Trend
Deep-Security-Professional
Q1:
While viewing the details of the Firewall Protection Module, as displayed in the exhibit, you note that a few rules have already been assigned. You try to disable these rules, but they can not be unassigned. Why can the displayed rules not be unassigned?
○
A
The rules displayed in the exhibit have been hard-coded with the details of the policy. These rules will automatically be assigned to all Firewall policies that are created and can not be unassigned.○
B
The rules displayed in the exhibit have been assigned to the policy at the parent level. Rules assigned to a parent policy can not be unassigned at the child level.○
C
The rules displayed in the exhibit were assigned to the policy automatically when a Recommendation Scan was run. Rules assigned through a Recommendation Scan can not be disabled once assigned.○
D
The rules displayed in the exhibit can not be unassigned as the administrator currently logged into the Deep Security Manager Web console does not have the permissions necessary to unassign rules.
Trend
Deep-Security-Professional
Q2:
Which of the following correctly identifies the order of the steps used by the Web Reputation Protection Module to determine if access to a web site should be allowed?
○
A
Checks the cache. 2. Checks the Deny list. 3. Checks the Approved list. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.○
B
Checks the cache. 2. Checks the Approved list. 3. Checks the Deny list. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.○
C
Checks the Deny list. 2. Checks the Approved list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.○
D
Checks the Approved list. 2. Checks the Deny list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.
Trend
Deep-Security-Professional
Q3:
How can you prevent a file from being scanned for malware?
○
A
Enable 'File Types scanned by IntelliScan' in the Malware Scan Configuration prop-erties in the Deep Security Manager Web console. Click 'Scan All Except' and type the filename to exclude from the scan.○
B
Edit the 'Scan Exclusions' section of the dsa.properties configuration file on the Deep Security Agent computer to include the file name. Save the configuration file and restart the Deep Security Agent service.○
C
Add the file to the Exclusions list in the Malware Scan Configuration.○
D
Add the file to the Exclusions list in the 'Allowed Spyware/Grayware Configuration'.
Trend
Deep-Security-Professional
Q4:
Which of the following correctly describes the Firewall rule Action of Force Allow?
○
A
Force Allow permits traffic that would otherwise be denied by other Firewall rules to pass, but still enforces filtering by the Intrusion Prevention Protection Module.○
B
Force Allow permits traffic to bypass analysis by both the Firewall and Intrusion Pre-vention Protection Modules.○
C
Force Allow explicitly allows traffic that matches the Firewall rule to pass, and implicitly denies all other traffic.○
D
Force Allow permits traffic to bypass analysis by all Deep Security Protection Modules.
Trend
Deep-Security-Professional
Q5:
A Recommendation Scan is run to determine which Intrusion Prevention rules are appropriate for a Server. The scan is configured to apply the suggested rules automatically and ongoing scans are enabled. Some time later, an operating system patch is applied. How can you de-termine which Intrusion Prevention rules are no longer needed on this Server?
○
A
The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.○
B
Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.○
C
Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.○
C
Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.