12/12/2019 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&…
Deep Security 12 Certified Professional | Exam
QUESTIONS: 50 | ATTEMPTS: 3
00:21:42
1 Which Protection Modules can make use of a locally installed Smart
Protection Server?
The Anti-Malware and Web Reputation Protection Modules can
make use of the locally installed Smart Protection Server.
Anti-Malware is the only Protection Modules that can use the locally
installed Smart Protection Server.
The Anti-Malware, Web Reputation and Intrusion Prevention
Protection Modules can make use of the locally installed Smart
Protection Server.
All Protection Modules can make use of the locally installed Smart
Protection Server.
2 New servers are added to the Computers list in Deep Security Manager
Web config by running a Discover operation. What behavior can you
expect for newly discovered computers?
Any servers within the IP address range that are hosting Deep
Security Agents will be added to the Computers list and will be
automatically activated.
Any servers within the IP address range will be added to the
Computers list, regardless of whether they are hosting a Deep Security
Agent or not.
Any servers discovered in the selected Active Directory branch
hosting a Deep Security Agent will be added to the Computers list.
Any servers within the IP address range hosting a Deep Security
Agent will be added to the Computers list.
3 Based on the details of event displayed in the exhibit, which of the
following statements is false?
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 1/19
,12/12/2019 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&…
The scan may be generated from an IP address which may be
known to you. If so, the source IP address can be added to the
reconnaissance whitelist.
You can instruct the Deep Security Agents and Appliances to block
traffic from the source IP address for a period of time.
You can create a firewall rule to permanently block traffic from the
originating IP address.
The Intrusion Prevention Protection Modules must be enabled to
detect reconnaissance scans.
4 Which of the following statements is false regarding Firewall rules using
the Bypass action?
Applying a Firewall rule using the Bypass action to traffic in one
direction automatically applies the same action to traffic in the other
direction.
Firewall rules using the Bypass action can be optimized, allowing
traffic to flow as efficiently as if a Deep Security Agent was not there.
Firewall rules using the Bypass action allow incoming traffic to skip
both Firewall and Intrusion Prevention analysis.
Firewall rules using the Bypass action do not generate log events.
5 Based on the following exhibit, what behavior would you expect for the
Application Control Protection Module
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 2/19
, 12/12/2019 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&…
Since this computer is in Maintenance Mode, new or changed
software will be automatically added to the list of Allowed software in the
currently active ruleset.
Since this computer is in Maintenance Mode, Application Control will
allow any Blocked software to temporarily run.
Since this computer is in Maintenance Mode, Application Control will
ignore any Blocked software in the currently active ruleset.
Since this computer is in Maintenance Mode, updates to the
Application Control Protection Module will be applied.
6 Which of the following statements is true regarding Firewall Rules?
Firewall Rules applied through a parent-level Policy cannot be
unassigned in a child-level policy.
Firewall Rules are always processed in the order in which they
appear in the rule list, as displayed in the Deep Security manager Web
console.
Firewall Rules applied to Policy supersede similar rules applied to
individuals computers.
When traffic is intercepted by the network filter, Firewall Rules in the
policy are always applied before any other processing is done.
7 Which of following statements best describes Machine Learning in Deep
Security?
Machine Learning is a malware detection technique in which the
Deep Security Agent monitors process memory in real time and once a
process is deemed to be suspicious, Deep Security will perform
additional checks with the Smart Protection Network to determine if this
is a known good process.
Machine Learning is a malware detection technique in which files
are scanned based on the true file type as determined by the file content,
not the extension.
Machine Learning is malware detection technique in which features
of an executable file are compared against a cloud-based learning model
to determine the probability of the file being malware.
Machine Learning is malware detection technique in which
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 3/19
Deep Security 12 Certified Professional | Exam
QUESTIONS: 50 | ATTEMPTS: 3
00:21:42
1 Which Protection Modules can make use of a locally installed Smart
Protection Server?
The Anti-Malware and Web Reputation Protection Modules can
make use of the locally installed Smart Protection Server.
Anti-Malware is the only Protection Modules that can use the locally
installed Smart Protection Server.
The Anti-Malware, Web Reputation and Intrusion Prevention
Protection Modules can make use of the locally installed Smart
Protection Server.
All Protection Modules can make use of the locally installed Smart
Protection Server.
2 New servers are added to the Computers list in Deep Security Manager
Web config by running a Discover operation. What behavior can you
expect for newly discovered computers?
Any servers within the IP address range that are hosting Deep
Security Agents will be added to the Computers list and will be
automatically activated.
Any servers within the IP address range will be added to the
Computers list, regardless of whether they are hosting a Deep Security
Agent or not.
Any servers discovered in the selected Active Directory branch
hosting a Deep Security Agent will be added to the Computers list.
Any servers within the IP address range hosting a Deep Security
Agent will be added to the Computers list.
3 Based on the details of event displayed in the exhibit, which of the
following statements is false?
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 1/19
,12/12/2019 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&…
The scan may be generated from an IP address which may be
known to you. If so, the source IP address can be added to the
reconnaissance whitelist.
You can instruct the Deep Security Agents and Appliances to block
traffic from the source IP address for a period of time.
You can create a firewall rule to permanently block traffic from the
originating IP address.
The Intrusion Prevention Protection Modules must be enabled to
detect reconnaissance scans.
4 Which of the following statements is false regarding Firewall rules using
the Bypass action?
Applying a Firewall rule using the Bypass action to traffic in one
direction automatically applies the same action to traffic in the other
direction.
Firewall rules using the Bypass action can be optimized, allowing
traffic to flow as efficiently as if a Deep Security Agent was not there.
Firewall rules using the Bypass action allow incoming traffic to skip
both Firewall and Intrusion Prevention analysis.
Firewall rules using the Bypass action do not generate log events.
5 Based on the following exhibit, what behavior would you expect for the
Application Control Protection Module
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 2/19
, 12/12/2019 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&…
Since this computer is in Maintenance Mode, new or changed
software will be automatically added to the list of Allowed software in the
currently active ruleset.
Since this computer is in Maintenance Mode, Application Control will
allow any Blocked software to temporarily run.
Since this computer is in Maintenance Mode, Application Control will
ignore any Blocked software in the currently active ruleset.
Since this computer is in Maintenance Mode, updates to the
Application Control Protection Module will be applied.
6 Which of the following statements is true regarding Firewall Rules?
Firewall Rules applied through a parent-level Policy cannot be
unassigned in a child-level policy.
Firewall Rules are always processed in the order in which they
appear in the rule list, as displayed in the Deep Security manager Web
console.
Firewall Rules applied to Policy supersede similar rules applied to
individuals computers.
When traffic is intercepted by the network filter, Firewall Rules in the
policy are always applied before any other processing is done.
7 Which of following statements best describes Machine Learning in Deep
Security?
Machine Learning is a malware detection technique in which the
Deep Security Agent monitors process memory in real time and once a
process is deemed to be suspicious, Deep Security will perform
additional checks with the Smart Protection Network to determine if this
is a known good process.
Machine Learning is a malware detection technique in which files
are scanned based on the true file type as determined by the file content,
not the extension.
Machine Learning is malware detection technique in which features
of an executable file are compared against a cloud-based learning model
to determine the probability of the file being malware.
Machine Learning is malware detection technique in which
https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C4P000000kG9sUAE&TLID=a9P4P000000lk22UAA&ue=ue&Type… 3/19
