Free Trend Micro Certified Professional for Deep Security Exam Deep-Security-Professional Exam Practice Test

Which of the following file types would not be evaluated by the Application Control Protection Module?

• .py scripts
• .exe files
• .class files
• .docx files

Which Protection Modules can make use of a locally installed Smart Protection Server?

• The Anti-Malware and Web Reputation Protection Modules can make use of the locally installed Smart Protection Server.
• All Protection Modules can make use of the locally installed Smart Protection Server
• Anti-Malware is the only Protection Modules that can use the locally installed Smart Protection Server.
• The Anti-Malware, Web Reputation and Intrusion Prevention Protection Modules can make use of the locally installed Smart Protection Server.

Which of the following statements regarding the Integrity Monitoring Protection Module is true?

• The Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.
• Any changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.
• The Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.
• Any changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.

How can you prevent a file from being scanned for malware?

• Enable 'File Types scanned by IntelliScan' in the Malware Scan Configuration prop-erties in the Deep Security Manager Web console. Click 'Scan All Except' and type the filename to exclude from the scan.
• Edit the 'Scan Exclusions' section of the dsa.properties configuration file on the Deep Security Agent computer to include the file name. Save the configuration file and restart the Deep Security Agent service.
• Add the file to the Exclusions list in the Malware Scan Configuration.
• Add the file to the Exclusions list in the 'Allowed Spyware/Grayware Configuration'.

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

• The Deep Security Agent is experiencing a system problem and is not processing packets since the 'Network Engine System Failure' mode is set to 'Fail Open'.
• The network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.
• The Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.
• The default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

The Firewall Protection Module is enabled on a server through the computer details. What is default behavior of the Firewall if no rules are yet applied?

• All traffic is permitted through the firewall until either a Deny or Allow rule is assigned.
• A collection of default rules will automatically be assigned when the Firewall Protection Module is enabled.
• All traffic is blocked by the firewall until an Allow rule is assigned.
• All traffic is passed through the Firewall using a Bypass rule

Which of the following correctly identifies the order of the steps used by the Web Reputation Protection Module to determine if access to a web site should be allowed?

• Checks the cache. 2. Checks the Deny list. 3. Checks the Approved list. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.
• Checks the cache. 2. Checks the Approved list. 3. Checks the Deny list. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.
• Checks the Deny list. 2. Checks the Approved list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.
• Checks the Approved list. 2. Checks the Deny list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Which of the following statements is false regarding the Log Inspection Protection Module?

• Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.
• Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.
• The Log Inspection Protection Module is supported in both agent-based and agentless environments.
• Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.

What is the purpose of the Deep Security Notifier?

• The Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.
• The Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.
• The Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.
• The Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

Which of the following statements is true regarding the Log Inspection Protection Module?

• Deep Security Agents forward Log Inspection Event details to Deep Security Manager in real time.
• Log Inspection can only examine new Events and cannot examine logs entries created before the Protection Module was enabled.
• Log Inspection can only examine Deep Security log information.
• The Log Inspection Protection Module is supported in both Agent-based and Agentless implementations.