Server, you open the Kaspersky Endpoint Security 12.1 for Windows policy to configure
Application Control rules. It turns out that to set up the rules, you need to select application
categories from the list, which is empty. What do you need to do to create Application Control
rules?
.This question is related to Kaspersky Endpoint Security for Windows. When the Behavior
Detection component recognizes dangerous activity, which of the following actions can it take?
1. Disinfect
How often do Network Agents synchronize settings with the Administration Server by default?
By default, Network Agents sync settings with the Administration Server every 15 minutes.
Which technologies and tasks of Kaspersky Endpoint Security create an incident card for EDR
Optimum?
1. Exploit Prevention
1. Exploit Prevention
5.device control
6.application control
Where can the administrator find the list of domains with scan errors?
Hey! The administrator can find the list of domains with scan errors in the Administration
Console, either in each computer's properties or in the local interface of Kaspersky Endpoint
Security. This makes it convenient to track and address any scan errors effectively.
Which file attribute is used when you create an indicator of compromise for the selected file
from an alert card?
1. MD5 checksum
3. SHA256 checksum
4. File name
A network is protected with Kaspersky Endpoint Security 12.1 and managed with Kaspersky
Security Center 14.2. The administrator has disabled the application interface display for users
in the Kaspersky Endpoint Security 12.1 for Windows policy. What is NOT hidden from
users? Choose 2 options
You are trying to create a Kaspersky EDR Optimum IOC Scan task from an alert card, but the
file for which you want to make an indicator cannot be selected. Why? Choose one of the
options
B The Quarantine action has already been performed for this file
C An execution prevention rule has already been created for this file
The reason you can't select the file to create an indicator for the Kaspersky EDR Optimum IOC
Scan task from the alert card might be because the alert card lacks the MD5 checksum of this
file. This information is essential for creating the indicator effectively.
Which of the following web browsers does Web Control of Kaspersky Endpoint Security 12.1
for Windows NOT support? Choose one of the options
A Mozilla Firefox
B Internet Explorer
C Google Chrome
Which of the following database servers does Kaspersky Security Center support? Choose 6
options
A MySQL
B PostgreSQL
C Oracle Database
D Amazon Aurora
F Amazon RDS
G MariaDB
H Microsoft SQL
A 15000
B 80 and 443
C 8061
D 13291
E 8060
The administrator has installed Network Agent and Kaspersky Endpoint Security on a
workstation, but has not moved it to the Managed Devices group. What will happen in this
case? Choose one of the options
A:Events will NOT be delivered from the workstation to Kaspersky Security Center, but
policies and tasks will be enforced on it
B Events will NOT be delivered from the workstation to Kaspersky Security Center, policies
and tasks will NOT be enforced either
C Events will be delivered from the workstation to Kaspersky Security Center, but policies
and tasks will NOT be enforced on it
How can you make the Network Agent perform an unplanned synchronization from the client
side? Choose one of the options
D It is impossible
How can you isolate a computer from the network? Choose 2 options
C Click the button ‘Isolate computer from the network’ in an alert card
D Click the button ‘Isolate computer from the network’ in the properties of Kaspersky
Endpoint Security for Windows installed on the computer
What is the default reaction of Application Privilege Control to programs that start earlier than
Kaspersky Endpoint Security? Choose one of the options
A None
How can you configure the Host Intrusion Prevention component to improve protection against
ransomware? Choose one of the options
A Describe documents as a protected resource, and enable automatic backup for them
B Prohibit the starting of files from temporary folders and removable drives
C Describe documents as a protected resource, and prohibit programs with bad (unknown)
reputation from performing Write and Delete operations
D Open the folder \\\KLSHARE\PkgInst from the computer and copy the necessary package
How can you find all computers that are isolated from the network? Choose one of the options
A The Kaspersky Security Center Web Console does not provide this capability
Group tasks and a policy are defined for Kaspersky Endpoint Security 12.1 for Windows in the
Managed Devices group. You want to apply different settings to a particular subgroup. How
can this be done? Choose 2 options
A Create new tasks for the subgroup and disable inheritance in their settings
B Exclude the subgroup from the parent group’s tasks and create new tasks in the subgroup
C Create a new policy in the subgroup and disable inheritance in its settings
D Exclude the subgroup from the parent policy and create a new policy in the subgroup
A Windows 11
B Windows 10
C Windows Server 2019
When analyzing detailed information on an alert card from an isolated device, you found that
the malicious activity created a few non-executable files. How can you obtain these files for
analysis? Choose one of the options
C Create and run either of the following tasks: ‘Move file to Quarantine’ or ‘Get file’
In which format can you upload indicators to an IOC scan task in Kaspersky EDR Optimum?
Choose one of the options
A Yara
B OpenIOC
C STIX D IOC
This question is related to Kaspersky Security Center. Which of the following conditions will
cause the backup task to return an error on the Administration Server? Choose 3 options
A The Administration Server account has no Write permissions for the backup target directory
B The database server account has no Write permissions for the backup target directory
C The drive where the backup directory is located lacks free space
D The 'Download updates to the repository' task is running on the server (backup copying
cannot be started until updating is finished)
Which permission do you need to give to a trusted process in the Trusted Zone of Kaspersky
Endpoint Security so that File Threat Protection does NOT scan files accessed by this process?
Choose one of the options
B Special permissions are not necessary, File Threat Protection does not scan any files
accessed by trusted processes
What events does Kaspersky Security Center notify the administrator about under the default
settings? Choose one of the options
B None
C All events
Where are the installation logs of Kaspersky Endpoint Security and Network Agent stored after
a remote installation? Choose one of the options
C In %ProgramData%\Kaspersky Lab
Which certificate does Kaspersky Security Center Administration Server use for encrypted
connections with Kaspersky Network Agents? Choose one of the options
C The certificate specified by the administrator during the Administration Server installation
D Kaspersky certificate
Select the correct statements about policies in Kaspersky Security Center: Choose 4 options
A There can be NO more than one active policy for the same application in a group
C Active subgroup policies inherit the locked settings of a parent group’s active policy by
default (as far as policies of the same application are concerned)
D The administrator can create a policy for a set of computers belonging to different groups
F To enforce policy settings on computers, you must close the respective locks
D You cannot do this by adjusting package or task settings in the Kaspersky Security Center
Administration Console
Where can the administrator find the list of domains with scan errors? Choose one of the
options
The network is protected with Kaspersky Endpoint Security 12.1 and managed with Kaspersky
Security Center 14.2. You have created a Malware Scan task. Can you configure the system
drive to only scan for malware when the screensaver is on or the Windows session is locked?
A Yes, you can create a malware scan task for the system drive and select the ‘Run only when
the computer is idle’ checkbox in its properties
B No
C Yes, you can select the ‘Run only when the computer is idle’ checkbox in the Kaspersky
Endpoint Security policy
The computer where the Kaspersky Security Center Administration Server is installed has
broken down. The administrator connects another computer to the network, deploys the
Administration Server on it, and restores data from a backup. Which parameters of the new
Administration Server must be the same as those of the old one for the clients to be able to
connect successfully? Choose one of the options
A IP address, NetBIOS name or DNS name, depending on the connection settings configured
on the clients
Where can you approve installation of a Kaspersky Endpoint Security update in the Kaspersky
Security Center Web Console? Choose one of the options
How does Host Intrusion Prevention select a trust level for a program? Choose 2 options
How long is the information collected for alert cards stored in Kaspersky Security Center?
Choose one of the options
A 90 days
B 30 days
C This period is specified in the Kaspersky Endpoint Security for Windows policy
What does the password that can be specified in the Network Agent policy prevent? Choose
one of the options
B :Carrying out the command 'send heartbeat' that forces synchronization with the Server
C: Network Agent uninstallation
How can you create network isolation exceptions in Endpoint Detection and Response
Optimum settings? Choose 3 options
Which objects can you use to create indicators for an IOC Scan task from an alert card in
Kaspersky EDR Optimum? Choose 2 options
B: Network connections
C: Usernames
D: Registry keys
This question is related to a network protected with Kaspersky Endpoint Security and managed
via Kaspersky Security Center. There is a group update task scheduled to start 'When new
updates are downloaded to the repository'. The databases are regularly updated in the
repository, but the group task starts on the client computers only after a planned
synchronization rather than immediately. Why? Choose one of the options
C: UDP port 15000 is inaccessible on the client computer (for example, blocked by Firewall)
D: UDP port 15000 is inaccessible on the Administration Server (for example, blocked by
Firewall)
Which of the following components of Kaspersky Endpoint Security for Windows can block
executable file start? Choose 3 options
A: Application Control
D: Device Control
E: Behavior Detection
What does the network size selected in the Kaspersky Security Center Administration Server
installation wizard affect? Choose 2 options
Which control components of Kaspersky Endpoint Security 12.1 for Windows can apply
access rules on schedule? Choose 2 options
A Application Control
D Device Control
E Web Control
The administrator of Kaspersky Security Center connects the ММС console to the locally
installed Administration Server, creates an automatically filled application category, and
specifies the С:\Program Files\Microsoft\ folder as a parameter. Which executable files will
fall into this category? Choose one of the options
A: Files whose metadata coincides with the metadata of a file located in С:\Program Files\
Microsoft\ on the Administration Server
B: Files that have the same certificate as a file located in С:\Program Files\Microsoft\ on the
Administration Server
C: Files whose SHA-256 checksum coincides with the checksum of a file located in С:\
Program Files\Microsoft\ on the Administration Server
D: Files whose MD5 checksum coincides with the checksum of a file located in C:\Program
Files\Microsoft\ on the Administration Server Next
The administrator plans to use SNMP protocol to monitor status and receive notifications from
the Administration Server. However, the 'SNMP agent' component is missing from the list of
Administration Server components in the installation wizard. Why? Choose one of the options
C: 'SNMP agent' is not displayed if the SNMP service (a component of Windows operating
system) is not installed on the computer
Which control components of Kaspersky Endpoint Security 12.1 for Windows allow you to
specify different restrictions for different users? Choose 4 options
A: Application Control
B: Web Control
E: Device Control
How does Kaspersky Endpoint Security 12.1 for Windows protect against file-encrypting
ransomware? Choose 2 options
D: It backs up documents that are being accessed, and if a document is encrypted by malware,
it restores it from a backup copy
Removable drives are blocked by Device Control; however, some users can still use their
smartphones as USB storage devices. What do you need to change in the policy to prohibit this
workaround without affecting any other USB devices? Choose one of the options
D: It can’t be done; Kaspersky Endpoint Security 12.1 for Windows cannot block such devices
What happens when the cloud mode is enabled for the protection components? Choose one of
the options
A:When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security uses a lite version of antivirus databases, but sends more requests to the KSN cloud
B:When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security can send executable and non-executable files or their parts to the KSN cloud
C: When the cloud mode is enabled for the protection components, Kaspersky Endpoint
Security sends more statistical information to the KSN cloud and uses the full version of
antivirus databases
The administrator wants to configure Device Control settings in the Kaspersky Endpoint
Security 12.1 for Windows policy, but the control options are not displayed in the policy in the
MMC console. How should the administrator fix this? Choose one of the options
C Add a Kaspersky Endpoint Security for Business Select license to Kaspersky Security Center
D Run a ‘Change application components’ task and select the Standard installation type instead
of the Basic installation type
-----------------------------------------------------------------------------------------------------------------
Activation with code requires-internet access -code may contain many licenses for various
applications.
3-What is the purpose of virus scan tasks, if File Threat Protection is permanently running on
the computers with the default settings?
Page 159
6-Where can you find the list of computers blocked by the Network Threat
Protection component?
page 201
A)In the local interface of Kaspersky Endpoint Security, in the Network Monitor
window that you can open from the Protection Components window
7-The administrator is trying to find a schedule for a virus scan task, but at any
moment of time either a
large number of computers are off, or the users ask to disable scanning because it
slows down the computer. What would you advise?
A)
Enable the mode Scan when the computer is idling in the task
8-How can you configure Host Intrusion Prevention to improve protection against ransomware?
page 185
A)
Describe documents as a protected resource, and prohibit programs with bad (unknown) from
performing Write And Delete operations
9-The administrator has found out that Kaspersky Endpoint Security conflicts with homeware,
and added an exclusion to the policy. How to make the exclusion work on the computers
immediately after Kaspersky Endpoint Security is installed rather than after computers download
the policy?
page 65
A)
Add a configuration file with the exclusion to the installation package of Kaspersky Endpoint
Security (you can export the settings on an already configured computer)
10-After completing the Quick Start wizard of the Kaspersky Security Center 10 Administration
Server, the administrator opens the policy of Kaspersky Endpoint Security 11 for Windows to
configure Application Control rules. It turns out that to set up the rules, you need to select
application categories from the list, which is empty. What should the administrator do to be able
to create Application Control rules?
A)
Create application categories in the Advanced | Application management | Application
categories node on the Administration Server
11-Which networks are trusted in the Firewall policy of Kaspersky Endpoint Security 11 under
the default settings?
page 199
A)
None,There are no trusted networks in a policy by default, and Untru
sted and High restricted programs have no network access.
12-The administrator of Kaspersky Security Center 10 connects the console to the locally
installed Administration Server, creates an automatically filled application category, andspecifies
the С:\Program Files\Microsoft\folder as a parameter. Which executable files will get into this
category?
Page 236
A)The files whose SHA-256 checksum coincides with the checksum of a file located in С:
\Program Files\Microsoft\on the Administration Server
13-Which functions of Kaspersky Endpoint Security for Windows are NOT available under the
KESB Select license?
page 15
A)Encryption
14
-
Removable drives are blocked by device control in Kaspersky Endpoint Security 11 for
Windows; however, some users can still use their Apple iPhones as a USB mass storage
device. What should be changed to prohibit such possibility without affecting any other USB
devices?
A)Block Portable devices (MTP) in Device Control
15-In which of the following situations you need NOT specify the administrator account in the
remote installation task?
Page 82
A)Network Agent is already installed on the computer and connected to the Server
B)The account of the Administration Server service has administrator permissions on the
computer
C)The computer has been prepared with the RIPrep.exe utility
16-Which of the following components of Kaspersky Endpoint Security 11 for Windows provides
proactive defense against unknown threats by analyzing the sequence of actions performed bya
program?
A)Behavior Detection
17-The administrator has selected to Assign Network Agent installation in the Active Directory
group policies in the remote installation task. How will the Network Agent installation files get on
the computer?
page 99
A)Computers will download them from the shared folder on the Administration Server
19-Which components of Kaspersky Endpoint Security for Windows can be installed on a server
operating system?
Page 62
A)Select the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to
send the Kaspersky Security Network server statistical information that is obtained from
application operation, and to send files (or parts of files) that could be used by criminals to harm
a computer or data to Kaspersky for additional analysis.
B)Clear the Enable extended KSN mode check box if you want Kaspersky Endpoint Security to
use the basic functions of Kaspersky Security Network.
21-The Administrator has configured the Kaspersky Endpoint Security 11 installation package to
perform a Basic installation Which of the following components will be installed on
workstations?
A) Behavior detection+Exploit prevention+remedation engine+Host intrusion prevention for
workstation only
22-Select the correct statements about tasks in Kaspersky Security Center
Page 14
23-Which of the following database servers can Kaspersky Security Center work with?
page 24
24-Which of the following task types pertain to Kaspersky Endpoint Security for Windows?
Change application components
25-Consider a network protected with Kaspersky Endpoint Security 11 and managed through
Kaspersky Security Center 10. There is a group update task scheduled to start
When new updates are downloaded to the repository. The databases are regularly updated in
the repository, but the group task starts on the client computers only after a planned
synchronization rather than immediately. Why?
page 315
A)
That’s how it works
26.The update task of Kaspersky Endpoint Security for Windows has Update settings for local
mode and Update settings for mobile mode. Under which conditions are Update settings for
mobile mode used?
A)Updating in mobile mode Mobile mode is the mode of Kaspersky Endpoint Security operation,
when a computer leaves the organization network perimeter (offline computer). For more details
about working with offline computers and out-of-office users,refer to Kaspersky Security Center
Help.An offline computer outside of the organization's network cannot connect to the
Administration Server to update databases and application modules. By default, only Kaspersky
update servers are used as update source for updating databases and application modules in
mobile mode. The use of a proxy server to connect to the Internet is determined by a special
out-of-office policy The out-of-office policy must be created separately. When Kaspersky
Endpoint Security is switched to mobile mode, the update task is started every two hours.To
configure the update settings for mobile mode:
1.
In the main window of Web Console, selectDevices
→Tasks.The table with tasks opens.
2.
Click the Update task for Kaspersky Endpoint Security.The task properties window opens.The
Update task is created automatically by the Initial Configuration Wizard of Kaspersky Security
Center 11 Web Console.Go to theApplication settings section.
27-Installation on which of the following operating systems does Kaspersky Endpoint Security
for Windows 11 support?
Page 57
28-Under which conditions does Kaspersky Endpoint Security switch to the out-of-office mode
with the default settings?
A)No conditions are specified by default
29-On which Windows Server 2012 editions can Kaspersky Security Center10 Administration
Server be installed?
page 22
30-The administrator wants to configure Device Control settings in the policy of Kaspersky
Endpoint Security 11 for Windows, but the control options are not displayed in the policy. How
should the administrator fix this?
A)Run a Change application components task and select the Standard installation type instead
of the Basic installationtype
B)Load a Kaspersky Endpoint Security for Business Select license into Kaspersky Security
Center
31-There is a standalone package on the Administration Server that installs Kaspersky Endpoint
Security with the standard set of components. How to make the package also install the
BadUSB Attack Prevention component?
A)Configure Installation package and recreate the package
32-Select the correct statements about the KL-AK-account created by the installation wizard of
Kaspersky Security Center Administration Server:
Page 40
33-You have found out that the Firewall hampers an application that belongs to the High
Restricted group. Which of the following measures can solve the issue?
page 200
A)
Create allow packet rules for the application’s ports and protocols, and move them to the top of
the list of rules
B)
Manually put the application’s executable files into the Low restricted or Trusted group in the
Kaspersky Endpoint Security policy
34-Consider group A that contains a policy of Kaspersky Endpoint Security 11. Group A has
subgroup B, which also contains a policy of Kaspersky Endpoint Security 11. Which settings can
be edited in the policy of group B?
A)None, open lock only allow modification in endpoint interface.35-Where can you specify the
conditions under which Kaspersky Endpoint Security 11 switches to the out-of-office policy?
A)In the policy of Kaspersky Endpoint Security
36-Consider Kaspersky Security Center 10. Which of the following conditions can make the
backup copying task return an error on the Administration Server?
page 342
A)The Administration Server account has no Write permissions for the backup target directory
B)The database server account has no Write permissions for the backup target directory
C)The drive where the backup directory is located lacks free space37
-
During the installation of Kaspersky Security Center 11,the DNS name of the Administration
Server was specified for its connection address. Before deploying Kaspersky Network Agents,
the administrator decides that the Server’s IP address should be used for connections. How
would you make this change?
Page 37
A)Server connection address and ports can be changed in the properties of Network Agent
installation package
38-What is the minimum amount of RAM required to install Kaspersky Endpoint Security for
Windows (11.1.0) on a 32-bit Windows operating system
page 58
39-Which group tasks and policies does the Quick Start wizard create on the Administration
Server if it is started from the MMC console?
Page 54
page 41
A) Sql Server address
41-The administrator plans to use the SNMP protocol to receive messages from the
Administration Server and monitor statuses. However, the SNMP agent component is missing
from the list of Administration Server components in the installation wizard. Why?
page 28
A)SNMP Agent is not displayed if the SNMP service (a component of Windows operating
system) is not installed on the computer
The SNMP agent is necessary if you want the Administration Server to send notifications over
SNMP. This component requires the SNMP service (a Windows component) to be insta
lled on the computer. If the SNMP service is absent, the SNMP agent will not be shown in the
list of Administration Server components during the installation.
42-Which network polling methods are enabled by default in Kaspersky Security Center 11
Administration Server?
43-Which of the following can be specified as the Administration Server connection address for
Network Agents in Kaspersky Security Center 11?
Page 36
A) IP address (IPv4 only), DNS or NetBIOS
44-You want to publish installation packages in Active Directory via the Kaspersky Security
Center 11 Administration Server. Which installation packages can be published this way?
page 99
A)To publish the Network Agent package to a domain group policy, in the task (or in the
installation wizard), select Assign Network Agent installation in the Active Directory group
policies
B)This method is applicable to the Network Agent only, because after the Agent is installed,
other programs are supposed to be installed using the Agent.
45-Which level of permissions is required to be able to install Kaspersky Endpoint Security for
Windows on the computer?
page 82
A)Local Administrator
46-Which of the following ports must be opened in the firewall for the users to be able to
download the package using the automatically created link?
page 40
A)8060, 8061
47-How does Host Intrusion Prevention react by default to the programs that start before
Kaspersky Endpoint Security 11.1?
page 183
A)Low restricted
48-Into which trust group does Host Intrusion Prevention move programs by default for which
it cannot receive information from KSN?
page 183
A)Low restricted
49-The administrator has decided to enable scanning for encrypted connections. Which
components of Kaspersky Endpoint Security will use it?
page 169
A)Encrypted traffic scanning is enabled by default and pertains to the following components:—
Web Threat Protection
—
Mail Threat Protection
—
Web Control
50-What does the Firewall do with a packet that meets conditions of several rules, including an
allow rule for packets and a block rule for applications? The block rule for applications is higher
on the list than the allow rule for packets.
51-How will Web Threat Protection scan https traffic under the default settings if a website uses
an EV certificate?
A)At the first connection, the certificate will be substituted, https traffic will be scanned. At
subsequent connections, the certificate will NOT be substituted, https traffic will NOT be
scanned
52-How can you disable the Background scan task on the client computers?
Page 160
A)To disable the Background scan task, in the properties of Kaspersky Endpoint Security policy,
open Application Settings | LocalTasks | Background scan and clear the check box Scan when
the computer is idling.
53-The user tries to connect to a website over https. Kaspersky Endpoint Security installed on
the computer is under the policy created by the Quick Start Wizard. An error occurs when
scanning encrypted traffic. What will happen in that case?
page 169
A)With the default settings, if errors arise when scanning a secure connection, the domain will
be automatically added to the list of Domains with scan errors and its whole traffic will be
skipped without scanning.
54-How can the administrator consult the list of domains with secure connection scan errors?
page 170
A)Only in the local interface of Kaspersky Endpoint Security on the user’s computer
55-In which of the following cases will Kaspersky Endpoint Security 11.1 for Windows consider
a file to be non-infected?
page
163
A)Signature or heuristic analysis returned the Infected verdict, while the KSN database
considers the file to be clean
56-Which of the following can the Mail Threat Protection component of Kaspersky Endpoint
Security 11.1 for Windows do?
Page 171
A)
Scan MAPI traffic in Microsoft Office Outlook
B)
Scan SMTP/POP3/IMAP/NNTP traffic
C)
Filter email attachments
57-A computer running Windows 2012 Server is protected with Kaspersky Endpoint Security
11.1 having the default settings. The administrator wants to use it as a print server, but no prints
are being successful. What would be the reason for this?
A)Firewall blocks network activity of the print server
58-Consider Kaspersky Endpoint Security for Windows (11.1.0). You want to block banners on
the web pages visited by the users. How can you achieve this?
A)Create a rule in the Web Control settings to block the content category Banners
59-A commercial license has expired in an organization, and the money for purchasing a new
license will be allocated only in a month. Which functions of Kaspersky Endpoint Security 11.1
for Windows will NOT work until the new license is in place?
page 334
A)All components keep working, but update tasks will not start and KSN servers are
inaccessible. Protection level gradually decreases.
60-Consider Kaspersky Security Center 11. What data is included into a backup copy of the
Administration Server created with a dedicated Kaspersky Security Center task?
Page 340
A)A backup copy of the Kaspersky Security Center data includes all visible and invisible
configuration settings. This includes the event database (which contains more than just the
events), administration group structure, tasks and policies, report templates, installation
packages, selections of computers and events, the Administration Server certificate, and more.
Updates are not included, because they quickly become outdated, and there is no reason to
keep an old copy.
61-Many computers have the Critical status with the Not scanned for a long time description in
Kaspersky Security Center 11 Adm inistration Console. The administrator thinks that it is not a
problem and does not want this condition to influence computer statuses.
A)Modify the status change conditions in the administration groups’ properties
Question 1
To deploy protection in a network, you need to install Network Agents (1), install Kaspersky
Endpoint Security (2), install the Administration Server (3). Select the recommended
deployment plan:
A. 1, 2, 3
B. 2, 3, 1
C. 3, 1, 2
D. 3, 2, 1
Question 2
Communicates file reputation (trust level) to the Firewall and Host Intrusion Prevention
Provides detailed description of threats for events and reports of Kaspersky Security Center
Protects the file versions provided by software manufacturers against false positives
Question 3
Where can you specify the conditions under which Kaspersky Endpoint
Question 4
Application Control
Behavior Detection
Question 5
ARP
TCP
UDP
ICMP
SNMP
SMTP
Question 6
Which updates will be downloaded to the Administration Server repository by default in Kaspersky
Security Center 10?
Only for the Kaspersky Lab applications installed on the client computers and those for which
Only for the components used by the Kaspersky Lab applications on the client computers
For the applications whose plugins are installed on the Administration Server
Question 7
Consider Kaspersky Endpoint Security 11 for Windows. When the Behavior Detection component
recognizes dangerous activities, which of the following actions can it take?
Disinfect
Question 8
Can the start of group update tasks be randomized in Kaspersky Security Center 10 to avoid
simultaneous connections of all client computers to the Administration Server?
Yes
Yes, but only if the From 1000 to 5000 computers or More than 5000 computersoption
Yes, but only if the computers are organized into several subgroups with update tasks having
different schedules
No
Question 9
Which network polling methods are enabled by default in Kaspersky Security Center 10 Administration
Server?
IP range polling
Question 10
The administrator has disconnected an old computer from the network. When will its record disappear
from the Network poll\Domains node in the Administration Console, provided the Administration Server
has the default settings?
In 60 days
Question 11
If Standard installation is selected within the properties of the installation package of Kaspersky Endpoint
Security 11 for Windows, which of the following components will NOT be installed under Windows
Server 2012?
Application Control
Device Control
Question 12
The administrator is trying to find a schedule for a virus scan task, but at any moment of time either a
large number of computers are off, or the users ask to disable scanning because it slows down the
computer. What would you advise?
Enable the mode Concede resources to other applications in the Kaspersky Endpoint Security policy
Enable the mode Scan when the computer is idling in the task
Select the check box Allow management of group tasks in the Kaspersky Endpoint Security
Give up virus scan tasks and select the Highsecurity level in File Threat Protection
Question 13
Which of the following reports does the Deliver reports task (which is created by the Administration
Server Quick Start wizard) email by default?
Threats report
Threats report, Protection status report, Database usage report, and Kaspersky Lab software
version report
Question 14
Which of the following database servers can Kaspersky Security Center work with?
Oracle
Microsoft SQL
MySQL
DB2
PostgreSQL
1.This question is related to Kaspersky Security Center and Kaspersky Endpoint
Security 12.1 for Windows. You want to import the Active Directory structure to
the structure of managed computers. How can you do it?
Use the option 'Create group structure based on Active Directory structure' in the Quick Start Wizard
Use a one-time relocation rule with the option to create missing groups for organizational units
Use the option 'Create group structure based on Active Directory structure' in the group hierarchy
settings in the Web Console
Use the task 'Synchronize Active Directory structure'
2.How can you stop isolating a computer from the network?
Run a ‘Remove isolation’ task on it
Click the button ‘Unblock computer isolated from the network’ in the detection card
Remove the tag ‘Isolated from network’
Click the button ‘Unblock computer isolated from the network’ in the properties of Kaspersky
Endpoint Security for Windows installed on the computer
3.With regards to Kaspersky Security Center, which policy settings are
considered to be compulsory?
Settings of an active policy
Locked settings
Unlocked settings
4.Which technologies and tasks of Kaspersky Endpoint Security create an
incident card for EDR Optimum?
Exploit Prevention
Mail Threat Protection
File Threat Protection
Network Threat Protection
5.How can you make the Network Agent perform an unplanned synchronization
from the client side?
Run the klnagchk command without parameters
Run the following command: klnagchk -sendhb
Run the following command: klnagchk -sync
It is impossible
6.A computer running Windows 7 is protected with Kaspersky Endpoint Security
12.1 for Windows. You want to prohibit USB scanners from connecting to this
computer, but allow removable USB drives. How can this be done?
Block ‘Cameras and scanners’ in Device Control
Block USB bus in Device Control
Block multifunctional devices in Device Control
Kaspersky Endpoint Security cannot block USB scanners
7.Which control components of Kaspersky Endpoint Security 12.1 for Windows
allow you to specify different restrictions for different users?
Application Control
Host Intrusion Prevention
Device Control
Web Control
Adaptive Anomaly Control
8.You created a policy for Kaspersky Endpoint Security with the default settings
in the Quick Start Wizard. Then you clicked ‘Prevent execution’ on an alert card,
but the file was not blocked in the test environment. What else must be done to
prevent file execution?
Select the ‘Enable Detection and Response’ checkbox in the policy
All of the above
Select the ‘Execution prevention’ checkbox in the policy
Select ‘Block and write to report’ in the policy
9.Which of the following Administration Server parameters cannot be modified
without reinstalling Kaspersky Security Center?
Administration Server communication ports
SQL server address
Administration Server account
Shared folder location
10.What happens when the cloud mode is enabled for the protection
components?
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security uses
a lite version of antivirus databases, but sends more requests to the KSN cloud
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security sends
more statistical information to the KSN cloud and uses the full version of antivirus databases
When the cloud mode is enabled for the protection components, Kaspersky Endpoint Security can
send executable and non-executable files or their parts to the KSN cloud
11.Which component of Kaspersky Endpoint Security 12.1 for Windows analyzes
the behavior of already running executable files to detect malware activity?
Host Intrusion Prevention
Behavior Detection
Kaspersky Security Network
Network Threat Protection
12.The administrator needs to organize computers from a subnet into a group.
The administrator knows that, historically, some computers of this subnet receive
addresses in the range 192.168.100.100 to 192.168.100.199, and other computers
have names starting with ‘PROD’. There are no computers with these addresses
or names anywhere else in the network. How should device moving rules be
configured?
Create a moving rule and specify both conditions in it: the range of IP addresses and the name mask
Device moving rules cannot solve this task
Create a moving rule and specify both conditions in it: the range of IP addresses and the name
mask, and also select the checkbox 'Apply the rule if at least one of the conditions is matched'
Create two moving rules for the same group: in one of them, specify the IP range condition, and in
the other one, the name mask
13.Which of the following components of Kaspersky Endpoint Security 12.1 for
Windows does NOT use KSN technology?
File Threat Protection
Network Threat Protection
Malware scan tasks
Exploit Prevention
Web Threat Protection
14.This question is related to Kaspersky Security Center. The administrator
selected the 'Path to folder' parameter as a condition for an application category
and specified the C:\Program Files\Microsoft\ value. Which executable files will
meet this condition?
The files whose checksums coincide with the checksums of the files that were located in folder С:\
Program Files\Microsoft\ on the Administration Server when the category was being created
The files whose checksums coincide with checksums of the files located in С:\Program Files\
Microsoft\ on the Administration Server. Every time the Administration Server is restarted, the list of
checksums is updated to reflect the current folder contents
The files whose metadata coincides with the metadata of a file located in С:\Program Files\Microsoft\
on the Administration Server
The files whose path begins with С:\Program Files\Microsoft\
15.How can you exclude a file from the scope of File Threat Protection?
Add the file or folder path to the list of exclusions
Add the program that accesses files to the list of trusted processes
Add the certificate with which files are signed to the computers’ certificate store and configure an
exclusion for this store
Modify the protection scope of File Threat Protection
Set the maximum file scan time
16.Which of the following is a known limitation of the Web Control component in
Kaspersky Endpoint Security 12.1 for Windows?
It can’t block content by data type over an https connection
None of the above
It can’t block any website accessed over an https connection
It works only with mainstream web browsers such as Internet Explorer, Mozilla Firefox, Google
Chrome
17.An administrator needs to remotely install Network Agent and Kaspersky
Endpoint Security on five laptops that have different local administrator accounts
and are not on the domain. What would you advise?
Create an individual remote installation task for each laptop
Create a single remote installation task and specify the accounts of all the administrators in its
properties
Create a single remote installation task and run it five times; change the target computer and the
administrator account each time
18.What is the primary function of the Kaspersky Network Agent?
Store the event database
Provide communication between the administration server and Kaspersky protection applications
Provide local and remote access to the Administration Server interface
Provide web access to the Administration Server interface
19.What does the password that can be specified in the Network Agent policy
prevent?
Network Agent uninstallation
Stopping the Network Agent service
Starting the klnagchk.exe and klmover.exe utilities
Carrying out the command 'send heartbeat' that forces synchronization with the Server
20.How do you disable the Background Scan task on client computers?
Delete the Background Scan task from the list of tasks in Kaspersky Security Center
Turn off the ‘Enable background scan’ option in the policy of Kaspersky Endpoint Security for
Windows, in Application Settings | Local Tasks | Background Scan
Delete the Background Scan task from the list of tasks in the computer properties
21.Group tasks and a policy are defined for Kaspersky Endpoint Security 12.1 for
Windows in the Managed Devices group. You want to apply different settings to a
particular subgroup. How can this be done?
Exclude the subgroup from the parent policy and create a new policy in the subgroup
Exclude the subgroup from the parent group’s tasks and create new tasks in the subgroup
Create new tasks for the subgroup and disable inheritance in their settings
Create a new policy in the subgroup and disable inheritance in its settings
You can’t do this; tasks and policies are always inherited
22.A network is protected with Kaspersky Endpoint Security 12.1 and managed
with Kaspersky Security Center 14.2. The administrator has disabled the
application interface display for users in the Kaspersky Endpoint Security 12.1 for
Windows policy. What is NOT hidden from users?
Started processes of Kaspersky Endpoint Security
Kaspersky Endpoint Security icon in the notification area
Kaspersky Endpoint Security shortcut in the Start menu
Started services of Kaspersky Endpoint Security
Kaspersky Endpoint Security in the list of installed programs
23.What happens when extended KSN mode is enabled?
Kaspersky Security Center switches to KSN Proxy mode and starts caching all requests sent to the
KSN cloud
More statistical information is sent to the KSN cloud; executable and non-executable files or their
parts can also be sent
Kaspersky Security Center establishes a persistent communication channel to the KSN cloud and
caches part of the information from the KSN cloud on the local drive
24.Which control components of Kaspersky Endpoint Security 12.1 for Windows
can apply access rules on schedule?
Host Intrusion Prevention
Device Control
Web Control
Application Control
Adaptive Anomaly Control
25.This question is related to Kaspersky Security Center. Which of the following
conditions will cause the backup task to return an error on the Administration
Server?
The Administration Server account has no Write permissions for the backup target directory
The database server account has no Write permissions for the backup target directory
The drive where the backup directory is located lacks free space
The 'Download updates to the repository' task is running on the server (backup copying cannot be
started until updating is finished)
26.How often do Network Agents synchronize settings with the Administration
Server by default?
Every 5 minutes
Every 15 minutes
Every 30 minutes
Every 60 minutes
27.What does the File Threat Protection scope include with the default settings?
All removable drives
All hard drives
All network drives
Kernel memory
Disk boot sectors
28.The administrator needs to prohibit the launch of several programs in the
network. What is the best way to achieve this?
In Application Control, select Denylist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Denylist mode and create block rules for the applications that must be
prohibited
In Application Control, select Allowlist mode and create a rule that allows everything except the
applications that must be prohibited
In Application Control, select Allowlist mode and create block rules for the applications that must be
prohibited
29.Which file attribute is used when you create an indicator of compromise for
the selected file from an alert card?
MD5 checksum
SHA256 checksum
File name
Full file path
30.A workstation is managed remotely through Kaspersky Security Center 14.2
with the default settings. Which of the following events invoke pop-up
notifications in the local interface of Kaspersky Endpoint Security 12.1 for
Windows?
Threats have been detected
Application startup prohibited
Suspicious object detected
Network attack detected
31.An NFR license has expired after a proof of concept was implemented to
demonstrate the capabilities of Kaspersky Endpoint Security 12.1 for Windows.
Which functions of Kaspersky Endpoint Security will remain operational?
File Threat Protection and Malware Scan
All Kaspersky Endpoint Security features will stay operational, except for updates
Only File Threat Protection and Firewall will keep working
None of the above
32.In the console, you’ve found several Kaspersky EDR Optimum IOC scan tasks
that have the same name: ‘IOC Scan from alert ’. Which of the following is true?
These tasks were created from the same alert card
These tasks were created for the same indicators
These tasks were created with the same actions to be performed when the indicators are detected
33.Which function does Firewall perform in Kaspersky Endpoint Security for
Windows?
Blocks network packets according to the specified rules
Analyzes network activity to detect network attacks
Analyzes files downloaded over the network to detect infected objects
Analyzes email messages and blocks phishing links
34.Which component of Kaspersky Endpoint Security for Windows except 'Web
Threat Protection' takes part in protection against phishing?
File Threat Protection
None of the above
Mail Threat Protection
Web Control
35.How long does Kaspersky EDR Optimum isolate the computer from the
network by default?
30 minutes
8 hours
5 hours
There is no time limit (until canceled manually)
36.Alex-Desktop has been isolated from the network. Now, you want to obtain a
suspicious executable file for additional analysis without deleting the original file
from the isolated computer. How can this be done?
Create and run a task ‘Move file to Quarantine’
Create and run a ‘Get file’ task
You cannot obtain a file from an isolated computer using Endpoint Detection and Response
Optimum tools
37.Select the correct statements about policies in Kaspersky Security Center:
There are active and inactive policies
The administrator can create a policy for a set of computers belonging to different groups
The administrator can exclude a subgroup from a policy’s scope
To enforce policy settings on computers, you must close the respective locks
There can be NO more than one active policy for the same application in a group
Active subgroup policies inherit the locked settings of a parent group’s active policy by default (as far
as policies of the same application are concerned)
38.Which of the following remote installation methods can be used in the 'Install
Application remotely' task in Kaspersky Security Center if the Network Agent is
NOT selected to be deployed?
Using Group Policy Objects (GPO) in the Active Directory
Using Logon Scripts in the Active Directory
Using operating system tools: shared folders and remote procedure call (RPC)
Using Network Agent
39.Where does Kaspersky Security Center store endpoint events that the
administrator can see in the reports?
In text events logs of Kaspersky Security Center
In the Kaspersky Security Center database
In the Windows event log
In Kaspersky Security Network
40.Which level of permissions is necessary and sufficient to install Kaspersky
Endpoint Security on a computer?
User
Local administrator
Power user
Domain administrator
41.What is the purpose of the klmover.exe utility?
It helps check Agent–Server connection
It helps modify the parameters that the Network Agent uses to connect to the Administration Server
It synchronizes the Network Agent and the Administration Server settings
42.Which of the following can you specify as the Administration Server
connection address for Kaspersky Network Agents in Kaspersky Security
Center?
MAC address
IPv4 address
NetBIOS name
DNS name
IPv6 address
Email address
43.Select the correct statements about the Web Threat Protection component of
Kaspersky Endpoint Security:
It scans data in outbound connections
It scans HTTP and FTP protocols
It scans data in secure connections (SSL/TLS)
It scans data in inbound connections established from outside
44.Which of the following operating systems does Kaspersky Security Center
NOT support?
Microsoft Windows XP Pro SP2
All of the above
Microsoft Windows Vista
Microsoft Windows 7 Ultimate SP1
Microsoft Windows 8 Pro
Microsoft Windows 10 Enterprise
45.The administrator intends to use stand-alone installation packages of
Kaspersky Endpoint Security 12.1 for Windows. However, a third-party firewall is
installed on the computer with Kaspersky Security Center Administration Server.
Which of the following ports must be opened in the firewall so that users can
download the package using the automatically created links?
80 and 443
8060
8061
15000
13291
46.Which type of network access do programs that belong to the Untrusted group
get on Microsoft Windows 7 protected by Kaspersky Endpoint Security with
default settings?
None, because the Host Intrusion Prevention component will block them
Full network access
Access only to trusted networks
Access to trusted and local networks
47.You are trying to create a Kaspersky EDR Optimum IOC Scan task from an
alert card, but the file for which you want to make an indicator cannot be
selected. Why?
The alert card lacks the MD5 checksum of this file
An indicator has already been created for this file
The Quarantine action has already been performed for this file
An execution prevention rule has already been created for this file
48.If the administrator mistypes the Administration Server address in the
installation wizard, where can this address be modified in the Administration
Console?
In the properties of the Network Agent installation package
In the properties of the installation package of Kaspersky Endpoint Security
In the properties of the Administration Server node
49.On a computer where Administration Server is installed, the hard drive has
failed and the data has been lost. Fortunately, the administrator has a backup
copy of the Administration Server configuration and data, which was created by
standard tools of Kaspersky Security Center. How can the administrator start the
recovery procedure?
Use the recovery mode in the installation wizard of the Administration Server
Run the ‘Restore from backup’ task in the Administration Console
Use the recovery mode in the Quick Start Wizard of the Administration Server
Use a special utility for backup and restore
50.Which removable drive access operations can Device Control allow or block in
Kaspersky Endpoint Security for Windows?
Read
Write
Execute
Delete
Device Control cannot block specific removable drive access operations