Black Friday Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

Trend Micro Deep-Security-Professional Dumps

Page: 1 / 8
Total 80 questions
Get Deep-Security-Professional Full Access Download Deep-Security-Professional PDF

Trend Micro Certified Professional for Deep Security Exam Questions and Answers

Question 1

How is caching used by the Web Reputation Protection Module?

Options:

A.

Caching is used by the Web Reputation Protection Module to temporarily store the credibility score for a Web site. The retrieved credibility score is cached in case the score for the Web site is required again for the life of the cache.

B.

Caching is used by the Web Reputation Protection Module to temporarily store the pages that make up the Web site. The Web site is cached in case the site is visited again for the life of the cache.

C.

Caching is used by the Web Reputation Protection Module to keep track of Web sites that are added to the Allowed list. Any sites added to the Allowed list will be accessible by protected servers regardless of their credibility score.

D.

Caching is used by the Web Reputation Protection Module to keep track of Allowed and Blocked Web sites. Any sites that are Allowed or Blocked do not require the retrieval of a credibility score from the Trend Micro Web Reputation Service.

Question 2

The Intrusion Prevention Protection Module is enabled and a Recommendation Scan is run to identify vulnerabilities on a Windows Server 2016 computer. How can you insure that the list of recommendations is always kept up to date?

Options:

A.

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

B.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

C.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

D.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

Question 3

Which of the following correctly identifies the order of the steps used by the Web Reputation Protection Module to determine if access to a web site should be allowed?

Options:

A.

Checks the cache. 2. Checks the Deny list. 3. Checks the Approved list. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

B.

Checks the cache. 2. Checks the Approved list. 3. Checks the Deny list. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

C.

Checks the Deny list. 2. Checks the Approved list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

D.

Checks the Approved list. 2. Checks the Deny list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Question 4

The Security Level for Web Reputation in a policy is set to High. A server assigned this policy attempts to access a Web site with a credibility score of 78.

What is the result?

Options:

A.

The Deep Security Agent allows access to the Web site, and logs the connection attempt as an Event.

B.

The Deep Security Agent allows access as the credibility score for the Web site is above the allowed threshold.

C.

The Deep Security Agent blocks access as the credibility score for the Web site is below the allowed threshold. An error page is displayed in the Web browser.

D.

The Deep Security Agent displays a warning message as the site is unrated.

Question 5

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

Options:

A.

The Deep Security Agent is experiencing a system problem and is not processing packets since the "Network Engine System Failure" mode is set to "Fail Open".

B.

The network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

C.

The Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

D.

The default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

Question 6

Which of following statements best describes Machine Learning in Deep Security?

Options:

A.

Machine Learning is malware detection technique in which features of an executable file are compared against a cloud-based learning model to determine the probability of the file being malware.

B.

Machine Learning is a malware detection technique in which files are scanned based on the true file type as determined by the file content, not the extension.

C.

Machine Learning is a malware detection technique in which the Deep Security Agent monitors process memory in real time and once a process is deemed to be suspicious, Deep Security will perform additional checks with the Smart Protection Network to determine if this is a known good process.

D.

Machine Learning is malware detection technique in which processes on the protected computer are monitored for actions that are not typically performed by a given process.

Question 7

The Intrusion Prevention Protection Module is enabled, but the traffic it is trying to analyze is encrypted through https. How is it possible for the Intrusion Prevention Protection Module to monitor this encrypted traffic against the assigned rules?

Options:

A.

It is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.

B.

The Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.

C.

The Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.

D.

The Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

Question 8

Which of the following are valid methods for pre-approving software updates to prevent Ap-plication Control Events from being triggered by the execution of the modified software? Select all that apply.

Options:

A.

Once the inventory scan has run when Application Control is first enabled, there is no way to update the inventory to incorporate modified software.

B.

Software updates performed by a Trusted Updater will be automatically approved.

C.

Edit the inventory database file (AC.db) on the Agent computer to include the hash of the newly updated software. Save the change and restart the Deep Security Agent. The software updates will now be approved.

D.

Maintenance mode can be enabled while completing the updates.

Question 9

Which of the following statements is false regarding the Log Inspection Protection Module?

Options:

A.

Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.

B.

Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.

C.

The Log Inspection Protection Module is supported in both agent-based and agentless environments.

D.

Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.

Question 10

Which of the following operations makes use of the Intrusion Prevention Protection Module?

Options:

A.

Integrity scans

B.

Port scans

C.

Application traffic control

D.

Stateful traffic analysis

Question 11

Multiple Application Control Events are being displayed in Deep Security after a series of ap-plication updates and the administrator would like to reset Application Control. How can this be done?

Options:

A.

On the Deep Security Agent computer, type the following command to reset Application Control: dsa_control -r

B.

Click "Clear All" on the Actions tab in the Deep Security Manager Web console to reset the list of Application Control events.

C.

Application Control can be reset by disabling the Protection Module, then enabling it once again. This will cause local rulesets to be rebuilt.

D.

Application Control can not be reset.

Question 12

Which of the following statements is true regarding Intrusion Prevention rules?

Options:

A.

Intrusion Prevention rules can block unrecognized software from executing.

B.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

C.

Intrusion Prevention rules can detect or block traffic associated with specific applica-tions, such as Skype or file-sharing utilities.

D.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.

Load More Deep-Security-Professional Questions
Page: 1 / 8
Total 80 questions
Get Deep-Security-Professional Full Access Download Deep-Security-Professional PDF