How can this be achieved using Deep Security?

A Deep Security administrator wishes to monitor a Windows SQL Server database and be alerted of any critical events which may occur on that server.

How can this be achieved using Deep Security?
A . The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.
B. The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.
C. The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.
D. This can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

Answer: B

Which of the following Protection Modules make use of Recommendation scans?

Recommendation scans can detect applications and/or vulnerabilities on servers on the network.

Which of the following Protection Modules make use of Recommendation scans?
A . Firewall, Application Control, and Integrity Monitoring
B. Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection
C. Log Inspection, Application Control, and Intrusion Prevention
D. Intrusion Prevention, Integrity Monitoring, and Log Inspection

Answer: D

Explanation:

Recommendation Scans can suggest rules for the following Protection Modules:

• Intrusion Prevention

• Integrity Monitoring

• Log Inspection

Explication: Study Guide – page (161)

What is the purpose of the Deep Security Relay?

What is the purpose of the Deep Security Relay?
A . Deep Security Relays distribute load to the Deep Security Manager nodes in a high-availability implementation.
B. Deep Security Relays forward policy details to Deep Security Agents and Virtual Ap-pliances immediately after changes to the policy are applied.
C. Deep Security Relays maintain the caches of policies applied to Deep Security Agents on protected computers to improve performance.
D. Deep Security Relays are responsible for retrieving security and software updates and distributing them to Deep Security Manager, Agents and Virtual Appliances.

Answer: D

Which of the following Firewall rule actions will allow data packets to pass through the Firewall Protection Module without being subjected to analysis by the Intrusion Prevention Protection Module?

Which of the following Firewall rule actions will allow data packets to pass through the Firewall Protection Module without being subjected to analysis by the Intrusion Prevention Protection Module?
A . Deny
B. Bypass
C. Allow
D. Force Allow

Answer: B

Which of the following statements is true regarding the Intrusion Prevention Protection Module?

Which of the following statements is true regarding the Intrusion Prevention Protection Module?
A . The Intrusion Prevention Protection Module blocks or allows traffic based on header information within data packets.
B. The Intrusion Prevention Protection Module analyzes the payload within incoming and outgoing data packets to identify content that can signal an attack.
C. The Intrusion Prevention Protection Module can identify changes applied to protected objects, such as the Hosts file, or the Windows Registry.
D. The Intrusion Prevention Protection Module can prevent applications from executing, allowing an organization to block unallowed software.

Answer: B

Explanation:

deep-security-protection-modules

Which of the following statements is true regarding Deep Security Manager-todatabase com-munication?

Which of the following statements is true regarding Deep Security Manager-todatabase com-munication?
A . Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the ssl.properties file.
B. Deep Security Manager-to-database traffic is encrypted by default, but can be disabled by modifying settings in the dsm.properties file.
C. Deep Security Manager-to-database traffic is encrypted by default but can be disabled by modifying settings in the db.properties file.
D. Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the dsm.properties file.

Answer: D

Which of the following statements is true regarding the use of the Firewall Protection Module in Deep Security?

Which of the following statements is true regarding the use of the Firewall Protection Module in Deep Security?
A . The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.
B. The Firewall Protection Module can identify suspicious byte sequences in packets.
C. The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.
D. The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

Answer: D

Which Deep Security component is required to satisfy this requirement?

Your organization stores PDF and Microsoft Office files within the SAP Netweaver platform and requires these documents to be scanned for malware.

Which Deep Security component is required to satisfy this requirement?
A . The Netweaver plug-in must be installed on the Deep Security Agent.
B. A Smart Protection Server must be installed and configured to service the SAP Netweaver platform
C. No extra components are required, this can be done by enabling the AntiMalware Pro-tection Module on the SAP Netweaver server.
D. Deep Security Scanner is required.

Answer: D

Explanation:

Deep Security Scanner provides integration with the SAP NetWeaver platform and performs an-timalware scans and reviews the information to identify potential threats in SAP systems.

Note: Deep Security Scanner is not supported on computers where the Deep Security Agent is enabled as a Relay.

Explication: Study Guide – page (26)

What is the expected Deep Security Agent behavior in this scenario?

The maximum disk space limit for the Identified Files folder is reached.

What is the expected Deep Security Agent behavior in this scenario?
A . Any existing files are in the folder are compressed and forwarded to Deep Security Manager to free up disk space.
B. Deep Security Agents will delete any files that have been in the folder for more than 60 days.
C. Files will no longer be able to be quarantined. Any new files due to be quarantined will be deleted instead.
D. Deep Security Agents will delete the oldest files in this folder until 20% of the allocated space is available.

Answer: D

Explanation:

If the limit is reached, the oldest files will be deleted first until 20% of allocated space is freed up.

Explication: Study Guide – page (203)

What is the purpose of the Deep Security Notifier?

What is the purpose of the Deep Security Notifier?
A . The Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.
B. The Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.
C. The Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.
D. The Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

Answer: D

Explanation:

The Deep Security Notifier is a Windows System Tray application which provides local notification when malware is detected or malicious URLs are blocked.

It may be installed separately on protected virtual machines, however the Anti-Malware Protection Module must be licensed and enabled on the virtual machine for the Deep Security Notifier to display information.

The Notifier displays pop-up user notifications when the Anti-Malware module begins a scan, or blocks malware or access to malicious web pages. The Notifier also provides a console utility that allows the user to view events.

Explication: Study Guide – page (442)