Trend Deep-Security-Professional Exam Practice Test Instant Access

Question 1

Which of the following are valid methods for pre-approving software updates to prevent Ap-plication Control Events from being triggered by the execution of the modified software? Select all that apply.

AOnce the inventory scan has run when Application Control is first enabled, there is no way to update the inventory to incorporate modified software.

BSoftware updates performed by a Trusted Updater will be automatically approved.

CEdit the inventory database file (AC.db) on the Agent computer to include the hash of the newly updated software. Save the change and restart the Deep Security Agent. The software updates will now be approved.

DMaintenance mode can be enabled while completing the updates.

Answer : B, D

Normally, you will want Application Control to alert you when there are any unexpected software updates. However, some updates are expected and you will need provide allowances for these up-dates. Two methods for pre-approving software updates includes maintenance mode and trusted installers.

Explication: Study Guide - page (303-304)

Question 2

Multi-tenancy is enabled in Deep Security and new tenants are created. Where does the new tenant data get stored when using SQL Server as the Deep Security database?

AThe new tenant data is added to the existing SQL Server database.

BAn additional table is created for each new tenant in the existing database in the SQL Server database to store its data.

CAn additional database is created in SQL Server for each new tenant to store its data.

DAn additional user is created for each new tenant in the SQL Server database to store its data.

Answer : C

With Microsoft SQL and PostgreSQL, there's one main database and an additional database for each tenant. With Oracle, all tenant information is in one Deep Security Manager database, but an additional user is created for each tenant. Each user has its own tables.

Explication: Study Guide - page (409)

Question 3

Which of the following is not an operation that is performed when network traffic is intercepted by the network driver on the Deep Security Agent?

AAnalyze the packet within the context of traffic history and connection state.

BCompare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

CVerify the integrity of the packet to insure the packet is suitable for analysis.

DVerify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

Answer : B

Question 4

A Deep Security administrator wishes to monitor a Windows SQL Server database and be alerted of any critical events which may occur on that server. How can this be achieved using Deep Security?

AThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

BThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

CThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

DThis can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

Answer : B

Question 5

A collection of servers protected by Deep Security do not have Internet access. How can Smart Scan be used on these computers.

AInstall a Smart Protection Server in the environment and set it as the source for File Reputation information.

BSmart Scan must contact the Smart Protection Network to function. Any servers without Internet access will be unable to use Smart Scan.

CPromote one of the Deep Security Agents on the air gapped computers to become a Re-lay.

DSmart Scan can be configured to use a local pattern file containing the same information as the Smart Protection Network.

Answer : A

Agent-airgapped

Question 6

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

AThe Deep Security Agent is experiencing a system problem and is not processing packets since the 'Network Engine System Failure' mode is set to 'Fail Open'.

BThe network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

CThe Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

DThe default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

Answer : D

Question 7

Which of the following are valid methods for forwarding Event information from Deep Secu-rity? Select all that apply.

ASimple Network Management Protocol (SNMP)

BDeep Security Application Programming Interface (API)

CAmazon Simple Notification Service (SNS)

DSecurity Information and Event Management (SIEM)

Answer : A, C, D

You can configure Deep Security Manager to instruct all managed computers to send logs to a SI-EM, Amazon Simple Notification Service or SNMP computers.

Explication: Study Guide - page (322)

Trend Micro Certified Professional for Deep Security Deep-Security-Professional Exam Practice Test