Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Trend Micro Deep Security Deep-Security-Professional Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam Deep-Security-Professional Premium Access

View all detail and faqs for the Deep-Security-Professional exam

Go to Exam

416 Students Passed

89% Average Score

96% Same Questions

Viewing page 1 out of 3 pages

Viewing questions 1-10 out of questions

Questions # 1:

Which Protection Modules can make use of a locally installed Smart Protection Server?

Options:

The Anti-Malware and Web Reputation Protection Modules can make use of the locally installed Smart Protection Server.

All Protection Modules can make use of the locally installed Smart Protection Server

Anti-Malware is the only Protection Modules that can use the locally installed Smart Protection Server.

The Anti-Malware, Web Reputation and Intrusion Prevention Protection Modules can make use of the locally installed Smart Protection Server.

Answer

Explanation

Only the Anti-Malware and Web Reputation modules are designed to interact with a Smart Protection Server for real-time threat lookups. The other modules do not leverage the Smart Protection Server.

From the official documentation:

“Smart Protection Server provides global threat intelligence lookups to the Anti-Malware and Web Reputation modules. Other modules do not use Smart Protection Server.”

[References:, , Trend Micro Smart Protection Server Administrator’s Guide, , Trend Micro Deep Security Administrator's Guide: Smart Protection Server IntegrationQUESTION NO: 16, Which of the following statements is false regarding Firewall rules using the Bypass action?, A. Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction., B. Firewall rules using the Bypass action do not generate log events., C. Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis., D. Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there., Answer: A, Explanation, Firewall rules using Bypass have the following noteworthy characteristics:, • Bypass skips both Firewall and Intrusion Prevention analysis., • Since stateful inspection is for bypassed traffic, bypassing traffic in one direction does not automatically bypass the response in the other direction. As a result firewall rules using Bypass are always created in pairs, one for incoming traffic and another for outgoing., • Firewall rules using Bypass will not be logged. This is not a configurable behavior., • Some firewall rules using Bypass are optimized, in that traffic will flow as efficiently as if the Deep Security Agent/Deep Security Virtual Appliance was not there., Explication: Study Guide - page (236), ]

Questions # 2:

Which of the following statements is true regarding Event Tagging?

Options:

Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically

Only a single tag can be assigned to an Event.

Events can be tagged automatically if they are similar to known good Events.

Events can be automatically deleted based on tags.

Questions # 3:

Based on the configuration setting highlighted in the exhibit, what behavior can be expected during a malware scan?

Question # 3

Options:

With the highlighted setting enabled, Deep Security Agents will scan files for known viruses and malware using patterns and any files deemed suspicious will be submitted to a configured Deep Discovery Analyzer for further analysis.

With the highlighted setting enabled, Deep Security Agents will scan files for viruses and malware using supplementary aggressive detection pattern files.

With the highlighted setting enabled, Deep Security Agents will scan files for unknown malware using Predictive Machine Learning.

With the highlighted setting enabled, Deep Security Agents will scan files for known malware as well as newly encounted malware by accessing the Suspicious Objects List.

Questions # 4:

What is the purpose of the Deep Security Relay?

Options:

Deep Security Relays distribute load to the Deep Security Manager nodes in a high-availability implementation.

Deep Security Relays forward policy details to Deep Security Agents and Virtual Appliances immediately after changes to the policy are applied.

Deep Security Relays maintain the caches of policies applied to Deep Security Agents on protected computers to improve performance.

Deep Security Relays are responsible for retrieving security and software updates and distributing them to Deep Security Manager, Agents and Virtual Appliances.

Questions # 5:

Where does Deep Security Manager store the credentials it uses to access the database?

Options:

In the logging.properties file

In the dsm.properties file

In the Windows Registry

In the database.properties file

Questions # 6:

What is the result of performing a Reset operation on a Deep Security Agent?

Options:

A Reset operation generates Event information that can be used to troubleshoot Agent-to -Manager communication issues.

A Reset operation forces an update to the Deep Security Agent software installed on a managed computer.

A Reset operation forces the Deep Security Agent service to restart on the managed computer.

A Reset operation wipes out any Deep Security Agent settings, including its relationship with Deep Security Manager.

Questions # 7:

Which of the following VMware components is not required to enable agentless protection using Deep Security.

Options:

VMware NSX

VMware ESXi

VMware vRealize

VMware vCenter

Questions # 8:

Which of the following statements is false regarding the Log Inspection Protection Module?

Options:

Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.

Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.

The Log Inspection Protection Module is supported in both agent-based and agentless environments.

Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.

Questions # 9:

Which of the following are valid methods for forwarding Event information from Deep Secu-rity? Select all that apply.

Options:

Simple Network Management Protocol (SNMP)

Deep Security Application Programming Interface (API)

Amazon Simple Notification Service (SNS)

Security Information and Event Management (SIEM)

Questions # 10:

Which of the following are valid methods for pre-approving software updates to prevent Ap-plication Control Events from being triggered by the execution of the modified software? Select all that apply.

Options:

Once the inventory scan has run when Application Control is first enabled, there is no way to update the inventory to incorporate modified software.

Software updates performed by a Trusted Updater will be automatically approved.

Edit the inventory database file (AC.db) on the Agent computer to include the hash of the newly updated software. Save the change and restart the Deep Security Agent. The software updates will now be approved.

Maintenance mode can be enabled while completing the updates.