1.Which object types can be transferred for analysis to sandbox servers?

Files
Memory dumps
URL
Captured traffic fragments in pcap format
2.Select the correct statement about the settings of the operating system
installed on a central node:
Installation of new programs and updates is disabled
External media are disabled
SSH is disabled
Local login to the system is disabled
3.Which attribute can you use to prohibit access to a file by prevention rules in
Kaspersky EDR?
File name
MD5 checksum
SHA256 checksum
Full file path
4.Which file types can be transferred for analysis to a sandbox server?
Windows executable files
Android executable files
Linux executable files
Microsoft Office and Adobe Acrobat documents
5.What should you do if you need to upgrade a Secondary Central Node?
It cannot be upgraded, you will have to reinstall it
Change its role from a Secondary Central Node to a stand-alone Central Node server
Change its role from a Secondary Central Node to a Primary Central Node and upgrade it
6.How can you authenticate an external sensor to enable it to send files for
scanning to KATA via REST API?
You do not need to do so; KATA accepts files via correctly generated requests without special
authentication
Send any correctly generated request from the external sensor and accept the connection request in
the web console of a KATA central node administrator
Send a special authentication request from the external sensor and accept it in the web console of a
KATA central node administrator
Add the external sensor to the KATA web console beforehand: specify its address and upload its
certificate from a file
7.Which node of a Central Node cluster must be installed after you install the first
storage node?
Storage node
Processing node
Storage node or processing node
8.Which of the following ports does a dedicated sensor listen to?
TCP 22 for connecting to the text management console via SSH
TCP 8443 for connections to the web interface
TCP 443 for connections from endpoint agents (the proxy functionality)
TCP 80 for distributing updates
UDP 161 for requesting statuses from the central node over SNMP
9.Which external resources can you consult using the menu that opens when you
click the sha256 checksum of an executable file in the Threat Hunting interface?
Kaspersky Threat Intelligence portal (a subscription portal with detailed information about targeted
attacks)
Virus Total (a portal where you can scan files using antivirus technologies by various manufacturers)
Kaspersky reputation database (allowlisting.kaspersky.com)
Threats.kaspersky.com (a freely available portal with threat descriptions)
10.Which of the following is important when connecting KATA servers to each
other?
Databases must be updated on both servers
A license must be installed on both servers
Both servers must be connected to KSN
The same UTC time must be set on the servers
11.You are loading ISO images of virtual machines to the sandbox, but the
operation fails because of an unstable network connection. How else can you
upload virtual machine images to the sandbox?
Copy the images to the folder /var/opt/kaspersky/apt/files using the scp utility (or any other method
that you prefer)
Request the sandbox installation drive image from Kaspersky (it includes the images of virtual
machines) and reinstall the sandbox
There’s nothing you can do apart from waiting and trying again when the network is less loaded
12.This question is related to Kaspersky Endpoint Detection and Response
Expert (Cloud). Which criteria can Execution Prevention use to identify the file to
block? ???
Object path
Object checksum
Object type
Object execution time
User account that executes the object
13.Which of the following methods can you use to remotely install Kaspersky
Endpoint Agent on network computers?
Remote installation task for the Kaspersky Endpoint Security for Windows package (in KSC)
Kaspersky Endpoint Agent remote installation task (in the web console of the central node)
‘Change application components’ task of Kaspersky Endpoint Security for Windows (in KSC)
Remote installation task for the Kaspersky Endpoint Agent package (in KSC)
14.Which of the following roles can servers have in the KATA Platform?
Database server
Sandbox
Central node
(Network) sensor
Network Attack Analyzer
15.To save on equipment maintenance, the customer wants to deploy KATA on a
minimal number of servers. Which configuration would you recommend?
Install all three roles – central node, sensor and sandbox – on a single server
Install each role – central node, sensor, and sandbox – on a separate dedicated server
Install the central node with sensor functionality on one server, and sandbox on another server
Install the central node with sandbox functionality on one server, and the sensor on another server
16.Where are the files stored that have been quarantined by the Quarantine file
task through the central node web console?
In a centralized storage on the central node
In a centralized storage on the KSC server
In local storages on the respective computers
In an anonymized storage in the KSN cloud
17.You have received two ISO images for KATA deployment: kata-cn-5.0.0-5201-
inst.x86_64_en-ru.iso and sandbox-5.0.0-587-inst.x86_64_en-ru.iso. How can you
install a dedicated sensor?
From the sandbox installation image
From the central node installation image
From a special image that you need to request from the technical support
18.Which actions are available when you need to kill a process via the central
node web console within the framework of Kaspersky EDR based on KATA
Platform?
Kill process based on the full path of the executable (all processes related to this file will be
terminated)
Kill process based on the executable path and process ID
Kill process based on the executable path and parent process ID (all processes that meet these
criteria will be terminated)
Kill process based on the executable path and parent process name (all processes that meet these
criteria will be terminated)
19.A DNS server was specified in the sandbox installation wizard. Which
operation will it be used in?
Downloading updates
Accessing KSN
Sending scanning results to the central node
Providing access to the internet from within virtual machines
20.A network sensor can act as a proxy for endpoint agents. How many endpoint
agents (maximum) does a sensor acting as a proxy support?
1000
5 000
10 000
15 000
21.What is the minimum number of disks required for Ceph storage of the cluster
storage node of the Central Node?
1
3
2
4
22.Which of the following KATA servers can act as a proxy to relay telemetry data
that endpoint agents send to the central node?
Any Windows computer where the Endpoint Sensor Proxy component is installed
(Network) Sensor
Sandbox
Another central node
23.How many central nodes (maximum) can you connect to a sandbox server?
0 (a central node cannot be connected to a sandbox server)
2
1
None of the above
24.Which node of a KATA Platform cluster can receive files from a mail server
using SMTP?
Storage server
Processing server
Only the first processing server
25.Which account allows you to configure storage on a server in KATA Platform?
Administrator
admin
sso
Configurator
26.What is the maximum number of endpoint agents that can be supported by an
installation with one central node and two dedicated network sensors?
5000
10 000
15 000
20 000
27.This question is related to Kaspersky Endpoint Detection and Response
Expert (Cloud). How can an incident be created? ???
Manually
Automatically, by incident creation rules
Automatically, according to custom criteria configured in incident creation rules
28.This question is related to Kaspersky Endpoint Detection and Response
Expert (Cloud). Which alert types are there in Kaspersky Endpoint Detection and
Response Expert? ???
IOC (indicators of compromise)
IOA (indicators of attack)
Malicious object
29.What is the minimum number of nodes in a Central Node cluster?
2
4
5
30.This question is related to Kaspersky Endpoint Detection and Response
Expert (Cloud). What role does a user need to possess to be able to activate
Kaspersky Endpoint Detection and Response Expert?
Security officer
Main administrator
EDR analyst
Senior security officer
31.Select the statements that correctly characterize the Intrusion Detection
System module on a sensor.
It analyzes a copy of traffic in real time
It blocks connections in which dangerous activity is detected
It uses an updatable list of rules from Kaspersky update servers
It permits users to add custom rules in Suricata format
32.Where can you specify the DNS server for the virtual machines that analyze
objects in a sandbox?
In the Management interface settings
In the Malware interface settings
Nowhere, these settings are hard-coded in the sandbox
Nowhere, because the sandbox’s virtual machines must not be able to access the internet
33.In which of the following scenarios will KATA be able to detect a threat in a file
downloaded over HTTPS?
KATA receives a copy of traffic using the SPAN technology
KATA receives web traffic objects over ICAP from the proxy server
KATA receives web traffic objects over ICAP from the proxy server where SSL protocol inspection is
configured
34.Which component of KATA/KEDR sends objects for scanning to a sandbox
server?
Sensor
Central node
Endpoint Agent
EXTERNAL sensor via API
35.For which KATA Platform technologies can you disable a detection rule if it
produces lots of useless detections?
IDS
TAA
URL Reputation
Antimalware engine
36.To automatically add dangerous objects to the KPSN reputation database, you
need to configure KATA Platform authentication settings by specifying a
certificate and private key. What are they and where can you find them?
The certificate and key of the KPSN web interface; copy them from the /etc/ssl/certs/ folder on the
KPSN server that has the Monitoring role
The certificate and key of a KPSN user who has the permissions to use KPSN API; download them
from the user’s workspace in the KPSN web console
The certificate and key of the central node web interface; copy them from the /etc/ssl/certs/ folder on
the central node
Any certificate-key pair
37.Which of the following settings are manageable only on the primary central
node, and cannot be managed on secondary nodes?
Events
Licenses
VIP
Users
38.Which file operations can prevention rules block in Kaspersky EDR?
Running an executable file or script
Running an executable file or script under a particular user account
Creating a file in the specified folder
Changing the specified file in any program
39.Which of the following schedules can you specify for an IOC scan task in the
central node web console of Kaspersky EDR Expert?
Daily at a specified time
Hourly, or once every several hours
Indicators can only be searched for manually
You cannot specify a schedule; the search is performed daily at 02:00
40.Which of the following processes belong to Kaspersky Endpoint Agent?
sputnik.exe
soyuz.exe
proton.exe
atom.exe
41.Which task types are available in Kaspersky EDR?
Get file
Delete file
Stop process
Get a list of host users
Get drive contents by sector number
42.Which operating system does a sandbox server run?
Kali
Debian
Kaspersky Secure OS
CentOS
43.Which types of custom rules can you import into KATA Platform settings?
IDS rules (in the Suricata format)
YARA rules
TAA Rules (in the OpenIOC format)
URL reputation rules (in the format of regular expressions)
44.Which of the following technologies are used on a sandbox server for
analyzing file execution results within a virtual machine?
Scanner (anti-malware and static analysis)
IDS (Suricata)
YARA
File reputation (KSN)
45.Where must the connection between the central node and sandbox server be
initiated from when exchanging certificates for IPsec authentication?
From the central node
You do not need to do anything of the kind
From the sandbox server
From any side
46.Which of the following can you specify in the installation wizard when
installing Kaspersky Endpoint Agent locally?
The address and port for connecting to the central node
The certificate for connecting to the central node
The address and port for connecting to the sandbox component
None of the above
47.This question is related to Kaspersky Endpoint Detection and Response
Expert (Cloud). KEDR displays a list of events that match a query in Monitoring
and Reporting | Threat Hunting. Which criteria can you use to group them in the
table? ???
IOA rule
Device name
Date
Event type
48.Which of the following can you specify in the properties of a Kaspersky
Endpoint Agent installation package in the KSC?
The address and port for connecting to the central node
The license key for activating Endpoint Agent
The certificate for connecting to the central node
The components to be installed
49.Some routes are specified as Static Routes in the Sandbox server settings.
Which operations are they used in?
Downloading updates
Providing access to the internet from within virtual machines
Sending scanning results to the central node
Accessing KSN
50.What happens if a storage node fails in a cluster installation of the central
node?
The telemetry stored there will be lost
The stored telemetry will not be lost, but you will need to restore it
A processing node will change its role to storage node
None of the above

1.Select the correct statement about the need to specify the company name for a
central node in a distributed KATA Platform installation.
You do not need to specify a company name for the primary Central Node
You do not need to specify a company name for secondary Central Nodes
The company name is optional for any Central Node in a distributed installation
The company name is a must for any Central Node in a distributed installation
2.An analyst has configured scanning for indicators of compromise on the
network endpoints to start at 02:00. Which time zone does this time refer to?
The Central Node’s time zone
The time zone of the computer where scanning for indicators will run
The time zone of the computer on which the web console was running while the schedule was set up
UTC
3.Which of the following does the Kaspersky Endpoint Agent update task
download?
IOC rules for scanning the endpoint for indicators of compromise
Event filters for collecting telemetry to be transmitted to the Central Node
IDS rules for detecting attacks in the endpoint traffic
YARA rules for scanning the endpoint for known indicators of targeted attacks
4.In which of the following scenarios will KATA be able to detect a threat in a file
downloaded over HTTPS?
KATA receives a copy of traffic using the SPAN technology
KATA receives web traffic objects from the proxy server via ICAP integration with ArtX TLSproxy
1.9.1
KATA receives web traffic objects over ICAP from the proxy server where SSL protocol inspection is
configured
KATA receives web traffic objects over ICAP from the proxy server
5.In which of the following situations will Kaspersky Endpoint Agent trust the
central node certificate when establishing a secure connection?
If the certificate is issued by a trusted certification authority according to the settings of the computer
where the Endpoint Agent is installed
If Active Directory has a serviceConnectionPoint object where this certificate is specified
If the certificate is stored in the Endpoint Agent settings (for example, has been delivered with the
Kaspersky Endpoint Agent policy from the KSC server)
Kaspersky Endpoint Agent 3.12 trusts any central node certificate
6.On which type of hypervisor can you install a sandbox server?
KVM
Any
VMware ESXi
A sandbox server cannot be installed on a virtual machine
Microsoft Hyper-V
7.Which file types can be transferred for analysis to a sandbox server?
Windows executables
Microsoft Office and Adobe Acrobat documents
Linux executable files
Android executables
8.Which of the following can you specify in the installation wizard when installing
Kaspersky Endpoint Agent locally?
The address and port for connecting to the Central Node
The certificate for connecting to the Central Node
The address and port for connecting to the Sandbox component
None of the above
9.Which file operations can prevention rules block in Kaspersky EDR?
Running an executable file or script
Running an executable file or script under a particular user account
Creating a file in the specified folder
Changing the specified file in any program
10.Which of the following roles can servers have in the KATA Platform?
Database server
Sandbox
Central node
(Network) sensor
Network Attack Analyzer
11.Which of the following threat detection technologies are implemented on a
Sensor?
Anti-Malware Engine
URL reputation (KSN)
TAA (Targeted Attack Analyzer)
IDS (Suricata)
12.Which operating system does a sandbox server run?
Kali
Kaspersky Secure OS
CentOS
Debian
13.Which of the following schedules can you specify for an IOC scan task in the
central node web console of Kaspersky EDR Expert?
Daily at a specified time
You cannot specify a schedule; the search is performed daily at 02:00
Hourly, or once every several hours
Indicators can only be searched for manually
14.Which KATA Platform server roles support upgrade to version 6.0 without
reinstalling the server?
All three
Central Node and Sensor
Central Node only
Sandbox only
15.What is the maximum number of endpoint agents that can be supported by an
installation with one central node and two dedicated network Sensors?
5000
15000
10000
20000
16.For which KATA Platform technologies can you disable a detection rule if it
produces lots of useless detections?
IDS
TAA
URL Reputation
Antimalware engine
17.Which types of events will be sent to SIEM if you enable integration with SIEM
in the central node web interface?
Alerts about detected threats
Component statuses (heartbeats)
All telemetry from Endpoint Agents
Information about user actions in the web interface
18.In the settings of which of the following KATA/KEDR servers do you need to
configure connection to KPSN?
Only the Central Node
The Central Node and Sensors
The Central Node and Sandbox
All servers
19.Which of the following solutions can KATA Platform integrate with?
Kaspersky Security for SharePoint Server
Kaspersky Security for Microsoft Exchange
Kaspersky Secure Mail Gateway
Kaspersky Web Traffic Security
20.What is the maximum traffic volume that an installation with one Central Node
and four dedicated Sensors can support?
2Gbps
16Gbps
4Gbps
8Gbps
21.Which of the following exclusions can you configure in endpoint isolation
parameters available in the web console of Kaspersky EDR Expert central node?
Connections from the specified executable file
Inbound connections from the specified address
Inbound and outbound ICMP packets (but not packets of other protocols)
Outbound connections to the specified address
22.What does a central node do?
Sends objects to the Sandbox for scanning
Proxies Sensor requests to KSN/KPSN
Scans files using various threat detection technologies
Informs Sensors about license availability
23.Which protocols can a Sensor analyze in mirrored traffic?
HTTP
FTP
SMB/CIFS
SMTP
POP3
DNS
24.Which operating system does a central node run?
CentOS
Kaspersky Secure OS
Ubuntu
Debian
25.Which of the following can you specify in the properties of a Kaspersky
Endpoint Agent installation package in the KSC?
The address and port for connecting to the Central Node
The license key for activating Endpoint Agent
The certificate for connecting to the Central Node
The components to be installed
26.What is the minimum number of nodes in a Central Node cluster?
2
4
5
27.Which of the following methods can you use to remotely install Kaspersky
Endpoint Agent on network computers?
Remote installation task for the Kaspersky Endpoint Security for Windows package (in KSC)
Remote installation task for the Kaspersky Endpoint Agent package (in KSC)
‘Change application components’ task of Kaspersky Endpoint Security for Windows (in KSC)
Kaspersky Endpoint Agent remote installation task (in the web console of the Central Node)
28.Which actions are available when you need to kill a process via the central
node web console within the framework of Kaspersky EDR based on KATA
Platform?
Kill process based on the full path of the executable (all processes related to this file will be
terminated)
Kill process based on the executable path and parent process name (all processes that meet these
criteria will be terminated)
Kill process based on the executable path and parent process ID (all processes that meet these
criteria will be terminated)
Kill process based on the executable path and process ID
29.Where will a file requested using a ‘Get file’ task from the central node web
console be stored?
Storage
A protected area on the computer
Sandbox
30.Kaspersky Endpoint Agent 3.14 integrated into Kaspersky Endpoint Security
for Windows is installed on the network computers. Where can you find
information about threats detected by Kaspersky Endpoint Security in the central
node web console?
KES detections are published in the Alerts section
The total number of KES detections is displayed on the computer card in the Endpoint Agents
section
KES detections are available in the Threat Hunting event database
KES detections are not available in the central node web console
31.You have received two ISO images for KATA deployment: kata-cn-5.0.0-5201-
inst.x86_64_en-ru.iso and sandbox-5.0.0-587-inst.x86_64_en-ru.iso. How can you
install a dedicated Sensor?
From the Sandbox installation image
From a special image that you need to request from the technical support
From the Central Node installation image
32.When is it recommended to enable the extraction of email messages from
SPAN traffic on a dedicated Sensor?
Always
When other mail integration methods (POP3 or SMTP) cannot be used and SPAN traffic contains
non-encrypted SMTP traffic
Always when SPAN traffic contains non-encrypted SMTP traffic
If mail comes from KSMG
33.Where must the connection between the Central Node and Sandbox server be
initiated from when exchanging certificates for IPsec authentication?
From the Central Node
You do not need to do anything of the kind
From the Sandbox server
From any side
34.Which of the following can result in an error when you connect a central node
to a sandbox server?
The central node is already connected to another sandbox server
Another Central Node is already connected to the Sandbox server
The UTC time differs on the servers
A license is not installed on the Central Node
35.Which operating system versions are used on virtual machines within a
sandbox?
Windows XP
Windows 7
Windows 10
Centos 7.8
Windows Server 2012 R2
36.What should you do if you need to upgrade a Secondary Central Node?
It cannot be upgraded, you will have to reinstall it
Change its role from a Secondary Central Node to a Primary Central Node and upgrade it
Change its role from a Secondary Central Node to a stand-alone Central Node server
37.How many sandbox servers (maximum) can you connect a central node to?
0 (a central node cannot be connected to a sandbox server)
1
2
None of the above
38.Which of the following needs to be done to enable a Sensor to receive email
messages over POP3S?
Allow incoming connections on POP3S port 995 of the Sensor
In the mail system, configure a rule that will forward email messages to a special box in the
organization’s domain
In the mail system, configure the forwarding of email messages to a special box in a fake domain, for
which the Sensor is configured as the mail server
On the Sensor, configure access parameters for the mailbox where email messages will be copied
to
Allow outgoing connections on POP3S port 995 of the Sensor
39.Which node of a Central Node cluster must be installed first?
Storage node
Processing node
Sandbox
40.Where can you specify the DNS server for the virtual machines that analyze
objects in a sandbox?
In the Management interface settings
Nowhere, these settings are hardcoded in the Sandbox
In the Malware interface settings
Nowhere, because the Sandbox’s virtual machines must not be able to access the internet
41.Under which circumstances can KATA scan the contents of a password-
protected archive?
Under no circumstances
If the archive’s password is specified in the list of passwords in KATA settings
If the security officer enters the password when sending a file for scanning
If the password is specified in the message body
42.Which of the following CAN’T an ordinary security officer do?
Assign an alert to another security officer
Connect a dedicated Sensor
Open an alert that has VIP status
Consult VIP status assignment settings (settings that regulate which alerts receive VIP status)
43.You can send file scanning requests to KATA from an external sensor using
the URL https://
:443/kata/scanner/v1/sensors//scans. Which address must be specified after
https?
Sandbox address
Address of any Sensor connected to the Central Node
Central node address
Address of the KPSN server that has the Monitoring role
44.Where must the connection between the Central Node and Sensor be initiated
from when exchanging certificates for IPsec authentication?
From the Central Node
You do not need to do anything of the kind
From the Sensor
From any side
45.You are loading ISO images of virtual machines to the sandbox, but the
operation fails because of an unstable network connection. How else can you
upload virtual machine images to the sandbox?

Copy the images to the folder /var/opt/kaspersky/apt/files using the scp utility (or any other method
that you prefer)
Request the Sandbox installation drive image from Kaspersky (it includes the images of virtual
machines) and reinstall the Sandbox
There’s nothing you can do apart from waiting and trying again when the network is less loaded

1.Which types of custom rules can you import into KATA Platform settings?
IDS rules (in the Suricata format)
YARA rules
TAA Rules (in the OpenIOC format)
URL reputation rules (in the format of regular expressions)
2.Which of the following KATA servers can distribute updates to other KATA
servers?
Sandbox
Central node
Sensor
Any of the above
None of the above
3.On which type of hypervisor can you install a sandbox server?
KVM
VMware ESXi
A sandbox server cannot be installed on a virtual machine
Microsoft Hyper-V
Any
4.What minimum number of network interfaces does a Central Node cluster node
require?
1
2
3
4
5.What is the name of the Kaspersky Endpoint Agent main service process?
agent.exe
endpointagent.exe
avp.exe
soyuz.exe
6.Which of the following methods can you use to specify the central node
certificate for endpoint agents?
ServiceConnectionPoint object in Active Directory
Kaspersky Endpoint Agent policy in Kaspersky Security Center
Agent.exe command line utility
Copy the certificate file to the folder where EndpointAgent.msi is located before the installation
7.Kaspersky Endpoint Agent 3.14 integrated into Kaspersky Endpoint Security for
Windows is installed on the network computers. Where can you find information
about threats detected by Kaspersky Endpoint Security in the central node web
console?
KES detections are published in the Alerts section
KES detections are available in the Threat Hunting event database
KES detections are not available in the central node web console
The total number of KES detections is displayed on the computer card in the Endpoint Agents
section
8.A dedicated Sensor receives a copy of network traffic that contains the
organization’s encrypted mail traffic. Which mail traffic retrieval methods would
you recommend configuring on this Sensor?
SPAN only
POP3 and SMTP
Either POP3 or SMTP
SPAN, POP3 and SMTP
9.Select the correct statement about the settings of the operating system
installed on a central node:
Installation of new programs and updates is disabled
External media are disabled
SSH disabled
Local login to the system is disabled
10.How many simultaneously running virtual machines does a sandbox support
(maximum)?
50
200
100
There is no hard limit; the Sandbox will start additional virtual machines if necessary until resources
are available
11.What is the maximum traffic volume that an installation with one Central Node
and four dedicated Sensors can support?
2Gbps
16Gbps
4Gbps
8Gbps
12.In which format can you import indicators of attack to search computers for
them using Kaspersky EDR?
YARA
OpenIOC
STIX
None of the above, Kaspersky EDR uses a proprietary format for indicators of compromise
13.How many sandbox servers (maximum) can you connect a central node to?
0 (a central node cannot be connected to a sandbox server)
1
2
None of the above
14.Which protocols can a Sensor analyze in mirrored traffic?
HTTP
FTP
SMB/CIFS
SMTP
DNS
POP3
15.How many passwords for scanning protected archives can you specify in the
settings of a KATA central node?
The Central Node does not have these settings
Up to 50
Up to 1024
As many as necessary
16.Some endpoint agents will connect to a Central Node via a dedicated proxy
Sensor. What should you specify in the KATA connection settings for these
agents?
The address and certificate of the Central Node; the agents will receive Sensor parameters
automatically after the first connection to the Central Node
Sensor address
Central Node address
Central Node address and Sensor certificate
17.Which node of a Central Node cluster must be installed first?
Storage node
Processing node
Sandbox
18.In which of the following scenarios will KATA be able to detect a threat in a file
downloaded over HTTPS?
KATA receives a copy of traffic using the SPAN technology
KATA receives web traffic objects over ICAP from the proxy server
KATA receives web traffic objects over ICAP from the proxy server where SSL protocol inspection is
configured
KATA receives web traffic objects from the proxy server via ICAP integration with ArtX TLSproxy
1.9.1
19.Which of the following methods can you use to remotely install Kaspersky
Endpoint Agent on network computers?
Remote installation task for the Kaspersky Endpoint Security for Windows package (in KSC)
Remote installation task for the Kaspersky Endpoint Agent package (in KSC)
‘Change application components’ task of Kaspersky Endpoint Security for Windows (in KSC)
Kaspersky Endpoint Agent remote installation task (in the web console of the Central Node)
20.Which task types are available in Kaspersky EDR?
Get a file
Delete a file
Stop a process
Get a list of host users
Get drive contents by sector number
21.Which operations are implemented in REST API of Central Node version 6.0?
Create a file scan task
Create a file scan task for the Sandbox component
Create a request to delete scanning results
Get a list of alerts with all details
Create a network isolation task
Create a task for connecting a specific Sensor
22.Which of the following threat detection technologies are implemented on a
Sensor?
Anti-Malware Engine
URL reputation (KSN)
IDS (Suricata)
TAA (Targeted Attack Analyzer)
23.Where must the connection between the Central Node and Sensor be initiated
from when exchanging certificates for IPsec authentication?
From the Central Node
From the Sensor
From any side
You do not need to do anything of the kind
24.How many hierarchy levels can there be in a distributed KATA installation?
All central nodes work independently in KATA architecture
Two: a primary node and secondary nodes
Central Nodes can be joined into a structure, but there will be no hierarchy; all servers will be peers
There are no limits: any Central Node can be secondary to another node and simultaneously primary
to other nodes
25.What component of a dedicated Sensor detects threats using periodically
downloaded updates?
URL Reputation
IDS (Suricata)
Redis Slave
None of the above
26.Which of the following rules for assigning VIP status to alerts can be
configured in the KATA Platform central node web console?
IP address
Email
Computer name
Domain/Windows username
File name
File checksum
27.Which filtering parameters can you use when querying alerts via the central
node API?
Technology name
Number of alerts
Time span
Source
Token of a previous request
28.Which of the following can result in an error when you connect a central node
to a sandbox server?
The central node is already connected to another sandbox server
A license is not installed on the Central Node
Another Central Node is already connected to the Sandbox server
The UTC time differs on the servers
29.An analyst has activated network isolation for a compromised endpoint using
Kaspersky EDR and has not configured any exclusions. Which of the following
exclusions always work?
For the DNS protocol
For the DHCP protocol
For Kaspersky applications
For Active Directory protocols
For the ICMP protocol
30.Which of the following can you specify in the properties of a Kaspersky
Endpoint Agent installation package in the KSC?
The address and port for connecting to the Central Node
The license key for activating Endpoint Agent
The components to be installed
The certificate for connecting to the Central Node
31.Which technology is responsible for scanning password-protected archives in
KATA Platform?
Sandbox
Anti-malware engine
YARA
TAA (Targeted attack analyzer)
32.Where must the connection between the Central Node and Sandbox server be
initiated from when exchanging certificates for IPsec authentication?
From the Central Node
From the Sandbox server
From any side
You do not need to do anything of the kind
33.Which of the following schedules can you specify for an IOC scan task in the
central node web console of Kaspersky EDR Expert?
Daily at a specified time
Hourly, or once every several hours
Indicators can only be searched for manually
You cannot specify a schedule; the search is performed daily at 02:00
34.Which file operations can prevention rules block in Kaspersky EDR?
Running an executable file or script
Creating a file in the specified folder
Running an executable file or script under a particular user account
Changing the specified file in any program
35.What should you do if you need to upgrade a Secondary Central Node?
It cannot be upgraded, you will have to reinstall it
Change its role from a Secondary Central Node to a stand-alone Central Node server
Change its role from a Secondary Central Node to a Primary Central Node and upgrade it
36.What is the maximum number of endpoint agents that can be supported by an
installation with one central node and two dedicated network Sensors?
5000
15000
10000
20000
37.Which operating system does a sandbox server run?
Kali
CentOS
Kaspersky Secure OS
Debian
38.In which of the following situations will Kaspersky Endpoint Agent trust the
central node certificate when establishing a secure connection?
If the certificate is issued by a trusted certification authority according to the settings of the computer
where the Endpoint Agent is installed
If the certificate is stored in the Endpoint Agent settings (for example, has been delivered with the
Kaspersky Endpoint Agent policy from the KSC server)
If Active Directory has a serviceConnectionPoint object where this certificate is specified
Kaspersky Endpoint Agent 3.12 trusts any central node certificate
39.Which of the following solutions can KATA Platform integrate with?
Kaspersky Security for SharePoint Server
Kaspersky Secure Mail Gateway
Kaspersky Web Traffic Security
Kaspersky Security for Microsoft Exchange
40.What does a Sensor do?
Retrieves data from the infrastructure: Network equipment, email, and proxy servers
Scans a copy of traffic using the IDS technology
Sends objects to the Sandbox for scanning
Sends objects to the Central Node for scanning
41.The address of which cluster node of the Central Node can you use to open
the KATA Platform web interface?
Storage node
Processing node
First storage node
Any node
42.Which attribute can you use to prohibit access to a file by prevention rules in
Kaspersky EDR?
File name
MD5 checksum
SHA256 checksum
Full file path
43.Which of the following settings are manageable only on the primary central
node, and cannot be managed on secondary nodes?
Notifications
Activation keys
Users
VIP
44.A DNS server was specified in the sandbox installation wizard. Which
operation will it be used in?
Downloading updates
Providing access to the internet from within virtual machines
Sending scanning results to the Central Node
Accessing KSN
45.Which of the following threat detection technologies are implemented on the
central node?
Anti-Malware Engine
TAA (Targeted Attack Analyzer)
Sandboxing (running files within a virtual machine)
YARA