Deep-Security-Professional Practice Exam Questions with Answers Trend Micro Certified Professional for Deep Security Exam Certification

Intrusion Prevention rules can block unrecognized software from executing.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

Intrusion Prevention rules can detect or block traffic associated with specific applica-tions, such as Skype or file-sharing utilities.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.

Log Inspection

Integrity Monitoring

Firewall

Intrusion Prevention

Changes to any of the Deep Security policies will be send to the Deep Security Agents as soon as the changes are saved.

Administrators with access to the protected Server will be able to uninstall the Deep Security Agent through Windows Control Panel.

Deep Security Agents will send event information to Deep Security Manager every 10 minutes.

If the Deep Security Manager does not receive a message from the Deep Security agent every 20 minutes, an alert will be raised.

The Web Reputation and Application Control Protection Modules have been assigned a different policy that the other Protection Modules and as a result, are displayed with overrides.

The configuration for the Protection Modules is inherited from the policy assigned to this computer, except for the configuration of the Web Reputation and Application Control Protection Modules which have been set at the computer level.

The Protection Modules identified as Inherited in the exhibit have not yet been config-ured. Only the Web Reputation and Application Control Protection Modules have been configured.

The Protection Modules identified as Inherited in the exhibit have not yet been enabled. Only the Web Reputation and Application Control Protection Modules have been enabled at this point.

With the highlighted setting enabled, Deep Security Agents will scan files for known viruses and malware using patterns and any files deemed suspicious will be submitted to a configured Deep Discovery Analyzer for further analysis.

With the highlighted setting enabled, Deep Security Agents will scan files for viruses and malware using supplementary aggressive detection pattern files.

With the highlighted setting enabled, Deep Security Agents will scan files for unknown malware using Predictive Machine Learning.

With the highlighted setting enabled, Deep Security Agents will scan files for known malware as well as newly encounted malware by accessing the Suspicious Objects List.

A Reset operation generates Event information that can be used to troubleshoot Agent-to -Manager communication issues.

A Reset operation forces an update to the Deep Security Agent software installed on a managed computer.

A Reset operation forces the Deep Security Agent service to restart on the managed computer.

A Reset operation wipes out any Deep Security Agent settings, including its relationship with Deep Security Manager.

The Application Control Protection Module has been disabled at the Base Policy level and is not displayed in the details for child policies.

The Application Control Protection Module is only supported on Linux computers, the policy details displayed are for Windows computers only.

An Activation Code for the Application Control Protection Module has not been pro-vided. Unlicensed Protection Modules will not be displayed.

The Application Control Protection Modules has not been enabled for this tenant.

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

The Context provides Deep Security Agents with location awareness and are associated with Anti-Malware and Web Reputation Rules.

The Context provides Deep Security Agents with location awareness and are associated with Firewall and Intrusion Prevention Rules.

The Context provides Deep Security Agents with location awareness and are associated with Web Reputation Rules only.

The Context provides Deep Security Agents with location awareness and are associated with Log Inspection and Integrity Monitoring Rules.

This rule will allow incoming TCP and UPD communication to this server.

This rule will allow outgoing TCP and UPD communication from this server.

This rule will allow TCP and UPD replies to requests originating on this server.

This rule will allow incoming communication to this server, but not TCP and UPD.

Intrusion Prevention

Log Inspection

Integrity Monitoring

Anti-Malware

The Deep Security Agent is experiencing a system problem and is not processing packets since the "Network Engine System Failure" mode is set to "Fail Open".

The network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

The Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

The default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

The credibility scores for visited web sites will be cached. If access to the web site is re-quested again within 30 minutes, its credibility score will be retrieved from the cache instead of the configured Smart Protection source.

Packets failing the Network Packet Sanity Check will still be allowed to pass through the network engine.

Any events generated by computers within your corporate network, as defined by an IP address range, will be ignored

Live packet streams coming through the network engine will be replicated and all traffic analysis will be performed on the replicated stream

Force Allow permits traffic that would otherwise be denied by other Firewall rules to pass, but still enforces filtering by the Intrusion Prevention Protection Module.

Force Allow permits traffic to bypass analysis by both the Firewall and Intrusion Pre-vention Protection Modules.

Force Allow explicitly allows traffic that matches the Firewall rule to pass, and implicitly denies all other traffic.

Force Allow permits traffic to bypass analysis by all Deep Security Protection Modules.

Once the inventory scan has run when Application Control is first enabled, there is no way to update the inventory to incorporate modified software.

Software updates performed by a Trusted Updater will be automatically approved.

Edit the inventory database file (AC.db) on the Agent computer to include the hash of the newly updated software. Save the change and restart the Deep Security Agent. The software updates will now be approved.

Maintenance mode can be enabled while completing the updates.

Generate a Chargeback report in Deep Security manager Web console.

All the choices listed here are valid.

Use the Representational State Transfer (REST) API to collect usage data from the tenants.

Monitor usage by the tenants from the Statistics tab in the tenant Properties window.

The Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.

Any changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.

The Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.

Any changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.

Analyze the packet within the context of traffic history and connection state.

Compare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

Verify the integrity of the packet to insure the packet is suitable for analysis.

Verify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

The incorrect port was used. The correct command would be: dsa_control -a dsm://server1.acme.com:4118

Deep Security Agents can not be activated through the Command Prompt. They must be activated through the Deep Security Manager Web console or through a deployment script.

The command listed can only executed from the Command Prompt on the Deep Security Manager computer.

"Allow Agent-Initiated Activation" is currently not enabled in Deep Security Manager.