Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Trend Micro Deep-Security-Professional - Trend Micro Certified Professional for Deep Security Exam

Trend Micro Deep-Security-Professional Premium Access     Download Demo    
Page: 2 / 3
Total 80 questions

Based on the policy configuration displayed in the exhibit, which of the following statements is true?

A.

Changes to any of the Deep Security policies will be send to the Deep Security Agents as soon as the changes are saved.

B.

Administrators with access to the protected Server will be able to uninstall the Deep Security Agent through Windows Control Panel.

C.

Deep Security Agents will send event information to Deep Security Manager every 10 minutes.

D.

If the Deep Security Manager does not receive a message from the Deep Security agent every 20 minutes, an alert will be raised.

Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply.

A.

Intrusion Prevention

B.

Log Inspection

C.

Integrity Monitoring

D.

Anti-Malware

A Recommendation Scan is run to determine which Intrusion Prevention rules are appropriate for a Server. The scan is configured to apply the suggested rules automatically and ongoing scans are enabled. Some time later, an operating system patch is applied. How can you de-termine which Intrusion Prevention rules are no longer needed on this Server?

A.

The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.

B.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.

C.

Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.

D.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.

Your VMware environment is configured without using NSX. How can Deep Security provide protection to the virtual images hosted on your ESXi servers?

A.

Without NSX, a Deep Security Agent must be installed on each virtual machine hosted on the ESXi server.

B.

Without NSX, you will be unable to use Deep Security to protect your virtual machines.

C.

You can install a Deep Security Virtual Appliance on the ESXi server. This will provide agentless support for Anti-Malware, Intrusion Prevention, Integrity Monitoring, Firewall and Web Reputation.

D.

Without NSX, you can only enable Anti-Malware and Integrity Monitoring protection on the virtual machines. NSX is required to support Intrusion Prevention, Firewall and Web Reputation

Which of the following statements is correct regarding the policy settings displayed in the exihibit?

A.

The Heartbeat interval value displayed in this policy is inherited from the parent policy

B.

Deep Security Agents using the displayed policy will send event details to Deep Security Manager every 5 minutes.

C.

All Deep Security Agents will send event details to Deep Security Manager every 5 minutes.

D.

Deep Security Manager will refresh the policy details on the Deep Security Agents using this policy every 5 minutes.

What is IntelliScan?

A.

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

B.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

C.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

D.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

The "Protection Source when in Combined Mode" settings are configured for a virtual machine as in the exhibit. You would like to enable Application Control on this virtual machine, but there is no corresponding setting displayed. Why?

A.

In the example displayed in the exhibit, no activation code was entered for Application Control. Since the Protection Module is not licensed, the corresponding settings are not displayed.

B.

These settings are used when both an host-based agent and agentless protection are available for the virtual machine. Since Application Control is not supported in agentless installations, there is no need for the setting.

C.

In the example displayed in the exhibit, the Application Control Protection Module has not yet been enabled. Once it is enabled for this virtual machine, the corresponding settings are displayed.

D.

In the example displayed in the exhibit, the VMware Guest Introspection Service has not yet been installed. This service is required to enable Application Control in agentless installations.

An administrator enables Multi-Tenancy in Deep Security and creates multiple tenants. After a period of time, the administrator would like to review the usage and resource consumption by a specific tenant. How can the administrator retrieve this information?

A.

The administrator could check the Multi-Tenancy log file for resource consumption details.

B.

The administrator could generate a Tenant report from within the Deep Security Manager Web console.

C.

The administrator will not be able retrieve this information without licensing and ena-bling the Multi-Tenancy Chargeback module in the Deep Security Manager Web con-sole.

D.

The administrator downloads the Tenant usage details from the Deep Security Agent on the Tenant computer.

Which of the following Protection Modules does not benefit from Recommendation Scans?

A.

Log Inspection

B.

Integrity Monitoring

C.

Firewall

D.

Intrusion Prevention

Which of the following is not an operation that is performed when network traffic is intercepted by the network driver on the Deep Security Agent?

A.

Analyze the packet within the context of traffic history and connection state.

B.

Compare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

C.

Verify the integrity of the packet to insure the packet is suitable for analysis.

D.

Verify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.