Pass the Trend Deep Security Professional Exam 2023 – Best Deep Security Professional Preparation Material

The Trend Deep Security Professional exam is a challenging test that requires a solid understanding of the subject matter. But with the right preparation materials, you can increase your chances of passing the exam on the first try. That’s where Certspot comes in with their latest Deep Security Professional preparation material. Their Deep Security Professional practice exam questions are carefully crafted to cover all the topics and concepts that you’ll need to know to pass the Trend Micro Certified Professional for Deep Security Exam exam. The material is updated regularly to ensure that it reflects any changes or updates to the exam. By studying Certspot Deep Security Professional preparation material, you’ll be able to identify any knowledge gaps and focus your studying efforts on those areas. This will help you to study more effectively, ultimately leading to a better chance of passing the exam.

Page 1 of 3

1. The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked.

What is a possible reason for this?

The Deep Security Agent is experiencing a system problem and is not processing packets since the "Network Engine System Failure" mode is set to "Fail Open".

The network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

The Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

The default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

 Loading...

2. The Intrusion Prevention Protection Module is enabled and a Recommendation Scan is run to identify vulnerabilities on a Windows Server 2016 computer.

How can you insure that the list of recommendations is always kept up to date?

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

 Loading...

3. What is the default priority assigned to Firewall rules using the Allow action?

Firewall rules using the Allow action always have a priority of 4.

Firewall rules using the Allow action can be assigned a priority between 0 and 4.

Firewall rules using the Allow action can be assigned a priority between 1 and 3.

Firewall rules using the Allow action always have a priority of 0.

 Loading...

4. Which of the following operations makes use of the Intrusion Prevention Protection Module?

Integrity scans

Port scans

Application traffic control

Stateful traffic analysis

 Loading...

5. Your VMware environment is configured without using NSX.

How can Deep Security provide protection to the virtual images hosted on your ESXi servers?

Without NSX, a Deep Security Agent must be installed on each virtual machine hosted on the ESXi server.

Without NSX, you will be unable to use Deep Security to protect your virtual machines.

You can install a Deep Security Virtual Appliance on the ESXi server. This will provide agentless support for Anti-Malware, Intrusion Prevention, Integrity Monitoring, Firewall and Web Reputation.

Without NSX, you can only enable Anti-Malware and Integrity Monitoring protection on the virtual machines. NSX is required to support Intrusion Prevention, Firewall and Web Reputation

 Loading...

6. Which of the following is not an operation that is performed when network traffic is intercepted by the network driver on the Deep Security Agent?

Analyze the packet within the context of traffic history and connection state.

Compare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

Verify the integrity of the packet to insure the packet is suitable for analysis.

Verify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

 Loading...

7. The Firewall Protection Module is enabled on a server through the computer details.

What is default behavior of the Firewall if no rules are yet applied?

All traffic is permitted through the firewall until either a Deny or Allow rule is assigned.

A collection of default rules will automatically be assigned when the Firewall Protection Module is enabled.

All traffic is blocked by the firewall until an Allow rule is assigned.

All traffic is passed through the Firewall using a Bypass rule

 Loading...

8. Which of following statements best describes Machine Learning in Deep Security?

Machine Learning is malware detection technique in which features of an executable file are compared against a cloud-based learning model to determine the probability of the file being malware.

Machine Learning is a malware detection technique in which files are scanned based on the true file type as determined by the file content, not the extension.

Machine Learning is a malware detection technique in which the Deep Security Agent monitors process memory in real time and once a process is deemed to be suspicious, Deep Security will perform additional checks with the Smart Protection Network to determine if this is a known good process.

Machine Learning is malware detection technique in which processes on the protected computer are monitored for actions that are not typically performed by a given process.

 Loading...

9. Based on the script displayed in the exhibit, which of the following statements are correct? Select all that apply.

Deep Security Agents deployed using this script will be activated against Tenant 0 in a multi-tenant environment.

This script will deploy the Deep Security Agent on a server, but will not automatically activate it.

Deep Security Agents deployed using this script are activated against a specific tenant.

Deep Security Agents deployed using this script will be assigned a specific policy when activated.

 Loading...

10. New servers are added to the Computers list in Deep Security Manager Web config by running a Discover operation.

What behavior can you expect for newly discovered computers?

Any servers discovered in the selected Active Directory branch hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range that are hosting Deep Security Agents will be added to the Computers list and will be automatically activated.

Any servers within the IP address range will be added to the Computers list, regardless of whether they are hosting a Deep Security Agent or not.

 Loading...

Page 2 of 3

11. When viewing the details for a policy, as displayed in the exhibit, you notice that the Application Control Protection Module is not available.





In this example, why would this Protection Modules not be available?

The Application Control Protection Module has been disabled at the Base Policy level and is not displayed in the details for child policies.

The Application Control Protection Module is only supported on Linux computers, the policy details displayed are for Windows computers only.

An Activation Code for the Application Control Protection Module has not been pro-vided. Unlicensed Protection Modules will not be displayed.

The Application Control Protection Modules has not been enabled for this tenant.

 Loading...

12. Where does Deep Security Manager store the credentials it uses to access the database?

In the logging.properties file

In the dsm.properties file

In the Windows Registry

In the database.properties file

 Loading...

13. The Intrusion Prevention Protection Module is enabled, but the traffic it is trying to analyze is encrypted through https.

How is it possible for the Intrusion Prevention Protection Module to monitor this encrypted traffic against the assigned rules?

It is possible to monitor the https traffic by creating an SSL Configuration. Creating a new SSL Configuration will make the key information needed to decrypt the traffic available to the Deep Security Agent.

The Intrusion Prevention Protection Module is not able to analyze encrypted https traffic.

The Intrusion Prevention Protection Module can only analyze https traffic originating from other servers hosting a Deep Security Agent.

The Intrusion Prevention Protection Module can analyze https traffic if the public cer-tificate of the originating server is imported into the certificate store on the Deep Secu-rity Agent computer.

 Loading...

14. Which of the following statements is FALSE regarding Firewall rules using the Bypass action?

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

 Loading...

15. The Overrides settings for a computer are displayed in the exhibit.





Which of the following statements is true regarding the displayed configuration?

The Web Reputation and Application Control Protection Modules have been assigned a different policy that the other Protection Modules and as a result, are displayed with overrides.

The configuration for the Protection Modules is inherited from the policy assigned to this computer, except for the configuration of the Web Reputation and Application Control Protection Modules which have been set at the computer level.

The Protection Modules identified as Inherited in the exhibit have not yet been config-ured. Only the Web Reputation and Application Control Protection Modules have been configured.

The Protection Modules identified as Inherited in the exhibit have not yet been enabled. Only the Web Reputation and Application Control Protection Modules have been enabled at this point.

 Loading...

16. Multiple Application Control Events are being displayed in Deep Security after a series of ap-plication updates and the administrator would like to reset Application Control.

How can this be done?

On the Deep Security Agent computer, type the following command to reset Application Control: dsa_control -r

Click "Clear All" on the Actions tab in the Deep Security Manager Web console to reset the list of Application Control events.

Application Control can be reset by disabling the Protection Module, then enabling it once again. This will cause local rulesets to be rebuilt.

Application Control can not be reset.

 Loading...

17. The Security Level for Web Reputation in a policy is set to High. A server assigned this policy attempts to access a Web site with a credibility score of 78.

What is the result?

The Deep Security Agent allows access to the Web site, and logs the connection attempt as an Event.

The Deep Security Agent allows access as the credibility score for the Web site is above the allowed threshold.

The Deep Security Agent blocks access as the credibility score for the Web site is below the allowed threshold. An error page is displayed in the Web browser.

The Deep Security Agent displays a warning message as the site is unrated.

 Loading...

18. Which of the following statements is false regarding the Log Inspection Protection Module?

Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.

Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.

The Log Inspection Protection Module is supported in both agent-based and agentless environments.

Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.

 Loading...

19. Based on the following exhibit, what behavior would you expect for the Application Control Protection Module?

Since this computer is in Maintenance Mode, updates to the Application Control Pro-tection Module will be applied.

Since this computer is in Maintenance Mode, new or changed software will be auto-matically added to the list of Allowed software in the currently active ruleset.

Since this computer is in Maintenance Mode, Application Control will allow any Blocked software to temporarily run

Since this computer is in Maintenance Mode, Application Control will ignore any Blocked software in the currently active ruleset.

 Loading...

20. Based on the configuration setting highlighted in the exhibit, what behavior can be expected during a malware scan?

With the highlighted setting enabled, Deep Security Agents will scan files for known viruses and malware using patterns and any files deemed suspicious will be submitted to a configured Deep Discovery Analyzer for further analysis.

With the highlighted setting enabled, Deep Security Agents will scan files for viruses and malware using supplementary aggressive detection pattern files.

With the highlighted setting enabled, Deep Security Agents will scan files for unknown malware using Predictive Machine Learning.

With the highlighted setting enabled, Deep Security Agents will scan files for known malware as well as newly encounted malware by accessing the Suspicious Objects List.

 Loading...

Page 3 of 3

21. Which of the following statements is true regarding Deep Security Relays?

Both 32-bit and 64-bit Deep Security Agents can be promoted to a Deep Security Relay.

Deep Security Agents promoted to Deep Security Relays no longer provide the security capabilities enabled by the Protection Modules.

Deep Security Relays are able to process Deep Security Agent requests during updates.

Deep Security Agents communicate with Deep Security Relays to obtain security up-dates.

 Loading...

22. Which of the following statements is true regarding the Intrusion Prevention Protection Module?

The Intrusion Prevention Protection Module blocks or allows traffic based on header information within data packets.

The Intrusion Prevention Protection Module analyzes the payload within incoming and outgoing data packets to identify content that can signal an attack.

The Intrusion Prevention Protection Module can identify changes applied to protected objects, such as the Hosts file, or the Windows Registry.

The Intrusion Prevention Protection Module can prevent applications from executing, allowing an organization to block unallowed software.

 Loading...

23. Policies in Deep Security can include a Context value.

Which of the following statements re-garding Context is correct?

The Context provides Deep Security Agents with location awareness and are associated with Anti-Malware and Web Reputation Rules.

The Context provides Deep Security Agents with location awareness and are associated with Firewall and Intrusion Prevention Rules.

The Context provides Deep Security Agents with location awareness and are associated with Web Reputation Rules only.

The Context provides Deep Security Agents with location awareness and are associated with Log Inspection and Integrity Monitoring Rules.

 Loading...

24. What is IntelliScan?

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

 Loading...

 Loading...