Trend Micro Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam Exam Practice Test

Any document files that display suspicious behavior will be submitted and executed in a sandbox environment on a Deep Discover Analyzer device.

Deep Security Agents using this Malware Scan Configuration will not monitor for compromised Windows processes.

Deep Security Agents will only be able to identify malware in files by using patterns downloaded from the Smart Protection Network.

Internet access is required to properly enable the features identified in this configuration.

This rule will allow incoming TCP and UPD communication to this server.

This rule will allow outgoing TCP and UPD communication from this server.

This rule will allow TCP and UPD replies to requests originating on this server.

This rule will allow incoming communication to this server, but not TCP and UPD.

Integrity scans

Port scans

Application traffic control

Stateful traffic analysis

The incorrect port was used. The correct command would be: dsa_control -a dsm://server1.acme.com:4118

Deep Security Agents can not be activated through the Command Prompt. They must be activated through the Deep Security Manager Web console or through a deployment script.

The command listed can only executed from the Command Prompt on the Deep Security Manager computer.

"Allow Agent-Initiated Activation" is currently not enabled in Deep Security Manager.

The Web Reputation and Application Control Protection Modules have been assigned a different policy that the other Protection Modules and as a result, are displayed with overrides.

The configuration for the Protection Modules is inherited from the policy assigned to this computer, except for the configuration of the Web Reputation and Application Control Protection Modules which have been set at the computer level.

The Protection Modules identified as Inherited in the exhibit have not yet been config-ured. Only the Web Reputation and Application Control Protection Modules have been configured.

The Protection Modules identified as Inherited in the exhibit have not yet been enabled. Only the Web Reputation and Application Control Protection Modules have been enabled at this point.

It is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.

The Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.

The Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.

The Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

Analyze the packet within the context of traffic history and connection state.

Compare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

Verify the integrity of the packet to insure the packet is suitable for analysis.

Verify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

The rules displayed in the exhibit have been hard-coded with the details of the policy. These rules will automatically be assigned to all Firewall policies that are created and can not be unassigned.

The rules displayed in the exhibit have been assigned to the policy at the parent level. Rules assigned to a parent policy can not be unassigned at the child level.

The rules displayed in the exhibit were assigned to the policy automatically when a Recommendation Scan was run. Rules assigned through a Recommendation Scan can not be disabled once assigned.

The rules displayed in the exhibit can not be unassigned as the administrator currently logged into the Deep Security Manager Web console does not have the permissions necessary to unassign rules.

Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically

Only a single tag can be assigned to an Event.

Events can be tagged automatically if they are similar to known good Events.

Events can be automatically deleted based on tags.

Force Allow permits traffic that would otherwise be denied by other Firewall rules to pass, but still enforces filtering by the Intrusion Prevention Protection Module.

Force Allow permits traffic to bypass analysis by both the Firewall and Intrusion Pre-vention Protection Modules.

Force Allow explicitly allows traffic that matches the Firewall rule to pass, and implicitly denies all other traffic.

Force Allow permits traffic to bypass analysis by all Deep Security Protection Modules.

Generate a Chargeback report in Deep Security manager Web console.

All the choices listed here are valid.

Use the Representational State Transfer (REST) API to collect usage data from the tenants.

Monitor usage by the tenants from the Statistics tab in the tenant Properties window.