Pass the Trend Micro Deep Security Deep-Security-Professional Questions and answers with CertsForce

Trend Micro Deep Security's Intrusion Prevention Module operates at the network layer and cannot inspect the content of encrypted HTTPS traffic unless the traffic is decrypted prior to reaching the agent. Deep Security does not provide SSL/TLS decryption capability natively as part of the Intrusion Prevention Protection Module. This is explicitly stated in the official product documentation:

"Deep Security’s Intrusion Prevention engine analyzes network packets. It can only inspect unencrypted traffic. HTTPS traffic, which is encrypted, cannot be analyzed unless it is decrypted before reaching Deep Security Agent or Appliance."

(Source: Trend Micro Deep Security Administrator’s Guide – Intrusion Prevention Module)

Option A is incorrect: Deep Security does not have a feature called "SSL Configuration" that enables on-the-fly decryption for IPS inspection.

Option C is incorrect: The origin of HTTPS traffic does not affect the inability to inspect it if it remains encrypted.

Option D is incorrect: Importing a public certificate does not provide the private key needed to decrypt traffic and therefore does not enable content inspection.

Explanation

The properties specified in this configuration file override the properties specified in the dsm.properties file. This file can be created manually by a support engineer to modify product be-havior without affecting the original configuration.

Explication: Study Guide - page (42)

The deployment script in the exhibit includes parameters for --tenantID and --policyid, which are used to specify a particular tenant and assign a policy to the agent at activation. This ensures that the agent is both associated with the correct tenant in a multi-tenant environment and is automatically placed under a specified security policy upon activation. The script performs both installation and activation. There is no indication of using Tenant 0 specifically, nor is activation omitted.

Application Control can be configured to pre-approve updates either by performing them with a designated Trusted Updater (such as a software management tool or patch process) or by putting the agent in Maintenance Mode, during which changes are automatically approved. Manually editing the AC.db file is not a supported or recommended method.

The "Protection Source when in Combined Mode" configuration appears only for features supported in both agent-based and agentless (VMware NSX) modes.

Application Control is not available in agentless installations—it is only supported with host-based (agent) deployment. Therefore, there is no setting for Application Control in this combined mode view, as agentless protection cannot provide this module.

Options A and C are not correct—licensing and module enablement are not the reason for the absence here; it is due to module capability in agentless mode.

Option D is incorrect—VMware Guest Introspection is not relevant to Application Control’s availability.

Application Control evaluates executable files and scripts that can run as code on the system, such as .exe, .py, and .class files. Document files like .docx are not executed directly as code and are not tracked by Application Control.

Deep Security supports forwarding event information through SNMP traps, integration with SIEM systems, and retrieval via the Deep Security API. While Amazon SNS is not a native forwarding method for Deep Security events, the others are fully supported and configurable from the Deep Security Manager.

SNMP allows sending traps for specific alert types.

API provides programmatic access to events.

SIEM forwarding is supported via syslog or direct integration.

Usage and resource consumption for a tenant can be reviewed by generating tenant usage/chargeback reports directly in the Deep Security Manager Web console.

Option A is incorrect; the log file does not contain usage stats.

Option C is incorrect; no extra licensing is required for basic reporting.

Option D is incorrect; usage reports are generated in the manager, not on the agent.

Trend Micro Deep Security's Anti-Malware Protection Module provides real-time, manual, or scheduled malware scanning for files stored on protected servers, including SAP NetWeaver servers. No additional plugins or components are required—simply enable the Anti-Malware module on the SAP NetWeaver host to scan PDF and Office documents.

From the official documentation:

“To scan for malware in documents stored on SAP NetWeaver or other platforms, enable the Anti-Malware module on the target server. No additional plugins are required.”

Firewall Rules assigned at the parent policy level are inherited by all child policies and cannot be unassigned at the child policy level. To change or remove such rules, you must edit the parent policy.

Option D is not entirely accurate because Deep Security supports rule priority and other processing behaviors, not just list order.