Deep Security Professional Online Training Archives

Exam4Training is the superlative site from where you can easily get Trend Deep Security Professional Trend Micro Certified Professional for Deep Security Exam Online Training. Exam4Training is the most reliable resource for your Trend Deep Security Professional exam. At Exam4Training provide Trend Deep Security Professional Trend Micro Certified Professional for Deep Security Exam Online Training, like actual exam questions, dumps and etc. All the Deep Security Deep Security Professional material is accordingly set by subject matters experts. Exam4Training also offer you to try the free demo, before purchase. Also, we have a refund policy if you fail in the exam so you can claim for your refund confidently.

Page 1 of 3

1. How does Smart Scan vary from conventional pattern-based anti-malware scanning?

Smart Scan improves the capture rate for malware scanning by sending features of suspicious files to an cloud-based server where the features are compared to known malware samples.

Smart Scan shifts much of the malware scanning functionality to an external Smart Protection Server.

Smart Scan is performed in real time, where conventional scanning must be triggered manually, or run on a schedule.

Smart Scan identifies files to be scanned based on the content of the file, not the exten-sion.

2. The Intrusion Prevention Protection Module is enabled and a Recommendation Scan is run to identify vulnerabilities on a Windows Server 2016 computer.

How can you insure that the list of recommendations is always kept up to date?

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

3. New servers are added to the Computers list in Deep Security Manager Web config by running a Discover operation.

What behavior can you expect for newly discovered computers?

Any servers discovered in the selected Active Directory branch hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range that are hosting Deep Security Agents will be added to the Computers list and will be automatically activated.

Any servers within the IP address range will be added to the Computers list, regardless of whether they are hosting a Deep Security Agent or not.

4. Which of the following statements is true regarding Intrusion Prevention rules?

Intrusion Prevention rules can block unrecognized software from executing.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

Intrusion Prevention rules can detect or block traffic associated with specific applications, such as Skype or file-sharing utilities.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.

5. The Firewall Protection Module is enabled on a server through the computer details.

What is default behavior of the Firewall if no rules are yet applied?

All traffic is permitted through the firewall until either a Deny or Allow rule is assigned.

A collection of default rules will automatically be assigned when the Firewall Protection Module is enabled.

All traffic is blocked by the firewall until an Allow rule is assigned.

All traffic is passed through the Firewall using a Bypass rule

6. What is the purpose of the Deep Security Notifier?

The Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.

The Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.

The Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.

The Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

7. Which of the following statements is FALSE regarding Firewall rules using the Bypass action?

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

8. Your organization stores PDF and Microsoft Office files within the SAP Netweaver platform and requires these documents to be scanned for malware.

Which Deep Security component is required to satisfy this requirement?

The Netweaver plug-in must be installed on the Deep Security Agent.

A Smart Protection Server must be installed and configured to service the SAP Netweaver platform

No extra components are required, this can be done by enabling the AntiMalware Pro-tection Module on the SAP Netweaver server.

Deep Security Scanner is required.

9. A Deep Security administrator wishes to monitor a Windows SQL Server database and be alerted of any critical events which may occur on that server.

How can this be achieved using Deep Security?

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

This can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

10. Which of the following statements is false regarding Firewall rules using the Bypass action?

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

Page 2 of 3

11. Which of the following correctly identifies the order of the steps used by the Web Reputation Protection Module to determine if access to a web site should be allowed?

Checks the cache. 2. Checks the Deny list. 3. Checks the Approved list. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the cache. 2. Checks the Approved list. 3. Checks the Deny list. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the Deny list. 2. Checks the Approved list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the Approved list. 2. Checks the Deny list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

12. The "Protection Source when in Combined Mode" settings are configured for a virtual machine as in the exhibit. You would like to enable Application Control on this virtual machine, but there is no corresponding setting displayed.

Why?

In the example displayed in the exhibit, no activation code was entered for Application Control. Since the Protection Module is not licensed, the corresponding settings are not displayed.

These settings are used when both an host-based agent and agentless protection are available for the virtual machine. Since Application Control is not supported in agentless installations, there is no need for the setting.

In the example displayed in the exhibit, the Application Control Protection Module has not yet been enabled. Once it is enabled for this virtual machine, the corresponding settings are displayed.

In the example displayed in the exhibit, the VMware Guest Introspection Service has not yet been installed. This service is required to enable Application Control in agentless installations.

13. What is the purpose of the Deep Security Relay?

Deep Security Relays distribute load to the Deep Security Manager nodes in a high-availability implementation.

Deep Security Relays forward policy details to Deep Security Agents and Virtual Ap-pliances immediately after changes to the policy are applied.

Deep Security Relays maintain the caches of policies applied to Deep Security Agents on protected computers to improve performance.

Deep Security Relays are responsible for retrieving security and software updates and distributing them to Deep Security Manager, Agents and Virtual Appliances.

14. As the administrator in a multi-tenant environment, you would like to monitor the usage of security services by tenants? Which of the following are valid methods for monitoring the usage of the system by the tenants?

Generate a Chargeback report in Deep Security manager Web console.

All the choices listed here are valid.

Use the Representational State Transfer (REST) API to collect usage data from the tenants.

Monitor usage by the tenants from the Statistics tab in the tenant Properties window.

15. Recommendation scans can detect applications and/or vulnerabilities on servers on the network.

Which of the following Protection Modules make use of Recommendation scans?

Firewall, Application Control, and Integrity Monitoring

Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection

Log Inspection, Application Control, and Intrusion Prevention

Intrusion Prevention, Integrity Monitoring, and Log Inspection

16. How can you prevent a file from being scanned for malware?

Enable "File Types scanned by IntelliScan" in the Malware Scan Configuration prop-erties in the Deep Security Manager Web console. Click "Scan All Except" and type the filename to exclude from the scan.

Edit the "Scan Exclusions" section of the dsa.properties configuration file on the Deep Security Agent computer to include the file name. Save the configuration file and restart the Deep Security Agent service.

Add the file to the Exclusions list in the Malware Scan Configuration.

Add the file to the Exclusions list in the "Allowed Spyware/Grayware Configuration".

17. Which of the following Firewall rule actions will allow data packets to pass through the Firewall Protection Module without being subjected to analysis by the Intrusion Prevention Protection Module?

Deny

Bypass

Allow

Force Allow

18. Which of the following statements is true regarding the Log Inspection Protection Module?

Deep Security Agents forward Log Inspection Event details to Deep Security Manager in real time.

Log Inspection can only examine new Events and cannot examine logs entries created before the Protection Module was enabled.

Log Inspection can only examine Deep Security log information.

The Log Inspection Protection Module is supported in both Agent-based and Agentless implementations.

19. Which of the following statements is true regarding the Intrusion Prevention Protection Module?

The Intrusion Prevention Protection Module blocks or allows traffic based on header information within data packets.

The Intrusion Prevention Protection Module analyzes the payload within incoming and outgoing data packets to identify content that can signal an attack.

The Intrusion Prevention Protection Module can identify changes applied to protected objects, such as the Hosts file, or the Windows Registry.

The Intrusion Prevention Protection Module can prevent applications from executing, allowing an organization to block unallowed software.

20. Based on the policy configuration displayed in the exhibit, which of the following statements is true?

Changes to any of the Deep Security policies will be send to the Deep Security Agents as soon as the changes are saved.

Administrators with access to the protected Server will be able to uninstall the Deep Security Agent through Windows Control Panel.

Deep Security Agents will send event information to Deep Security Manager every 10 minutes.

If the Deep Security Manager does not receive a message from the Deep Security agent every 20 minutes, an alert will be raised.

Page 3 of 3

21. The maximum disk space limit for the Identified Files folder is reached.

What is the expected Deep Security Agent behavior in this scenario?

Any existing files are in the folder are compressed and forwarded to Deep Security Manager to free up disk space.

Deep Security Agents will delete any files that have been in the folder for more than 60 days.

Files will no longer be able to be quarantined. Any new files due to be quarantined will be deleted instead.

Deep Security Agents will delete the oldest files in this folder until 20% of the allocated space is available.

22. The details for an event are displayed in the exhibit. Based on these details, which Protection Module generated the event?

Firewall

Intrusion Prevention

Log Inspection

Integrity Monitoring

23. Which of the following statements is true regarding Deep Security Manager-todatabase com-munication?

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the ssl.properties file.

Deep Security Manager-to-database traffic is encrypted by default, but can be disabled by modifying settings in the dsm.properties file.

Deep Security Manager-to-database traffic is encrypted by default but can be disabled by modifying settings in the db.properties file.

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the dsm.properties file.

24. Which of the following statements is true regarding the use of the Firewall Protection Module in Deep Security?

The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.

The Firewall Protection Module can identify suspicious byte sequences in packets.

The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.

The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

25. Which of the following statements is false regarding the Log Inspection Protection Module?

Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.

Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.

The Log Inspection Protection Module is supported in both agent-based and agentless environments.

Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.