Illumio Core Specialist Exam UPDATED
ACTUAL QUESTIONS AND CORRECT
ANSWERS
The PCE is responsible for: - CORRECT ANSWER Collecting workload system information &
context.
Managing security policies programmed by the user.
Policy creation.
The VEN is responsible for: - CORRECT ANSWER Gathering detailed system & traffic
information to report.
Opening connections via 8443 TCP and 3444 TCP.
The rest API is responsible for: - CORRECT ANSWER Serving as the primary connection
between the VEN, PCE web user interface, and third-party applications.
Who initiates the connection, the VENs or the PCE? - CORRECT ANSWER The VENs.
They send information for storage in local databases.
After the VEN connects to the PCE, what does the PCE do? - CORRECT ANSWER Correlates
information, updates security policies, and communicates with VENs.
What does the VEN use to enforce policies? - CORRECT ANSWER iptables on Linux,
Windows Filtering Platform (WFP) on Windows
Which component of the Illumio Core solution monitors services and captures flow data? -
CORRECT ANSWER The VEN.
It then transmits this information back to the PCE.
How often does the PCE receive data from a VEN? - CORRECT ANSWER Every 10 minutes
,What are the two types of PCE? - CORRECT ANSWER Cloud-based and on-prem.
Cloud-based is managed by Illumio and on-prem is managed by the customer.
What does Illumio Core use labels for? - CORRECT ANSWER Identifying workloads,
applications, and environments to make it easier to manage and protect workloads.
What does a role label signify? - CORRECT ANSWER The job of the workload in an
organization.
What does an application label signify? - CORRECT ANSWER The software that the workload
runs.
What does an environment label signify? - CORRECT ANSWER The place where the
workload is used.
What does a location label signify? - CORRECT ANSWER The physical or virtual place where
the workload is located.
What is the maximum number of labels allowed? - CORRECT ANSWER 20
What are some examples of policy objects? - CORRECT ANSWER Services, IP lists, and label
groups.
What does a "service" do? - CORRECT ANSWER Allows users to specify multiple ports and
protocols that can be used in multiple roles.
What happens to each rule that uses a service when the service is updated? - CORRECT
ANSWER The change is also applied to every rule.
What does an IP list do? - CORRECT ANSWER Helps to define allowlists of trusted IP
addresses, IP address ranges, or CIDR blocks for accessing workloads and applications.
, What does a label list do? - CORRECT ANSWER Makes writing security policies more
efficient by clustering labels together.
What are the two categories for workloads in the Illumio Core solution? - CORRECT
ANSWER Managed and unmanaged.
What is a managed workload? - CORRECT ANSWER A workload that the VEN software is
installed on.
What are the two methods for pairing a VEN? - CORRECT ANSWER Automated using
existing automation tools.
Scripted using API scripting.
What is the relationship between a VEN and a host-based firewall on a workload? - CORRECT
ANSWER The VEN controls the host-based firewall on the workload.
What is an unmanaged workload? - CORRECT ANSWER Workloads that the VEN software
has not been installed on.
How are unmanaged workloads created? - CORRECT ANSWER Manually via PCE web
console, API scripting, of using an Illumio tool (ex. Workloader or CAT tool).
What does the Agent Manager do on the VEN? - CORRECT ANSWER Manages the VEN.
Sends system information to the PCE.
Uploads logs.
Sends heartbeats to indicate the system is working correctly.
What does the Platform Handler do on the VEN? - CORRECT ANSWER Sends VEN events to
the PCE.
Configures the firewall.
Protects against tampering.
Can upgrade or uninstall the VEN.
ACTUAL QUESTIONS AND CORRECT
ANSWERS
The PCE is responsible for: - CORRECT ANSWER Collecting workload system information &
context.
Managing security policies programmed by the user.
Policy creation.
The VEN is responsible for: - CORRECT ANSWER Gathering detailed system & traffic
information to report.
Opening connections via 8443 TCP and 3444 TCP.
The rest API is responsible for: - CORRECT ANSWER Serving as the primary connection
between the VEN, PCE web user interface, and third-party applications.
Who initiates the connection, the VENs or the PCE? - CORRECT ANSWER The VENs.
They send information for storage in local databases.
After the VEN connects to the PCE, what does the PCE do? - CORRECT ANSWER Correlates
information, updates security policies, and communicates with VENs.
What does the VEN use to enforce policies? - CORRECT ANSWER iptables on Linux,
Windows Filtering Platform (WFP) on Windows
Which component of the Illumio Core solution monitors services and captures flow data? -
CORRECT ANSWER The VEN.
It then transmits this information back to the PCE.
How often does the PCE receive data from a VEN? - CORRECT ANSWER Every 10 minutes
,What are the two types of PCE? - CORRECT ANSWER Cloud-based and on-prem.
Cloud-based is managed by Illumio and on-prem is managed by the customer.
What does Illumio Core use labels for? - CORRECT ANSWER Identifying workloads,
applications, and environments to make it easier to manage and protect workloads.
What does a role label signify? - CORRECT ANSWER The job of the workload in an
organization.
What does an application label signify? - CORRECT ANSWER The software that the workload
runs.
What does an environment label signify? - CORRECT ANSWER The place where the
workload is used.
What does a location label signify? - CORRECT ANSWER The physical or virtual place where
the workload is located.
What is the maximum number of labels allowed? - CORRECT ANSWER 20
What are some examples of policy objects? - CORRECT ANSWER Services, IP lists, and label
groups.
What does a "service" do? - CORRECT ANSWER Allows users to specify multiple ports and
protocols that can be used in multiple roles.
What happens to each rule that uses a service when the service is updated? - CORRECT
ANSWER The change is also applied to every rule.
What does an IP list do? - CORRECT ANSWER Helps to define allowlists of trusted IP
addresses, IP address ranges, or CIDR blocks for accessing workloads and applications.
, What does a label list do? - CORRECT ANSWER Makes writing security policies more
efficient by clustering labels together.
What are the two categories for workloads in the Illumio Core solution? - CORRECT
ANSWER Managed and unmanaged.
What is a managed workload? - CORRECT ANSWER A workload that the VEN software is
installed on.
What are the two methods for pairing a VEN? - CORRECT ANSWER Automated using
existing automation tools.
Scripted using API scripting.
What is the relationship between a VEN and a host-based firewall on a workload? - CORRECT
ANSWER The VEN controls the host-based firewall on the workload.
What is an unmanaged workload? - CORRECT ANSWER Workloads that the VEN software
has not been installed on.
How are unmanaged workloads created? - CORRECT ANSWER Manually via PCE web
console, API scripting, of using an Illumio tool (ex. Workloader or CAT tool).
What does the Agent Manager do on the VEN? - CORRECT ANSWER Manages the VEN.
Sends system information to the PCE.
Uploads logs.
Sends heartbeats to indicate the system is working correctly.
What does the Platform Handler do on the VEN? - CORRECT ANSWER Sends VEN events to
the PCE.
Configures the firewall.
Protects against tampering.
Can upgrade or uninstall the VEN.
