Deep-Security-Professional Sample Questions Answers

The administrator could check the Multi-Tenancy log file for resource consumption details.

The administrator could generate a Tenant report from within the Deep Security Manager Web console.

The administrator will not be able retrieve this information without licensing and ena-bling the Multi-Tenancy Chargeback module in the Deep Security Manager Web con-sole.

The administrator downloads the Tenant usage details from the Deep Security Agent on the Tenant computer.

Deny

Bypass

Allow

Force Allow

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

The Deep Security Notifier is a application in the Windows System Tray that displays the Status of Deep Security Manager during policy and software updates.

The Deep Security Notifier is a server components that collects log entries from man-aged computers for delivery to a configured SIEM device.

The Deep Security Notifier is a server component used in agentless configurations to allow Deep Security Manager to notify managed computers of pending updates.

The Deep Security Notifier is a application in the Windows System Tray that com-municates the state of Deep Security Agents and Relays to endpoint computers.

In the example displayed in the exhibit, no activation code was entered for Application Control. Since the Protection Module is not licensed, the corresponding settings are not displayed.

These settings are used when both an host-based agent and agentless protection are available for the virtual machine. Since Application Control is not supported in agentless installations, there is no need for the setting.

In the example displayed in the exhibit, the Application Control Protection Module has not yet been enabled. Once it is enabled for this virtual machine, the corresponding settings are displayed.

In the example displayed in the exhibit, the VMware Guest Introspection Service has not yet been installed. This service is required to enable Application Control in agentless installations.

This file is used to transfer policy settings from one installation of Deep Security Man-ager to another

This file allows properties to be tested on Deep Security Manager without affecting the original configuration.

This file contains the original out-of-the-box configuration properties for Deep Security Manager. This file is renamed to dsm.properties upon initialization of Deep Security Manager.

This file allows Deep Security Agents to override enforced behavior by providing new policy configuration details.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on specifically in this child policy.

The state for a Protection Module is always displayed as "Inherited (On)" until the module components are installed on the Deep Security Agent.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on at the computer level.

In this example, the state for the Web Reputation Protection Module is listed as "In-herited (On)" as it was inherited from the default setting in the Base Policy.

Disable the Application Control Protection Module when installing software upgrades, otherwise, the new software will be prevented from installing.

An administrator can view the list of allowed of software in the inventory from the De-tails tab for each individual Computer.

An administrator can share the inventory of allowed software with other computers protected by Deep Security Agents, by copying the inventory database file (ac.db) from the source computer.

When an administrator allows software that would be otherwise blocked by the En-forcement Mode, it isn't added to the inventory of approved software. Instead, it is added to that computer's white list.

The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.

Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.