1. Can Web Reputation Module be used to block HTTPS traffic?

a. Yes
b. No

2. Which of the following updates can directly be downloaded from the Deep
Security Relay? Select all that apply.

a. Policy Updates
b. Software Updates
c. Pattern Updates
d. Rule Updates

3. Which status of an agent describes that the agent will not receive any
software, security or policy updates until communication with the Deep Security
Manager
is restored?
a. Offline
b. Default (On/Off)
c. Online
d. Inherited (On/Off)

4. What is needed by Cloud Conformity to scan your cloud infrastructure?

a. Access to data or application
b. AWS API access
c. Access to metadata
d. All the options

5. Whereas Firewall Rules and Firewall Stateful Configurations examine the

actual content of the packet (and sequences of packets),
Intrusion Prevention Rules examine a packet's control information (data
that describes the packet). Does the above statement correctly defines firewall &
IPS?
a. FALSE
b. TRUE

6. A customer who is curious to understand the working of Deep Security briefly

asks his SE to give him a demo on the spot.
But the SE cannot install Deep Security and complete its configurations as
it would take a long time. What should he do?
a. Invite customer for a product trial
b. Arrange for a call back
c. Give the customer an instant demo via Product Cloud
d. Deep Security datasheets

7. What is the heartbeat listen port number for Deep Security Manager (On-
premise)?

a. 4122
b. 443
c. 4119
d. 4120

8. Applying a Firewall rule using the Bypass action to traffic in one direction
automatically applies the same action to traffic in the other direction.
a. TRUE
b. FALSE

9. Why would you organize Relays into Relay Groups?

 a. For distributing updates throughout the network more efficiently.
b. Ensures that the update load is distributed across multiple Deep
Security Relays.
c. Adds redundancy to your Deep Security deployment.
d. All the options.

10. When you install patches, upgrade software, or deploy web applications,
application control will detect them. Depending on your setting for
how to handle unrecognized software, this could block that software until
you use the Actions tab to create allow rules.
For mission-critical software, this service interruption may not be
acceptable.
What is the best approach to overcome this situation without causing any
downtime or disruption to the critical applications?

a. Disable Application Control while performing critical application

patching.
b. Perform patching, software upgrading activities when Application
Control is put on Maintenance Mode.
c. Do not enable Application Control on critical servers.
d. By default allow all applications to run uninterrrupted on the critical
servers.

11. What is the maximum throughput supported by Cloud One Network Security
without requiring to scale the instances?

a. 1 Tbps
b. 10 Gbps
c. 1 Gbps
d. 5 Gbps

12. Which queries are initiated by Smart Protection Server to Smart Protection
Network?

a. Updates
b. Web Reputation
c. File Reputation
d. Suspicious Objects

13. System Security by Deep Security comprises of which of the following modules?

a. Intrusion Prevention, Anti-Malware & Web Reputation

b. Intrusion Prevention, Log Inspection & Application Control
c. Integrity Monitoring, Log Inspection & Application Control
d. Integrity Monitoring, Intrusion Prevention & Firewall

14. Security for the CI/CD pipeline is provided by:

a. Network Security
b. Application Security
c. File Storage Security
d. Container Image Security

15. Changing the setting of Network Engine from inline to tap mode would effect
which of the modules of Deep Security? Select all that apply.

a. Application Control
 b. Log Inspection
c. Web Reputation
d. Firewall
e. Integrity Monitoring
f. Intrusion Prevention

16. Which of the following is the right definition for Intellitrap?

a. A set of pre-configured scan actions for viruses/malware.

b. Constantly monitors computers (or endpoints) for unusual modifications to the
operating system or on installed software.
c. Trend Micro heuristic technology used to discover threats that use Real-Time
Compression paired with other malware characteristics like packers.
d. Trend Micro technology that identifies a file’s true file type, regardless of
the file name extension.

17. Why is a multi-node installation of Deep Security recommended?

a. Multi-node installations are helpful in disaster recovery situations as each

combination of Deep Security Manager and database are clones of each other.
When the original Deep Security Manager fails, the administrator can
immediately switch to a clone.
b. Since each Deep Security Manager server in a multi-node installation uses its
own database, this type of installation can balance the load of requests.
c. Since multi-node installations distribute database information across
multiple database servers,
Deep Security can easily scale to accommodate any number of Deep Security
Agent servers.
d. Multi-node installations provide Deep Security with failover capabilities
since a second Deep Security Manager can handle all requests if the first one
fails.

18. Windows machine will lose network connectivity for a brief period of time
during the network driver installation
while the Deep Security Agent installs a network driver to examine traffic.
This only happens the first time a policy is applied that includes
one of the following: Select all that apply.

a. Web Reputation
b. Anti-Malware
c. Integrity Monitoring
d. Application Control
e. Intrusion Prevention

19. In which of the following scenarios should a new Integrity Monitoring

baseline be created? Select all that apply.

a. new baseline should be created whenever new Integrity Monitoring rules are
downloaded from the Trend Micro ActiveUpdate server.
b. A new baseline should be created after applying software patches.
c. Once created, there is no need to create a new Integrity Monitoring baseline.
d. A new baseline should be created whenever changing the Integrity Monitoring
scan interval, for example, changing from real-time to manual scans.

20. Which of the following functionality is not supported in Feature Release?

a. Anti-Malware pattern updates

b. Critical and high vulnerability fixes
c. General bug fixes
d. Critical bug fixes

21. The maximum disk space limit for the Identified Files folder is reached. What
is the expected Deep Security Agent behavior in this scenario?

a. Deep Security Agents will delete any files that have been in the folder for
more than 60 days.
b. Deep Security Agents will delete the oldest files in this folder until 20% of
the allocated space is available.
c. Files will no longer be able to be quarantined. Any new files due to be
quarantined will be deleted instead.
d. Any existing files are in the folder are compressed and forwarded to Deep
Security Manager to free up disk space.

22. A website’s credibility score is 63. What does this indicate?

a. It is a dangerous site.
b. It is a highly suspicious site.
c. It is a suspicious site.
d. It is a safe site.

23. The Intrusion Prevention Protection Module is enabled, its Behavior is set to
Prevent and rules are assigned. When viewing the events,
you notice that one of Intrusion Prevention rules is being triggered and an
event is being logged but the traffic is not being blocked.
What is a possible reason for this?

a. The default Prevention Behavior in this particular rule may be set to Detect.
This logs the triggering of the rule, but does not actually enforce the block.
b. The Intrusion Prevention rule is being triggered as a result of the packet
sanity check failing and the packet is being allowed to pass.
c. The Deep Security Agent is experiencing a system problem and is not
processing packets since the "Network Engine System Failure" mode is set to "Fail
Open".
d. The network engine is running in Inline mode. In Inline mode, Deep Security
provides no protection beyond a record of events.

24. What is the default priority assigned to Firewall rules using the Allow
action?

a. Firewall rules using the Allow action always have a priority of 0.

b. Firewall rules using the Allow action can be assigned a priority between 0
and 4.
c. Firewall rules using the Allow action always have a priority of 4.
 d. Firewall rules using the Allow action can be assigned a priority between 1
and 3.

25. Your organization would like to implement a mechanism to alert administrators

when files on a protected servers are modified or tampered with.
Which Deep Security Protection Module should you enable to provide this
functionality?

a. The Intrusion Prevention Protection Module

b. The File Inspection Protection Module
c. The Integrity Monitoring Protection Module
d. Deep Security cannot provide this type of functionality

26. An organization would like to prevent servers from accessing some specific
web sites, even though their credibility score lists the sites as being safe.
How can this be achieved?

a. Intrusion Prevention
b. Web Reputation
c. Integrity Monitoring
d. Firewall

27. _______________ file allows properties to be tested on Deep Security Manager

without affecting the original configuration.

a. dsm.properties
b. logging.properties
c. configuration.properties
d. override.properties

28. Which of the following components distribute/redistribute updates in a Deep

Security setup? Select all that apply.
a. Deep Security Relay
b. Deep Security Manager
c. Smart Protection Server
d. Deep Security Agent