Pass the Trend Micro Deep Security Deep-Security-Professional Questions and answers with CertsForce

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

New rules are configured to be automatically sent to Deep Security Agents when Recommendation Scans are run.

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

Any existing files are in the folder are compressed and forwarded to Deep Security Manager to free up disk space.

Deep Security Agents will delete any files that have been in the folder for more than 60 days.

Files will no longer be able to be quarantined. Any new files due to be quarantined will be deleted instead.

Deep Security Agents will delete the oldest files in this folder until 20% of the allocated space is available.

Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically

Only a single tag can be assigned to an Event.

Events can be tagged automatically if they are similar to known good Events.

Events can be automatically deleted based on tags.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on specifically in this child policy.

The state for a Protection Module is always displayed as "Inherited (On)" until the module components are installed on the Deep Security Agent.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on at the computer level.

In this example, the state for the Web Reputation Protection Module is listed as "In-herited (On)" as it was inherited from the default setting in the Base Policy.

You can instruct the Deep Security Agents and Appliances to block traffic from the source IP address for a period of time.

You can create a firewall rule to permanently block traffic from the originating IP ad-dress.

The scan may be generated from an IP address which may be known to you. If so, the source IP address can be added to the reconnaissance whitelist.

The Intrusion Prevention Protection Modules must be enabled to detect reconnaissance scans.

Deep Security Agents forward Log Inspection Event details to Deep Security Manager in real time.

Log Inspection can only examine new Events and cannot examine logs entries created before the Protection Module was enabled.

Log Inspection can only examine Deep Security log information.

The Log Inspection Protection Module is supported in both Agent-based and Agentless implementations.

The Context provides Deep Security Agents with location awareness and are associated with Anti-Malware and Web Reputation Rules.

The Context provides Deep Security Agents with location awareness and are associated with Firewall and Intrusion Prevention Rules.

The Context provides Deep Security Agents with location awareness and are associated with Web Reputation Rules only.

The Context provides Deep Security Agents with location awareness and are associated with Log Inspection and Integrity Monitoring Rules.

VMware NSX

VMware ESXi

VMware vRealize

VMware vCenter

Install a Smart Protection Server in the environment and set it as the source for File Reputation information.

Smart Scan must contact the Smart Protection Network to function. Any servers without Internet access will be unable to use Smart Scan.

Promote one of the Deep Security Agents on the air gapped computers to become a Relay.

Smart Scan can be configured to use a local pattern file containing the same information as the Smart Protection Network.