Trend Micro Deep Security Certification Exam 2023 Study Guide with complete solution
0 view 0 purchase
Course
Trend Micro Deep Security
Institution
Trend Micro Deep Security
Trend Micro Deep Security Certification Exam 2023 Study Guide with complete solution
The Firewall Protection Module is enabled in a new child policy called Internal-SQL. You notice that some rules for Firewall are already enabled in the policy, but when you try to remove one of the rules, the it...
Trend Micro Deep Security Certification Exam 2023 Study
Guide with complete solution
The Firewall Protection Module is enabled in a new child policy called Internal-
SQL. You notice that some rules for Firewall are already enabled in the policy, but
when you try to remove one of the rules, the item is greyed out. Why are you not
able to remove the rules for the Firewall Protection Module in this policy?
Rules can be assigned at any level in the Rules hierarchy, but not unassigned
DS Protection modules
Enterprise level gives everything. DSaaS does, too. Otherwise can choose from
following packages:
Anti-malware package:
Anti-malware and web reputation
Systems package:
Integrity monitoring, log inspection, and application control
Networking Package:
Firewall and intrusion prevention
Anti-Malware
Detects and blocks malicious software intended to harm. Can run scheduled, real-time,
on-demand scans. If new file found, connects to SPN to identify.
Web Reputation
Tracks the credibility of websites to safeguard servers from malicious URLs. It
integrates with the Trend Micro Smart Protection Network to detect and block Web-
based security risks, including phishing attacks. Blocks servers from accessing
compromised sites using internal requests.
Web Reputation vs Firewall
Web reputation dynamically looks at all traffic to see if it is malicious. Firewall is binary
and only blocks what you tell it to. It does not connect with SPN.
Firewall
Provides broad coverage for all IP-based protocols and frame types as well as fine-
grained filtering for ports and IP and MAC addresses through a bidirectional, stateful
firewall. Examines the header information in each network packet to allow or deny traffic
based on direction, specific frame types, transport protocols, source and destination
addresses, ports, and header flags. Can prevent denial of service attacks as well as
block reconnaissance scans.
Intrusion Prevention
Examines all incoming and outgoing traffic at the packet level searching for any content
that can signal an attack. Uses sophisticated, proprietary rules based on known
vulnerabilities to your OS and applications. Rules are recommended based on
recommendation scan for vulnerabilities. If a packet matches a rule, it will be dropped.
Intrusion Prevention vs Intrusion Detection
Intrusion detection will only notify if a packet matches a rule. Intrusion prevention will
drop the packet if a rule matches it.
Virtual Patching
,Intrusion Prevention allows for applications with unpatched vulnerabilities to be
protected via the application of relevant rules using Intrusion Prevention . Not a
replacement for software updates.
Protocol Hygiene
Intrusion Prevention blocks traffic based on how it follows protocol specifications. Ex: if
malformed, corrupted. Packets would be dropped any by the OS, but Intrusion
Prevention prevents the OS from having to drop it.
Integrity Monitoring
Monitors critical operating system and application files, including directories, custom
files, registry keys and values, open ports, processes and services to provide real time
detection and reporting of malicious and unexpected changes. The Integrity Monitoring
modules tracks both authorized and unauthorized changes made to a server instance.
Trusted event tagging reduces administration overhead by automatically tagging similar
events across the entire data center.
Application Control
Takes baseline of the system, and if in 'allow' mode, will track and monitor all changes
based on golden image of correct configuration. If in 'block' mode will block all sw
actions that will modify it from that state.
Deep Security Manager
The centralized management system to create and manage comprehensive security
policies and deploy protection to Deep Security Agents and Deep Security Virtual
Appliances. Does not provide protection itself, but instead, manages the rules and
policies which are distributed to the enforcement components in the system. Supports
multiple nodes for increased reliability, availability, scalability and
performance. Supported on 64-bit Windows and Linux Red Hat Operating Systems.
Database
Required for DSM for storing the information it needs to function. Must be installed and
a user account with the appropriate permissions must be created
before installing the DSM. Supports: Microsoft SQL Server, Oracle or PostgreSQL, and
cloud deployments using the Marketplace option.
Deep Security Manager Web Console
Allows for web-based administration of system.
Administrative users authenticate to the console using Deep Security-created
credentials or a user name and password stored in Microsoft Active Directory. Can
apply MFA to authentication. Some operations can also be performed through the
Windows Command Prompt.
Deep Security Agent
This software component provides the protection modules to user endpoints. Supported
on Windows, Linux, Solaris, HP-UX, and AIX and can be installed
on either physical servers, virtual machines or cloud servers. Can also operate without
an on-host Agent for specific operations in a VMware environment using the Deep
Security Virtual
Appliance.
Deep Security Relay
Is a Deep Security Agent with relay functionality enabled. Downloads and distributes
security and software updates from the Trend Micro Global Update
,Server to Deep Security Agents and Deep Security Virtual Appliances. You must have
at least one enabled in your environment to keep your protection up-to-date. Improves
performance by distributing the task of delivering updates throughout your Deep
Security installation.
You must have at least one Deep Security Relay in your environment. You can co-
locate the Deep Security Relay on the same host as Deep Security Manager or install it
on a separate computer.
Can inherited Firewall rules be unassigned?
Firewall Rules applied through a parent-level Policy cannot be unassigned in a child-
level policy.
Apex Central
Previously known as Control Manager, provides a single unified interface to manage,
monitor, and report across multiple layers of security and deployment models. Allows
management of Deep Security, Apex One, as well as other Trend Micro
products, from a single interface.
User-based visibility shows what is happening across all endpoints, enabling
administrators to review
policy status and make changes across all user devices. In the event of a threat
outbreak,
administrators have complete visibility of an environment to track how threats have
spread.
Responsible for compiling the Suspicious Objects for use in Connected Threat
Defense.
Deep Security Virtual Appliance
Is a virtual machine that transparently enforces security policies on VMware ESXi virtual
machines through NSX, allowing agentless protection through the Anti-
Malware, Web Reputation, Firewall, Intrusion Prevention, and Integrity Monitoring
modules.
If protection through the Log Inspection and Application Control module is required on a
virtual
machine, a Deep Security Agent can be installed on the virtual machine itself.
It runs as a VMware virtual machine and protects other virtual machines running on the
same ESXi Server, each with its own individual set of security policies. The
implementation depends on
limitations that exist within the licensing structure of VMWare NSX.
Deep Security Notifier
A Windows System Tray application that communicates the state of the Deep Security
Agent and Deep Security Relay to client machines. Displays a pop-up notifications in
the System Tray when a Deep Security Agent begins a scan, blocks malware or
identifies a malicious web page.
, The Notifier also provides a console utility that allows the user to view events and check
the status of the agent. Installed with the Deep Security Agent by default on Windows
servers. It may be installed separately on Windows VMs protected by the Deep Security
Virtual
Appliance. In this case, the Anti-Malware module must be licensed and enabled on the
VM.
Smart Protection Network
Delivers real-time updates of malware signatures and patterns. This cloud-client
infrastructure delivers protection from emerging threats by continuously evaluating and
correlating threat and reputation intelligence for websites, email sources, and files.
Smart Protection Server
Can optionally be deployed locally on the network to improve access time and increase
privacy on behalf of Anti-Malware and Web Reputation modules.
Deep Security Smart Check
Performs pre-runtime scans of Docker images to detect OS vulnerabilities and malware,
enabling you to fix issues before they reach the orchestration
environment.
Deep Security Scanner
Provides integration with the SAP NetWeaver platform and performs antimalware scans
and reviews the information to identify potential threats in SAP systems. This is not
supported on computers where the Deep Security Agent is enabled
as a Relay.
Deep Discovery Analyzer
A secure virtual environment used to analyze samples submitted by Trend Micro
products. Sandbox images allow observation of file and network behavior in a natural
setting without any risk of compromising the network. Performs static analysis and
behavior simulation to identify potentially malicious characteristics. During analysis,
rates the characteristics in context and then assigns a risk level to the sample based on
the accumulated ratings which is then
forwarded to Trend Micro Apex Central to build the suspicious objects list.
Trend Micro Deep Security
The core of the Trend Micro Hybrid Cloud Security solution. Provides advanced server
security for physical, virtual, and cloud-based computers and delivers multiple security
techniques in a single product. This centrally-managed platform consolidates security
operations within a single management dashboard for all capabilities. FIPS certified.
Deep Security Architecture
Consists of DSM, which creates security policies and manages servers running the DSA
application, which enforces the policies of managed servers. A web-based management
console gives administrators access to policies, settings, and computers. Can optionally
integrate the DSM into Apex Central for deployment alongside additional TM products,
including access to the Deep Discovery Analyzer.
Intrusion Prevention vs Firewall
Where the Firewall module examines the header information in the packet, the Intrusion
Prevention module examines the payload information.
What are the different DS deployment options?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller katoinyambi96. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.
