Trend Deep-Security-Professional Exam Questions Instant Access

Question 1

Your VMware environment is configured without using NSX. How can Deep Security provide protection to the virtual images hosted on your ESXi servers?

AWithout NSX, a Deep Security Agent must be installed on each virtual machine hosted on the ESXi server.

BWithout NSX, you will be unable to use Deep Security to protect your virtual machines.

CYou can install a Deep Security Virtual Appliance on the ESXi server. This will provide agentless support for Anti-Malware, Intrusion Prevention, Integrity Monitoring, Firewall and Web Reputation.

DWithout NSX, you can only enable Anti-Malware and Integrity Monitoring protection on the virtual machines. NSX is required to support Intrusion Prevention, Firewall and Web Reputation

Answer : A

Customers protecting VMware environments without NSX can use a Deep Security Agent on each of their virtual machines. By using the Deep Security Agent, the VMware environment can be pro-tected using all the Deep Security Protection Module.

protect-vmware-environments

Explication: Study Guide - page (432)

Question 2

Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply.

AIntrusion Prevention

BLog Inspection

CIntegrity Monitoring

DAnti-Malware

Answer : A, B, C

Container users can benefit from Kubernetes and Docker platform protection at runtime with Intrusion Prevention, Integrity Monitoring and Log Inspection rules using the Deep Security Agent installed on the host. The Deep Security Intrusion Prevention approach allows you to inspect both east-west and north-south traffic between containers and platform layers like Kubernetes.

Explication: Study Guide - page (353)

Question 3

As the administrator in a multi-tenant environment, you would like to monitor the usage of security services by tenants? Which of the following are valid methods for monitoring the usage of the system by the tenants?

AGenerate a Chargeback report in Deep Security manager Web console.

BAll the choices listed here are valid.

CUse the Representational State Transfer (REST) API to collect usage data from the tenants.

DMonitor usage by the tenants from the Statistics tab in the tenant Properties window.

Answer : B

Deep Security Manager records data about tenant usage. This information is displayed in the Ten-ant Protection Activity widget on the Dashboard, the Statistics tab in tenant Properties, and the Chargeback report.

This information can also be accessed through the Status Monitoring REST API which can be enabled or disabled from the Administration > Advanced > System Settings > Advanced > Status Monitoring API.

multi-tenancy

Explication: Study Guide - page (422)

Question 4

What is the purpose of the override.properties file?

AThis file is used to transfer policy settings from one installation of Deep Security Man-ager to another

BThis file allows properties to be tested on Deep Security Manager without affecting the original configuration.

CThis file contains the original out-of-the-box configuration properties for Deep Security Manager. This file is renamed to dsm.properties upon initialization of Deep Security Manager.

DThis file allows Deep Security Agents to override enforced behavior by providing new policy configuration details.

Answer : B

The properties specified in this configuration file override the properties specified in the dsm.properties file. This file can be created manually by a support engineer to modify product be-havior without affecting the original configuration.

Explication: Study Guide - page (42)

Question 5

Based on the policy configuration displayed in the exhibit, which of the following statements is true?

AChanges to any of the Deep Security policies will be send to the Deep Security Agents as soon as the changes are saved.

BAdministrators with access to the protected Server will be able to uninstall the Deep Security Agent through Windows Control Panel.

CDeep Security Agents will send event information to Deep Security Manager every 10 minutes.

DIf the Deep Security Manager does not receive a message from the Deep Security agent every 20 minutes, an alert will be raised.

Answer : B

Question 6

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

AThe Deep Security Agent is experiencing a system problem and is not processing packets since the 'Network Engine System Failure' mode is set to 'Fail Open'.

BThe network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

CThe Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

DThe default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

Answer : D

Question 7

The Intrusion Prevention Protection Module is enabled, but the traffic it is trying to analyze is encrypted through https. How is it possible for the Intrusion Prevention Protection Module to monitor this encrypted traffic against the assigned rules?

AIt is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.

BThe Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.

CThe Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.

DThe Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

Answer : A

inrusion-prevention-ssl-traffic

Trend Micro Certified Professional for Deep Security Deep-Security-Professional Exam Questions