Deep-Security-Professional Sample Questions Answers

Deep Security Agents deployed using this script will be activated against Tenant 0 in a multi-tenant environment.

This script will deploy the Deep Security Agent on a server, but will not automatically activate it.

Deep Security Agents deployed using this script are activated against a specific tenant.

Deep Security Agents deployed using this script will be assigned a specific policy when activated.

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the ssl.properties file.

Deep Security Manager-to-database traffic is encrypted by default, but can be disabled by modifying settings in the dsm.properties file.

Deep Security Manager-to-database traffic is encrypted by default but can be disabled by modifying settings in the db.properties file.

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the dsm.properties file.

Integrity scans

Port scans

Application traffic control

Stateful traffic analysis

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

The Application Control Protection Module has been disabled at the Base Policy level and is not displayed in the details for child policies.

The Application Control Protection Module is only supported on Linux computers, the policy details displayed are for Windows computers only.

An Activation Code for the Application Control Protection Module has not been pro-vided. Unlicensed Protection Modules will not be displayed.

The Application Control Protection Modules has not been enabled for this tenant.

The administrator could check the Multi-Tenancy log file for resource consumption details.

The administrator could generate a Tenant report from within the Deep Security Manager Web console.

The administrator will not be able retrieve this information without licensing and ena-bling the Multi-Tenancy Chargeback module in the Deep Security Manager Web con-sole.

The administrator downloads the Tenant usage details from the Deep Security Agent on the Tenant computer.

The Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.

Any changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.

The Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.

Any changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

Simple Network Management Protocol (SNMP)

Deep Security Application Programming Interface (API)

Amazon Simple Notification Service (SNS)

Security Information and Event Management (SIEM)

With the highlighted setting enabled, Deep Security Agents will scan files for known viruses and malware using patterns and any files deemed suspicious will be submitted to a configured Deep Discovery Analyzer for further analysis.

With the highlighted setting enabled, Deep Security Agents will scan files for viruses and malware using supplementary aggressive detection pattern files.

With the highlighted setting enabled, Deep Security Agents will scan files for unknown malware using Predictive Machine Learning.

With the highlighted setting enabled, Deep Security Agents will scan files for known malware as well as newly encounted malware by accessing the Suspicious Objects List.

Firewall Rules applied to Policy supersede similar rules applied to individuals computers.

When traffic is intercepted by the network filter, Firewall Rules in the policy are always applied before any other processing is done.

Firewall Rules applied through a parent-level Policy cannot be unassigned in a child-level policy.

Firewall Rules are always processed in the order in which they appear in the rule list, as displayed in the Deep Security manager Web console.

The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.

The Firewall Protection Module can identify suspicious byte sequences in packets.

The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.

The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

Smart Folders identify the folders that will be scanned when a Real-Time, Manual or Scheduled malware scan is run.

Smart Folders are a collection of subfolders containing the policy settings that are ap-plied to child policies or directly to Computers.

Smart Folders act as a saved search of computers which is executed each time the folder is clicked to display its contents.

Smart Folders are the containers used to store the results of Recommendation Scans. Once a Recommendation Scan has completed, and administrator can click a Smart Folder and select which of the recommended rules to apply.

The Anti-Malware and Web Reputation Protection Modules can make use of the locally installed Smart Protection Server.

All Protection Modules can make use of the locally installed Smart Protection Server

Anti-Malware is the only Protection Modules that can use the locally installed Smart Protection Server.

The Anti-Malware, Web Reputation and Intrusion Prevention Protection Modules can make use of the locally installed Smart Protection Server.

.py scripts

.exe files

.class files

.docx files

Any document files that display suspicious behavior will be submitted and executed in a sandbox environment on a Deep Discover Analyzer device.

Deep Security Agents using this Malware Scan Configuration will not monitor for compromised Windows processes.

Deep Security Agents will only be able to identify malware in files by using patterns downloaded from the Smart Protection Network.

Internet access is required to properly enable the features identified in this configuration.

The Heartbeat interval value displayed in this policy is inherited from the parent policy

Deep Security Agents using the displayed policy will send event details to Deep Security Manager every 5 minutes.

All Deep Security Agents will send event details to Deep Security Manager every 5 minutes.

Deep Security Manager will refresh the policy details on the Deep Security Agents using this policy every 5 minutes.

On the Deep Security Agent computer, type the following command to reset Application Control: dsa_control -r

Click "Clear All" on the Actions tab in the Deep Security Manager Web console to reset the list of Application Control events.

Application Control can be reset by disabling the Protection Module, then enabling it once again. This will cause local rulesets to be rebuilt.

Application Control can not be reset.

Caching is used by the Web Reputation Protection Module to temporarily store the credibility score for a Web site. The retrieved credibility score is cached in case the score for the Web site is required again for the life of the cache.

Caching is used by the Web Reputation Protection Module to temporarily store the pages that make up the Web site. The Web site is cached in case the site is visited again for the life of the cache.

Caching is used by the Web Reputation Protection Module to keep track of Web sites that are added to the Allowed list. Any sites added to the Allowed list will be accessible by protected servers regardless of their credibility score.

Caching is used by the Web Reputation Protection Module to keep track of Allowed and Blocked Web sites. Any sites that are Allowed or Blocked do not require the retrieval of a credibility score from the Trend Micro Web Reputation Service.

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

The Deep Security Agent allows access to the Web site, and logs the connection attempt as an Event.

The Deep Security Agent allows access as the credibility score for the Web site is above the allowed threshold.

The Deep Security Agent blocks access as the credibility score for the Web site is below the allowed threshold. An error page is displayed in the Web browser.

The Deep Security Agent displays a warning message as the site is unrated.