Visão Geral

O Curso Forcepoint Data Loss Prevention Administrator fornece habilidades para testar uma implantação existente, como administrar políticas e relatórios, lidar com incidentes e endpoints, atualizar e gerenciar o sistema Forcepoint DLP. Você desenvolverá habilidades na criação de políticas de dados, na construção de classificadores personalizados e no uso de políticas predefinidas, gerenciamento de incidentes, relatórios e manutenção de sistemas.

Objetivo

Após concluir este Curso Forcepoint Data Loss Prevention Administrator, você será capaz de:

• Identificar e definir conceitos básicos do Forcepoint DLP.
• Explique o modelo de licenciamento do Forcepoint DLP.
• Crie e gerencie classificadores Forcepoint DLP.
• Definir e criar recursos do Forcepoint DLP.
• Crie e gerencie políticas e regras do Forcepoint DLP.
• Analise e gerencie transações usando OCR.
• Gerencie a integração do Forcepoint DLP CASB.
• Instale e gerencie o Forcepoint One Endpoint.
• Analisar e relatar incidentes de DLP.
• Configure o Forcepoint DLP para estar em conformidade com as especificações de conformidade regulatória.
• Implemente a descoberta do Forcepoint DLP.
• Implemente impressão digital e aprendizado de máquina.
• Aplique políticas usando software de marcação de arquivos de terceiros.
• Monitore e gerencie a integridade do sistema Forcepoint DLP.

Publico Alvo

• Administradores de sistema, administradores de segurança de dados, equipe de TI
• Consultores de TI, especialistas em implementação
• Incidentes DLP e analistas forenses

Pre-Requisitos

• Compreensão geral de administração de sistemas e serviços de Internet
• Conhecimento básico de conceitos de redes e segurança de computadores

Materiais

Conteúdo Programatico

Summarize the basic concepts of Forcepoint DLP

1. Define the acronym "DLP" and explain how DLP can affect an organization.
2. Identify and define core DLP terms.
3. Identify the different states of data that Forcepoint DLP can protect.
4. Access Forcepoint Security Manager and perform initial configuration of Forcepoint DLP.
5. Define what a DLP system module is and explain the basic function each agent performs.
6. Locate and configure registered system modules in a DLP environment.
7. Identify the parts of a DLP incident envelope and where they are stored.
8. Given a flow diagram, explain the sequence of steps in a DLP transaction.
9. Identify the different channels and associated transaction types that Forcepoint DLP can protect.
10. Identify available Forcepoint DLP product information resources and where they can be accessed.
11. Explain where Forcepoint DLP fits into the Forcepoint Human Point System.

Explain the Forcepoint DLP licensing model

1. Explain the DLP license types and their related features.
2. Analyze the content of a DLP subscription XML file.
3. Deploy a new DLP subscription file.

Create and manage Forcepoint DLP classifiers

1. List and explain each Forcepoint classifier type.
2. Create a functional example of each Forcepoint classifier type.
3. Access the list of predefined script classifiers and identify several commonly used categories.
4. Configure the parameters of a predefined script classifier.

Create and manage Forcepoint DLP resources

1. List and explain each Forcepoint DLP resource.
2. Configure a connection to and import a user directory.
3. Create a functional example of each Forcepoint DLP resource.
4. Import URL categories by enabling the linking service.
5. List and explain the default action plans.
6. Create a custom action plan.
7. List and explain the default notifications.
8. Use dynamic variables in notifications.
9. Configure the default notification.

Create and manage Forcepoint DLP policies and rules

1. Define what a DLP policy is, identify three broad types of them, and explain what they do.
2. Explain how cumulative rules can be used in DLP.
3. Configure, deploy, and test a quick policy.
4. Configure and test a predefined policy.
5. Configure, deploy, and test a custom policy and rule.
6. Explain the purpose and function of a rule exception.
7. Explain how to perform a bulk update of multiple policies and rules.
8. Explain how policy levels provide scope and processing order for policies, then create a new policy level and assign policies to it.

Analyze a transaction using OCR

1. Explain the capabilities and modes of OCR.
2. Configure a policy engine to work with an OCR server.
3. Submit a transaction to the OCR engine and examine the results.

Manage Forcepoint DLP cloud applications and CASB

1. Use the Online Applications feature to detect web file uploads to Google Drive or Dropbox.
2. Explain aspects of the Forcepoint DLP CASB integration, including license management functionality, how to locate logs from CASB Cloud Agents, and how to configure and perform a cloud discovery scan.

Install and manage the Forcepoint One Endpoint

1. Identify the core features of the Forcepoint One Endpoint.
2. Explain the current OS and software compatibility of the Forcepoint One Endpoint.
3. Explain the endpoint global and profile settings.
4. Obtain the necessary files and build an installer package for the Forcepoint One Endpoint.
5. Deploy the Forcepoint One Endpoint.
6. Identify supported endpoint encryption methods.
7. Use the Forcepoint One Endpoint to encrypt files copied to removable media.
8. Explain the DLP endpoint temporary bypass feature.
9. Temporarily bypass the Forcepoint One Endpoint.
10. Configure the endpoint browser extension to work in monitor-only mode.
11. Test the endpoint browser extension in monitor-only mode.
12. Explain the DLP endpoint employee coaching feature.
13. Confirm the function of the employee coaching feature.

Analyze and report on Forcepoint DLP incidents

1. Define the core terminology of Forcepoint DLP incident reporting.
2. List and explain the report types in the report catalog.
3. Analyze an incident in an Incident List report.
4. Perform each UI-based incident workflow action.
5. Explain the function of DLP incident batch operations.
6. Perform a remediation operation on a batch of incidents.
7. Explain the features of the incident risk ranking dashboard.

Configure Forcepoint DLP to conform to regulatory compliance specifications

1. Define the term AUP (Acceptable Usage Policy).
2. Explain how to create policies that comply with your Acceptable Usage Policy.
3. Explain governmental regulatory compliance specifications.
4. Deploy DLP policies that meet a specific set of regulatory compliance specifications.
5. Give a high-level overview of delegated administrators and role-based permissions.
6. Configure a delegated administrator to have role-based permissions.

Implement Forcepoint DLP discovery

1. Define terminology specific to discovery.
2. Perform discovery activities including configuration, task execution, and analysis of discovery incidents.

Implement fingerprinting and machine learning

1. Define terminology specific to fingerprinting and machine learning.
2. Perform file fingerprinting activities includinging configuration, task execution, and tuning of results.
3. Perform machine learning activities, including configuration, task execution, and tuning of results.

Apply policies using third party file tagging software

1. Explain the functionality of classification labels and how to integrate them into the DLP data labeling framework.
2. Integrate Boldon James into the DLP data labeling framework.
3. Create a file labeling classifier to manage files that contain sensitive or proprietary information.
4. Create and deploy a data usage policy using a file labeling classifier.
5. Create and deploy a discovery policy with an action plan capable of assigning file classification labels.
6. Integrate Microsoft Information Protection into the DLP data labeling framework.

Monitor and maintain Forcepoint DLP system health

1. Examine the DLP Infrastructure System Summary and identify where to examine CPU and memory resources.
2. Review the operational status of components and services for DLP supplementary servers.
3. Review the operational status of components and services for protectors, Web Security Gateways, and Email Security Gateways.
4. Examine and evaluate performance indicator charts for a policy engine.
5. Examine and evaluate performance indicator charts for the fingerprint repository.
6. Examine and evaluate performance indicator charts for an endpoint server.
7. Examine and evaluate performance indicator charts for the OCR server.
8. Identify what is included in a DLP backup, and then configure and perform a DLP backup task.
9. Identify and analyze the primary logs used in DLP Security Manager.
10. Export and report on information found in the primary DLP logs.
11. Manage incident storage by evaluating utilization, resizing it as needed, and archiving and restoring incident partitions.