McAfee MA0-104 Free Certification Exam Questions Answer Sep 2025 update

Question # 1

Checkpoint firewalls provide logs to the McAfee SIEM Receiver in which of the following formats?

Syslog

open Platform for Security (OPSEC)

McAfee Event Format (MEF)

Common Event Format (CEF)

Question # 2

Which of the following are the three compression ratios available for raw logs being handled by the ELM?

10:1,14:1.19:1

14:1,18:1,20:1

14:1,17:1.21:1

14:1,17:1,20:1

Question # 3

If the maximum size for the Policy Change History log is reached, which of the following happens to new entries?

No new entries are added to the log.

A new log file is created and the old one is archived.

The oldest entries will be deleted to make way for the new entries.

The newest entries will be buffered until an Administrator creates a new log file.

Question # 4

The security Analyst notices that there has been a large spike for Secure Shell

McAfee ePIocy Orchestrator (ePO)

The core switch

The external switch

The firewall

Question # 5

Zones allow a user to group devices and the events they generate by

Geographical location and IP reputation

Geographical reputation and IP Address

Geographical location and IP Address

Geographical location and File reputation

Question # 6

On the McAfee enterprise Security Manager (ESM), the default data Retention setting specifies that Event and Flow data should be maintained for

365 days.

same value as configured on the ELM.

90 Days

all data allowed by system

Question # 7

A backup of the ELM management database captures

ELM configuration settings

ELM configuration settings, and the ELM archive index

ELM configuration settings, the ELM archive index, and all archived ELM contents.

ELM configuration settings, the ELM archive index, and all archived ELM contents up to the ESM database retention limit.

Question # 8

The fundamental purpose of the Receiver Correlation Subsystem (RCS) is

to analyze data from the ESM and detect matching patterns.

to collect and consolidate identical data from the ESM into a single summary event.

to classify or categorize data from the Receiver into related types and sub-types.

to organize, retrieve and archive data from the Receiver into the SIEM database.

Question # 9

Which of the following is the Primary function of the Event Receiver (ERC) in relation to the Enterprise Security Manager (ESM)?

Collect and parse events before the ESM pulls them form the ERC

Collect and parse the events before the receiver forwards them to the ESM

Collect and store the events before they are forwarded to the ESM for parsing

Collect and parse the events before forwarding them to the ELM

Question # 10

Which of the following is the name of the Dashboard View that shows correlated events for the selected Data Source?

Default Summary

Normalized Dashboard

Incidents Dashboard

Triggered Alarms

Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Free Practice Questions for McAfee MA0-104 Exam

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is: