Trend Deep-Security-Professional Exam Questions Instant Access

Question 1

What is the effect of the Firewall rule displayed in the following exhibit?

AThis rule will allow incoming TCP and UPD communication to this server.

BThis rule will allow outgoing TCP and UPD communication from this server.

CThis rule will allow TCP and UPD replies to requests originating on this server.

DThis rule will allow incoming communication to this server, but not TCP and UPD.

Answer : A

Question 2

Multiple Application Control Events are being displayed in Deep Security after a series of ap-plication updates and the administrator would like to reset Application Control. How can this be done?

AOn the Deep Security Agent computer, type the following command to reset Application Control: dsa_control -r

BClick 'Clear All' on the Actions tab in the Deep Security Manager Web console to reset the list of Application Control events.

CApplication Control can be reset by disabling the Protection Module, then enabling it once again. This will cause local rulesets to be rebuilt.

DApplication Control can not be reset.

Answer : C

Question 3

What is IntelliScan?

AIntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

BIntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

CIntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

DIntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

Answer : A

Question 4

Which of the following statements is true regarding Deep Security Relays?

ABoth 32-bit and 64-bit Deep Security Agents can be promoted to a Deep Security Relay.

BDeep Security Agents promoted to Deep Security Relays no longer provide the security capabilities enabled by the Protection Modules.

CDeep Security Relays are able to process Deep Security Agent requests during updates.

DDeep Security Agents communicate with Deep Security Relays to obtain security up-dates.

Answer : D

Question 5

The Intrusion Prevention Protection Module is enabled, but the traffic it is trying to analyze is encrypted through https. How is it possible for the Intrusion Prevention Protection Module to monitor this encrypted traffic against the assigned rules?

AIt is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.

BThe Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.

CThe Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.

DThe Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

Answer : A

inrusion-prevention-ssl-traffic

Question 6

What is the role of Apex Central in the Connected Threat Defense infrastructure?

AApex Central distributes Deep Security policies to Agents on the protected Servers.

BApex Central submits suspicious files to Deep Discovery Analyzer for further analysis.

CApex Central stores suspicious files that are awaiting submission to the Deep Discovery Analyzer.

DApex Central compiles the Suspicious Objects List based on the result of file analysis in Deep Discovery Analyzer.

Answer : D

1 Deep Security Agents are configured with rules to enable detection of malware on the protected computers.

2 Objects deemed to be suspicious are gathered and submitted to Deep Security Manager.

3 Deep Security Manager submits the suspicious objects to Deep Discovery Analyzer for analysis.

4 Deep Discovery Analyzer executes and observes the suspicious object in a secure, isolated virtual sandbox environment.

5 Deep Discovery Analyzer pushes the analysis results to Trend Micro Apex Central, where an action can be specified for the file based on the analysis. Once the action is specified, a list of emerging threats called a Suspicious Object List is created or updated. Other Trend Micro products, such as Apex One, Deep Discovery Inspector or Deep Discovery Email Inspector, may also be connected to Trend Micro Apex Central and be able to update the list.

6 Deep Security Manager receives the list of suspicious objects from Apex Central.

7 The list is forwarded to Deep Security Agents where protection against the suspicious object is applied. Anti-Malware policies define how suspicious objects are to be handled.

Explication: Study Guide - page (387)

Question 7

What is the purpose of the Deep Security Notifier?

AThe Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.

BThe Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.

CThe Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.

DThe Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

Answer : D

The Deep Security Notifier is a Windows System Tray application which provides local notification when malware is detected or malicious URLs are blocked.

It may be installed separately on protected virtual machines, however the Anti-Malware Protection Module must be licensed and enabled on the virtual machine for the Deep Security Notifier to display information.

The Notifier displays pop-up user notifications when the Anti-Malware module begins a scan, or blocks malware or access to malicious web pages. The Notifier also provides a console utility that allows the user to view events.

Explication: Study Guide - page (442)

Trend Micro Certified Professional for Deep Security Deep-Security-Professional Exam Questions