Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam Questions and Answers

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the ssl.properties file.

Deep Security Manager-to-database traffic is encrypted by default, but can be disabled by modifying settings in the dsm.properties file.

Deep Security Manager-to-database traffic is encrypted by default but can be disabled by modifying settings in the db.properties file.

Deep Security Manager-to-database traffic is not encrypted by default, but can be en-abled by modifying settings in the dsm.properties file.

While in Maintenance Mode, all Block and Allow rules are ignored while new or updated applications are added to the software inventory

When in Maintenance Mode, the Application Control Protection Module will continue to block software identified in Block rules, but will allow new and changed applications to be added to the software inventory.

When enabled, Maintenance Mode rescans the protected computer to rebuild the soft-ware inventory. Any new or changed software will be included in this rebuilt inventory.

Maintenance Mode can be configured as a Scheduled Event. In this scenario, all soft-ware upgrades will be performed at the same time every day to avoid creating Alerts for normal software updates.

Force Allow permits traffic that would otherwise be denied by other Firewall rules to pass, but still enforces filtering by the Intrusion Prevention Protection Module.

Force Allow permits traffic to bypass analysis by both the Firewall and Intrusion Pre-vention Protection Modules.

Force Allow explicitly allows traffic that matches the Firewall rule to pass, and implicitly denies all other traffic.

Force Allow permits traffic to bypass analysis by all Deep Security Protection Modules.

Changes to any of the Deep Security policies will be send to the Deep Security Agents as soon as the changes are saved.

Administrators with access to the protected Server will be able to uninstall the Deep Security Agent through Windows Control Panel.

Deep Security Agents will send event information to Deep Security Manager every 10 minutes.

If the Deep Security Manager does not receive a message from the Deep Security agent every 20 minutes, an alert will be raised.

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

Analyze the packet within the context of traffic history and connection state.

Compare the data in the packet against the Anti-Malware Scan Configuration to verify whether any of the data related to files and folders on the Exclusion list.

Verify the integrity of the packet to insure the packet is suitable for analysis.

Verify the packet is not part of a reconnaissance scan used to discover weaknesses on the Deep Security Agent host computer.

Scan caching maintains the Inclusions and Exclusions lists from the Malware Scan Configuration in memory to improve performance.

Scan caching manages resource usage by staggering the launch of malware scans to prevent scan storms

Scan caching is used in Agent-based installations only and is not supported in an agentless implementation.

Scan caching enhances the performance of the Deep Security Virtual Appliance in that files scanned for malware on a virtual machine that appear on other virtual machines may not need to be scanned again.

Firewall, Application Control, and Integrity Monitoring

Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection

Log Inspection, Application Control, and Intrusion Prevention

Intrusion Prevention, Integrity Monitoring, and Log Inspection

This rule will allow incoming TCP and UPD communication to this server.

This rule will allow outgoing TCP and UPD communication from this server.

This rule will allow TCP and UPD replies to requests originating on this server.

This rule will allow incoming communication to this server, but not TCP and UPD.