Free Trend Micro Certified Professional for Deep Security Exam Deep-Security-Professional Exam Practice Test

Which of the following statements is true regarding Intrusion Prevention protection?

• Intrusion Prevention protection can drop malicious packets but cannot reset the con-nection.
• Intrusion Prevention protection only works in conjunction with the Anti-Malware Pro-tection Module.
• Intrusion Prevention protection can only work on computers where a Deep Security Agent is installed; agentless protection is not supported.
• Intrusion Prevention protection can drop or reset a connection.

How does Smart Scan vary from conventional pattern-based anti-malware scanning?

• Smart Scan improves the capture rate for malware scanning by sending features of suspicious files to an cloud-based server where the features are compared to known malware samples.
• Smart Scan shifts much of the malware scanning functionality to an external Smart Protection Server.
• Smart Scan is performed in real time, where conventional scanning must be triggered manually, or run on a schedule.
• Smart Scan identifies files to be scanned based on the content of the file, not the exten-sion.

Which of the following statements is true regarding Event Tagging?

• Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically
• Only a single tag can be assigned to an Event.
• Events can be tagged automatically if they are similar to known good Events.
• Events can be automatically deleted based on tags.

What is the default priority assigned to Firewall rules using the Allow action?

• Firewall rules using the Allow action always have a priority of 4.
• Firewall rules using the Allow action can be assigned a priority between 0 and 4.
• Firewall rules using the Allow action can be assigned a priority between 1 and 3.
• Firewall rules using the Allow action always have a priority of 0.

Which of the following statements is true regarding Firewall Rules?

• Firewall Rules applied to Policy supersede similar rules applied to individuals computers.
• When traffic is intercepted by the network filter, Firewall Rules in the policy are always applied before any other processing is done.
• Firewall Rules applied through a parent-level Policy cannot be unassigned in a child-level policy.
• Firewall Rules are always processed in the order in which they appear in the rule list, as displayed in the Deep Security manager Web console.

Which of the following statements is true regarding the use of the Firewall Protection Module in Deep Security?

• The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.
• The Firewall Protection Module can identify suspicious byte sequences in packets.
• The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.
• The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

The Intrusion Prevention Protection Module is enabled, but the traffic it is trying to analyze is encrypted through https. How is it possible for the Intrusion Prevention Protection Module to monitor this encrypted traffic against the assigned rules?

• It is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.
• The Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.
• The Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.
• The Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

Which of the following correctly describes the Firewall rule Action of Force Allow?

• Force Allow permits traffic that would otherwise be denied by other Firewall rules to pass, but still enforces filtering by the Intrusion Prevention Protection Module.
• Force Allow permits traffic to bypass analysis by both the Firewall and Intrusion Pre-vention Protection Modules.
• Force Allow explicitly allows traffic that matches the Firewall rule to pass, and implicitly denies all other traffic.
• Force Allow permits traffic to bypass analysis by all Deep Security Protection Modules.

Recommendation scans can detect applications and/or vulnerabilities on servers on the network. Which of the following Protection Modules make use of Recommendation scans?

• Firewall, Application Control, and Integrity Monitoring
• Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection
• Log Inspection, Application Control, and Intrusion Prevention
• Intrusion Prevention, Integrity Monitoring, and Log Inspection

Which Protection Modules can make use of a locally installed Smart Protection Server?

• The Anti-Malware and Web Reputation Protection Modules can make use of the locally installed Smart Protection Server.
• All Protection Modules can make use of the locally installed Smart Protection Server
• Anti-Malware is the only Protection Modules that can use the locally installed Smart Protection Server.
• The Anti-Malware, Web Reputation and Intrusion Prevention Protection Modules can make use of the locally installed Smart Protection Server.