Trend Deep-Security-Professional Exam Practice Test Instant Access

Question 1

Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply.

AIntrusion Prevention

BLog Inspection

CIntegrity Monitoring

DAnti-Malware

Answer : A, B, C

Container users can benefit from Kubernetes and Docker platform protection at runtime with Intrusion Prevention, Integrity Monitoring and Log Inspection rules using the Deep Security Agent installed on the host. The Deep Security Intrusion Prevention approach allows you to inspect both east-west and north-south traffic between containers and platform layers like Kubernetes.

Explication: Study Guide - page (353)

Question 2

How is scan caching used in agentless implementations of Deep Security?

AScan caching maintains the Inclusions and Exclusions lists from the Malware Scan Configuration in memory to improve performance.

BScan caching manages resource usage by staggering the launch of malware scans to prevent scan storms

CScan caching is used in Agent-based installations only and is not supported in an agentless implementation.

DScan caching enhances the performance of the Deep Security Virtual Appliance in that files scanned for malware on a virtual machine that appear on other virtual machines may not need to be scanned again.

Answer : D

Question 3

What is the default priority assigned to Firewall rules using the Allow action?

AFirewall rules using the Allow action always have a priority of 4.

BFirewall rules using the Allow action can be assigned a priority between 0 and 4.

CFirewall rules using the Allow action can be assigned a priority between 1 and 3.

DFirewall rules using the Allow action always have a priority of 0.

Answer : D

Firewall_rule_priorities

Explication: Study Guide - page (241)

Question 4

A Deep Security administrator wishes to monitor a Windows SQL Server database and be alerted of any critical events which may occur on that server. How can this be achieved using Deep Security?

AThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

BThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

CThe administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

DThis can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

Answer : B

Question 5

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

AThe Deep Security Agent is experiencing a system problem and is not processing packets since the 'Network Engine System Failure' mode is set to 'Fail Open'.

BThe network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

CThe Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

DThe default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

Answer : D

Question 6

Which of the following is not an operation that is performed when network traffic is intercepted by the network driver on the Deep Security Agent?

AAnalyze the packet within the context of traffic history and connection state.

BCompare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

CVerify the integrity of the packet to insure the packet is suitable for analysis.

DVerify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

Answer : B

Question 7

Which of the following statements regarding the Integrity Monitoring Protection Module is true?

AThe Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.

BAny changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.

CThe Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.

DAny changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.

Answer : C

integrity-monitoring-set-up

Trend Micro Certified Professional for Deep Security Deep-Security-Professional Exam Practice Test