Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

The Intrusion Prevention Protection Module is enabled and a Recommendation Scan is run to identify vulnerabilities on a Windows Server 2016 computer. How can you insure that the list of recommendations is always kept up to date?

A.

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

B.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

C.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

D.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

Which of the following statements is correct regarding the policy settings displayed in the exihibit?

A.

The Heartbeat interval value displayed in this policy is inherited from the parent policy

B.

Deep Security Agents using the displayed policy will send event details to Deep Security Manager every 5 minutes.

C.

All Deep Security Agents will send event details to Deep Security Manager every 5 minutes.

D.

Deep Security Manager will refresh the policy details on the Deep Security Agents using this policy every 5 minutes.

Which of the following statements is true regarding the use of the Firewall Protection Module in Deep Security?

A.

The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.

B.

The Firewall Protection Module can identify suspicious byte sequences in packets.

C.

The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.

D.

The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply.

A.

Intrusion Prevention

B.

Log Inspection

C.

Integrity Monitoring

D.

Anti-Malware

A Recommendation Scan is run to determine which Intrusion Prevention rules are appropriate for a Server. The scan is configured to apply the suggested rules automatically and ongoing scans are enabled. Some time later, an operating system patch is applied. How can you de-termine which Intrusion Prevention rules are no longer needed on this Server?

A.

The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.

B.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.

C.

Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.

D.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.

Which of the following are valid methods for forwarding Event information from Deep Secu-rity? Select all that apply.

A.

Simple Network Management Protocol (SNMP)

B.

Deep Security Application Programming Interface (API)

C.

Amazon Simple Notification Service (SNS)

D.

Security Information and Event Management (SIEM)

Which of the following Protection Modules does not benefit from Recommendation Scans?

A.

Log Inspection

B.

Integrity Monitoring

C.

Firewall

D.

Intrusion Prevention

Which of the following Firewall rule actions will allow data packets to pass through the Firewall Protection Module without being subjected to analysis by the Intrusion Prevention Protection Module?

A.

Deny

B.

Bypass

C.

Allow

D.

Force Allow

The maximum disk space limit for the Identified Files folder is reached. What is the expected Deep Security Agent behavior in this scenario?

A.

Any existing files are in the folder are compressed and forwarded to Deep Security Manager to free up disk space.

B.

Deep Security Agents will delete any files that have been in the folder for more than 60 days.

C.

Files will no longer be able to be quarantined. Any new files due to be quarantined will be deleted instead.

D.

Deep Security Agents will delete the oldest files in this folder until 20% of the allocated space is available.

Which of the following statements is true regarding Intrusion Prevention rules?

A.

Intrusion Prevention rules can block unrecognized software from executing.

B.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

C.

Intrusion Prevention rules can detect or block traffic associated with specific applica-tions, such as Skype or file-sharing utilities.

D.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.