A.  

Intrusion Prevention

B.  

Log Inspection

C.  

Integrity Monitoring

D.  

Anti-Malware

A.  

This rule will allow incoming TCP and UPD communication to this server.

B.  

This rule will allow outgoing TCP and UPD communication from this server.

C.  

This rule will allow TCP and UPD replies to requests originating on this server.

D.  

This rule will allow incoming communication to this server, but not TCP and UP

D.  

A.  

The Context provides Deep Security Agents with location awareness and are associated with Anti-Malware and Web Reputation Rules.

B.  

The Context provides Deep Security Agents with location awareness and are associated with Firewall and Intrusion Prevention Rules.

C.  

The Context provides Deep Security Agents with location awareness and are associated with Web Reputation Rules only.

D.  

The Context provides Deep Security Agents with location awareness and are associated with Log Inspection and Integrity Monitoring Rules.

A.  

VMware NSX

B.  

VMware ESXi

C.  

VMware vRealize

D.  

VMware vCenter

A.  

Firewall

B.  

Intrusion Prevention

C.  

Log Inspection

D.  

Integrity Monitoring

A.  

The READ ME file provided with the software patch will indicate which issues were addressed with this release. Compare this list to the rules that are applied to determine which rules are no longer needed and can be disabled.

B.  

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be automatically unassigned. These are rules that are no longer needed as the vulnerability was corrected with the patch.

C.  

Since there is no performance effect when multiple Intrusion Prevention rules are ap-plied, there is no need to determine which rules are no longer needed. The original rec-ommended rules can remain in place without affecting the system.

D.  

Since the rules are being applied automatically, when the next Intrusion Prevention Recommendation Scan is run automatically, any rules that are no longer needed will be displayed on the Recommended for Unassignment tab in the IPS Rules. These are rules that are no longer needed and can be disabled as the vulnerability was corrected with the patch.

A.  

Apex Central distributes Deep Security policies to Agents on the protected Servers.

B.  

Apex Central submits suspicious files to Deep Discovery Analyzer for further analysis.

C.  

Apex Central stores suspicious files that are awaiting submission to the Deep Discovery Analyzer.

D.  

Apex Central compiles the Suspicious Objects List based on the result of file analysis in Deep Discovery Analyzer.

A.  

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

B.  

Firewall rules using the Bypass action do not generate log events.

C.  

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

D.  

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

A.  

Integrity scans

B.  

Port scans

C.  

Application traffic control

D.  

Stateful traffic analysis

A.  

The Deep Security Agent allows access to the Web site, and logs the connection attempt as an Event.

B.  

The Deep Security Agent allows access as the credibility score for the Web site is above the allowed threshold.

C.  

The Deep Security Agent blocks access as the credibility score for the Web site is below the allowed threshold. An error page is displayed in the Web browser.

D.  

The Deep Security Agent displays a warning message as the site is unrated.

A.  

Smart Scan improves the capture rate for malware scanning by sending features of suspicious files to an cloud-based server where the features are compared to known malware samples.

B.  

Smart Scan shifts much of the malware scanning functionality to an external Smart Protection Server.

C.  

Smart Scan is performed in real time, where conventional scanning must be triggered manually, or run on a schedule.

D.  

Smart Scan identifies files to be scanned based on the content of the file, not the exten-sion.

A.  

The Integrity Monitoring rules include a property that identifies whether a change to a monitored system object was performed as part of a legitimate operation.

B.  

Any changes to monitored system objects that are detected after a Recommendation Scan is run on the protected computer are assumed to be malicious.

C.  

The Integrity Monitoring Protection Module can detect changes to the system, but lacks the ability to distinguish between legitimate and malicious changes.

D.  

Any changes to the system objects monitored by the Integrity Monitoring Protection Module are assumed to be legitimate, however, an administrator can revise the status of the object modification to Malicious during a review of the Integrity Monitoring Events.