Trend Micro Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam Exam Practice Test

The Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.

Any changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.

The Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.

Any changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.

A Reset operation generates Event information that can be used to troubleshoot Agent-to -Manager communication issues.

A Reset operation forces an update to the Deep Security Agent software installed on a managed computer.

A Reset operation forces the Deep Security Agent service to restart on the managed computer.

A Reset operation wipes out any Deep Security Agent settings, including its relationship with Deep Security Manager.

Firewall, Application Control, and Integrity Monitoring

Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection

Log Inspection, Application Control, and Intrusion Prevention

Intrusion Prevention, Integrity Monitoring, and Log Inspection

The Integrity Monitoring Protection Module

The File Inspection Protection Module

Deep Security can not provide this type of functionality

The Intrusion Prevention Protection Module

In the logging.properties file

In the dsm.properties file

In the Windows Registry

In the database.properties file

The new tenant data is added to the existing SQL Server database.

An additional table is created for each new tenant in the existing database in the SQL Server database to store its data.

An additional database is created in SQL Server for each new tenant to store its data.

An additional user is created for each new tenant in the SQL Server database to store its data.

Intrusion Prevention protection can drop malicious packets but cannot reset the con-nection.

Intrusion Prevention protection only works in conjunction with the Anti-Malware Pro-tection Module.

Intrusion Prevention protection can only work on computers where a Deep Security Agent is installed; agentless protection is not supported.

Intrusion Prevention protection can drop or reset a connection.

Machine Learning is malware detection technique in which features of an executable file are compared against a cloud-based learning model to determine the probability of the file being malware.

Machine Learning is a malware detection technique in which files are scanned based on the true file type as determined by the file content, not the extension.

Machine Learning is a malware detection technique in which the Deep Security Agent monitors process memory in real time and once a process is deemed to be suspicious, Deep Security will perform additional checks with the Smart Protection Network to determine if this is a known good process.

Machine Learning is malware detection technique in which processes on the protected computer are monitored for actions that are not typically performed by a given process.

The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.

Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

This can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

The Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.

The Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.

The Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.

The Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

Smart Folders identify the folders that will be scanned when a Real-Time, Manual or Scheduled malware scan is run.

Smart Folders are a collection of subfolders containing the policy settings that are ap-plied to child policies or directly to Computers.

Smart Folders act as a saved search of computers which is executed each time the folder is clicked to display its contents.

Smart Folders are the containers used to store the results of Recommendation Scans. Once a Recommendation Scan has completed, and administrator can click a Smart Folder and select which of the recommended rules to apply.