Only 1 day
Classroom
03/02/2025 (Monday)
Overview
The accelerated Forcepoint (DLP) Data Loss Prevention Administrator course, instructs you how to test an existing deployment, administer policies and reports, handle incidents and endpoints and upgrade and manage the Forcepoint DLP system.
You will develop skills in creating data policies, building custom classifiers, performing system maintenance, and using predefined policies, incident management and reports.
Upon completion of this course you will also be able to:
- Identify and define core DLP terminology, resources, and architecture.
- Define and create each type of DLP classifier.
- Define and create each type of DLP resource, including URL categories, action plans, and notifications.
- Define and create each type of DLP policy, rule, and exception.
- Manage policies and rules using bulk updates and policy levels.
- Explain and test the capabilities and modes of OCR.
- Build, deploy, and manage the Forcepoint One Endpoint.
- Define the terms specific to DLP incident reporting.
- List and explain the report types in the report catalog.
- Manage and customize incident reports.
- Analyze and perform each type of workflow on a DLP incident.
- Explain the features of the Incident Risk Ranking dashboard.
- Create and configure an administrator with role-based permissions.
- Define and perform discovery activities.
- Define and perform fingerprinting and machine learning activities.
- Explain the functionality of file tagging and how DLP integrates with it.
- Import and apply file tags, create classifiers, and use them in a policy and rule.
- Review the operational status of DLP components and services.
- Identify the elements included in a DLP backup and restore procedure and then perform this procedure.
- Identify and analyze the primary logs used in DLP security manager.
At the end of this course, you’ll achieve your Forcepoint (DLP)Data Loss Prevention Administrator certification.
Through Firebrand’s Lecture | Lab | Review methodology you’ll certify at twice the speed of traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.
Audience
This course is ideal for:
- System administrators, data security administrators, IT staff
- Sales engineers, consultants, implementation specialists
- Forcepoint channel partners and IT staff
- DLP incident and forensic analysts
Curriculum
Forcepoint (DLP)Data Loss Prevention Administrator
Module 1: Introduction to Forcepoint DLP
- Describe a DLP implementation and define core DLP terms.
- Identify available Forcepoint DLP product information resources and where they can be accessed.
Module 2: Configuring Forcepoint DLP Classifiers
- List and explain each Forcepoint classifier type.
- Create a functional example of each Forcepoint classifier type.
- Access the list of predefined script classifiers and identify several commonly used categories.
- Configure the parameters of a predefined script classifier.
Module 3: Configuring Forcepoint DLP resources
- List and explain each Forcepoint DLP resource.
- Configure a connection to and import a user directory.
- Create a functional example of each Forcepoint DLP resource.
- Import URL categories by enabling the linking service.
- List and explain the default action plans.
- Create a custom action plan.
- List and explain the default notifications.
- Use dynamic variables in notifications.
- Configure the default notification.
Module 4: Configuring Forcepoint DLP policies and rules
- Define what a DLP policy is, identify three broad types of them, and explain what they do.
- Explain how cumulative rules can be used in DLP.
- Configure, deploy, and test a quick policy.
- Configure and test a predefined policy.
- Configure, deploy, and test a custom policy and rule.
- Explain the purpose and function of a rule exception.
- Explain how to perform a bulk update of multiple policies and rules.
- Explain how policy levels provide scope and processing order for policies, then create a new policy level and assign policies to it.
Module 5: Analyze a transaction using OCR
- Explain the capabilities and modes of OCR.
- Configure a policy engine to work with an OCR server.
- Submit a transaction to the OCR engine and examine the results.
Module 6: The Forcepoint One Endpoint
- Identify the core features of the Forcepoint One Endpoint.
- Explain the endpoint global and profile settings.
- Deploy the Forcepoint One Endpoint.
- Identify supported endpoint encryption methods.
- Use the Forcepoint One Endpoint to encrypt files copied to removable media.
- Explain the DLP endpoint temporary bypass feature.
- Test the temporary bypass feature.
- Configure the endpoint browser extension to work in monitor-only mode.
- Test the endpoint browser extension in monitor-only mode.
- Explain the DLP endpoint employee coaching feature.
- Confirm the function of the employee coaching feature.
Module 7: Analyzing DLP incidents and reporting
- Define the core terminology of Forcepoint DLP incident reporting.
- List and explain the report types in the report catalog.
- Analyze an incident in an Incident List report.
- Perform each UI-based incident workflow action.
- Explain the function of DLP incident batch operations.
- Perform a remediation operation on a batch of incidents.
- Explain the features of the incident risk ranking dashboard.
Module 8: Managing Delegated Administrators
- Summarize attributes of delegated administrators and role-based permissions.
- Configure a delegated administrator to have role-based permissions.
Module 9: Implementing discovery
- Define terminology specific to discovery.
- Perform discovery activities, including configuration, task execution, and analysis of discovery incidents.
Module 10: Creating fingerprinting and machine learning classifiers
- Define terminology specific to fingerprinting and machine learning.
- Perform file fingerprinting activities, including configuration, task execution, and tuning of results.
- Perform machine learning activities, including configuration, task execution, and tuning of results.
Module 11: Importing file tagging labels
- Explain the functionality of classification labels and how to integrate them into the DLP data labeling framework.
- Integrate Boldon James into the DLP data labeling framework.
- Create a file labeling classifier to manage files that contain sensitive or proprietary information.
- Create and deploy a data usage policy using a file labeling classifier.
- Create and deploy a discovery policy with an action plan capable of assigning file classification labels.
Module 12: Managing system health
- Examine the DLP system health dashboard for sustained high usage.
- Review the operational status of each registered system module.
- Identify and analyze the primary logs used by the DLP security manager.
- Export information found in the primary logs.
- Explain the functionality of DLP system alerts.
- Identify the items included in a DLP backup.
- Configure and perform a DLP backup task.
Exam Track
At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:
Forcepoint (DLP)Data Loss Prevention Administrator
This course prepares you to take and pass the DLP Administrator certification exam.
A minimum score of 80% on the multiple-choice online exam is required to pass.
Prerequisites
Before attending this accelerated course, you will have:
- General understanding of system administration and internet services
- Basic knowledge of networking and computer security concepts
- A computer that meets the requirements noted at the end of this document
What's Included
Your accelerated course includes:
- Accommodation *
- Meals, unlimited snacks, beverages, tea and coffee *
- On-site exams **
- Exam vouchers **
- Practice tests **
- Certification Guarantee ***
- Courseware
- Up-to 12 hours of instructor-led training each day
- 24-hour lab access
- Digital courseware **
* For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
** Some exceptions apply. Please refer to the Exam Track or speak with our experts.
*** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.
Benefits
Seven reasons why you should sit your course with Firebrand Training
- Two options of training. Choose between residential classroom-based, or online courses
- You'll be certified fast. With us, you’ll be trained in record time
- Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
- Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
- You’ll learn more. A day with a traditional training provider generally runs from 9 am – 5 pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day of quality learning time, with your instructor
- You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
- You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals
*For residential training only. Doesn't apply for online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts
Think you are ready for the course? Take a FREE practice test to assess your knowledge! Free Practice Test