Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam exact Exam Questions

Trend Micro Certified Professional for Deep Security Exam

Last Update 1 hour ago Total Questions : 73

The Trend Micro Certified Professional for Deep Security Exam content is now fully updated, with all current exam questions added 1 hour ago. Deciding to include Deep-Security-Professional practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Deep-Security-Professional exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Deep-Security-Professional sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Trend Micro Certified Professional for Deep Security Exam practice test comfortably within the allotted time.

Question # 11

What is the purpose of the override.properties file?

This file is used to transfer policy settings from one installation of Deep Security Man-ager to another

This file allows properties to be tested on Deep Security Manager without affecting the original configuration.

This file contains the original out-of-the-box configuration properties for Deep Security Manager. This file is renamed to dsm.properties upon initialization of Deep Security Manager.

This file allows Deep Security Agents to override enforced behavior by providing new policy configuration details.

Question # 12

Which of the following correctly identifies the order of the steps used by the Web Reputation Protection Module to determine if access to a web site should be allowed?

Checks the cache. 2. Checks the Deny list. 3. Checks the Approved list. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the cache. 2. Checks the Approved list. 3. Checks the Deny list. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the Deny list. 2. Checks the Approved list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Checks the Approved list. 2. Checks the Deny list. 3. Checks the cache. 4. If not found in any of the above, retrieves the credibility score from the Rating Server. 5. Evaluates the credibility score against the Security Level to determine if access to the web site should be allowed.

Question # 13

Which of the following statements correctly identifies the purpose of the Integrity Monitoring Protection Module?

The Integrity Monitoring Protection Module monitors traffic to verify the integrity of incoming traffic to identify protocol deviations, packets fragments and other protocol anomalies.

The Integrity Monitoring Protection Module monitors critical operating system objects such as services, processes, registry keys and ports to detect and report malicious or unexpected changes.

The Integrity Monitoring Protection Module monitors incoming traffic to confirm the integrity of header information including packet source and destination details.

The Integrity Monitoring Protection Module monitors and analyzes the integrity of application logs to identify tampering, corruption and other suspicious modifications to the logs.

Question # 14

New servers are added to the Computers list in Deep Security Manager Web config by running a Discover operation. What behavior can you expect for newly discovered computers?

Any servers discovered in the selected Active Directory branch hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range that are hosting Deep Security Agents will be added to the Computers list and will be automatically activated.

Any servers within the IP address range will be added to the Computers list, regardless of whether they are hosting a Deep Security Agent or not.

Answer:

Explanation:

Explanation

When you perform a Discover operation using an IP address range, Deep Security Manager scans the specified range and adds any computers that are running a Deep Security Agent to the Computers list. It does not add machines that do not have an agent installed. Discovery does not perform automatic activation unless specifically configured through a different workflow. Active Directory discovery will also only add computers that are hosting an agent.

[Reference:, Trend Micro Deep Security Administrator’s Guide, Computer Discovery SectionQUESTION NO: 16, Your VMware environment is configured without using NSX. How can Deep Security provide protection to the virtual images hosted on your ESXi servers?, A. Without NSX, a Deep Security Agent must be installed on each virtual machine hosted on the ESXi server., B. Without NSX, you will be unable to use Deep Security to protect your virtual machines., C. You can install a Deep Security Virtual Appliance on the ESXi server. This will provide agentless support for Anti-Malware, Intrusion Prevention, Integrity Monitoring, Firewall and Web Reputation., D. Without NSX, you can only enable Anti-Malware and Integrity Monitoring protection on the virtual machines. NSX is required to support Intrusion Prevention, Firewall and Web Reputation, Answer: A, Explanation, In a VMware environment without NSX, agent-based protection is required. This means that the Deep Security Agent must be installed individually on each VM to provide protection. Agentless protection via the Virtual Appliance is only available in environments integrated with NSX., , Reference:, Trend Micro Deep Security Administrator’s Guide, VMware Integration and Agent Deployment SectionQUESTION NO: 17, Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply., A. Intrusion Prevention, B. Log Inspection, C. Integrity Monitoring, D. Anti-Malware, Answer: A, C D, , Explanation, Deep Security supports runtime protection for container environments (such as Kubernetes and Docker) using the following modules:, , Intrusion Prevention protects container network traffic and blocks exploits., , Integrity Monitoring monitors for unauthorized or unexpected changes in files and configuration., , Anti-Malware scans for malware within containers and images., , Log Inspection is not currently available as a runtime protection feature for containers., , Reference:, Trend Micro Deep Security Administrator’s Guide, Container Security and Runtime Protection Section, ]

Question # 15

Which of the following statements is correct regarding the policy settings displayed in the exihibit?

The Heartbeat interval value displayed in this policy is inherited from the parent policy

Deep Security Agents using the displayed policy will send event details to Deep Security Manager every 5 minutes.

All Deep Security Agents will send event details to Deep Security Manager every 5 minutes.

Deep Security Manager will refresh the policy details on the Deep Security Agents using this policy every 5 minutes.

Question # 16

In the policy displayed in the exhibit, the state of the Web Reputation Protection Module is set to "Inherited (On)", while the state for the other Protection Module is set to "On". Why is the Web Reputation Protection Module displayed differently than the other Protection Modules.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on specifically in this child policy.

The state for a Protection Module is always displayed as "Inherited (On)" until the module components are installed on the Deep Security Agent.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on at the computer level.

In this example, the state for the Web Reputation Protection Module is listed as "In-herited (On)" as it was inherited from the default setting in the Base Policy.

Question # 17

Which of the following statements is true regarding Event Tagging?

Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically

Only a single tag can be assigned to an Event.

Events can be tagged automatically if they are similar to known good Events.

Events can be automatically deleted based on tags.

Question # 18

What is the role of Apex Central in the Connected Threat Defense infrastructure?

Apex Central distributes Deep Security policies to Agents on the protected Servers.

Apex Central submits suspicious files to Deep Discovery Analyzer for further analysis.

Apex Central stores suspicious files that are awaiting submission to the Deep Discovery Analyzer.

Apex Central compiles the Suspicious Objects List based on the result of file analysis in Deep Discovery Analyzer.

Question # 19

How does Smart Scan vary from conventional pattern-based anti-malware scanning?

Smart Scan improves the capture rate for malware scanning by sending features of suspicious files to a cloud-based server where the features are compared to known malware samples.

Smart Scan shifts much of the malware scanning functionality to an external Smart Protection Server.

Smart Scan is performed in real time, where conventional scanning must be triggered manually, or run on a schedule.

Smart Scan identifies files to be scanned based on the content of the file, not the extension.

Question # 20

A Deep Security administrator wishes to monitor a Windows SQL Server database and be alerted of any critical events which may occur on that server. How can this be achieved using Deep Security?

The administrator could install a Deep Security Agent on the server hosting the Windows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Windows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Windows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

This can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.