Trend Micro Deep Security Certification
UPDATED Exam Questions and
CORRECT Answers
The Firewall Protection Module is enabled in a new child policy called Internal-SQL. You
notice that some rules for Firewall are already enabled in the policy, but when you try to
remove one of the rules, the item is greyed out. Why are you not able to remove the rules for
the Firewall Protection Module in this policy? - CORRECT ANSWER- Rules can be
assigned at any level in the Rules hierarchy, but not unassigned
DS Protection modules - CORRECT ANSWER- Enterprise level gives everything. DSaaS
does, too. Otherwise can choose from following packages:
Anti-malware package:
Anti-malware and web reputation
Systems package:
Integrity monitoring, log inspection, and application control
Networking Package:
Firewall and intrusion prevention
Anti-Malware - CORRECT ANSWER- Detects and blocks malicious software intended to
harm. Can run scheduled, real-time, on-demand scans. If new file found, connects to SPN to
identify.
Web Reputation - CORRECT ANSWER- Tracks the credibility of websites to safeguard
servers from malicious URLs. It integrates with the Trend Micro Smart Protection Network to
detect and block Web-based security risks, including phishing attacks. Blocks servers from
accessing compromised sites using internal requests.
Web Reputation vs Firewall - CORRECT ANSWER- Web reputation dynamically looks at all
traffic to see if it is malicious. Firewall is binary and only blocks what you tell it to. It does
not connect with SPN.
Firewall - CORRECT ANSWER- Provides broad coverage for all IP-based protocols and
frame types as well as fine-grained filtering for ports and IP and MAC addresses through a
,bidirectional, stateful firewall. Examines the header information in each network packet to
allow or deny traffic based on direction, specific frame types, transport protocols, source and
destination addresses, ports, and header flags. Can prevent denial of service attacks as well as
block reconnaissance scans.
Intrusion Prevention - CORRECT ANSWER- Examines all incoming and outgoing traffic at
the packet level searching for any content that can signal an attack. Uses sophisticated,
proprietary rules based on known vulnerabilities to your OS and applications. Rules are
recommended based on recommendation scan for vulnerabilities. If a packet matches a rule,
it will be dropped.
Intrusion Prevention vs Intrusion Detection - CORRECT ANSWER- Intrusion detection will
only notify if a packet matches a rule. Intrusion prevention will drop the packet if a rule
matches it.
Virtual Patching - CORRECT ANSWER- Intrusion Prevention allows for applications with
unpatched vulnerabilities to be protected via the application of relevant rules using Intrusion
Prevention . Not a replacement for software updates.
Protocol Hygiene - CORRECT ANSWER- Intrusion Prevention blocks traffic based on how
it follows protocol specifications. Ex: if malformed, corrupted. Packets would be dropped any
by the OS, but Intrusion Prevention prevents the OS from having to drop it.
Integrity Monitoring - CORRECT ANSWER- Monitors critical operating system and
application files, including directories, custom files, registry keys and values, open ports,
processes and services to provide real time detection and reporting of malicious and
unexpected changes. The Integrity Monitoring modules tracks both authorized and
unauthorized changes made to a server instance. Trusted event tagging reduces administration
overhead by automatically tagging similar events across the entire data center.
Application Control - CORRECT ANSWER- Takes baseline of the system, and if in 'allow'
mode, will track and monitor all changes based on golden image of correct configuration. If
in 'block' mode will block all sw actions that will modify it from that state.
Deep Security Manager - CORRECT ANSWER- The centralized management system to
create and manage comprehensive security policies and deploy protection to Deep Security
Agents and Deep Security Virtual Appliances. Does not provide protection itself, but instead,
manages the rules and policies which are distributed to the enforcement components in the
system. Supports multiple nodes for increased reliability, availability, scalability and
,performance. Supported on 64-bit Windows and Linux Red Hat Operating Systems.
Database - CORRECT ANSWER- Required for DSM for storing the information it needs to
function. Must be installed and a user account with the appropriate permissions must be
created
before installing the DSM. Supports: Microsoft SQL Server, Oracle or PostgreSQL, and
cloud deployments using the Marketplace option.
Deep Security Manager Web Console - CORRECT ANSWER- Allows for web-based
administration of system.
Administrative users authenticate to the console using Deep Security-created credentials or a
user name and password stored in Microsoft Active Directory. Can apply MFA to
authentication. Some operations can also be performed through the
Windows Command Prompt.
Deep Security Agent - CORRECT ANSWER- This software component provides the
protection modules to user endpoints. Supported on Windows, Linux, Solaris, HP-UX, and
AIX and can be installed
on either physical servers, virtual machines or cloud servers. Can also operate without an on-
host Agent for specific operations in a VMware environment using the Deep Security Virtual
Appliance.
Deep Security Relay - CORRECT ANSWER- Is a Deep Security Agent with relay
functionality enabled. Downloads and distributes security and software updates from the
Trend Micro Global Update
Server to Deep Security Agents and Deep Security Virtual Appliances. You must have at least
one enabled in your environment to keep your protection up-to-date. Improves performance
by distributing the task of delivering updates throughout your Deep
Security installation.
You must have at least one Deep Security Relay in your environment. You can co-locate the
Deep Security Relay on the same host as Deep Security Manager or install it on a separate
computer.
Can inherited Firewall rules be unassigned? - CORRECT ANSWER- Firewall Rules applied
through a parent-level Policy cannot be unassigned in a child-level policy.
, Apex Central - CORRECT ANSWER- Previously known as Control Manager, provides a
single unified interface to manage,
monitor, and report across multiple layers of security and deployment models. Allows
management of Deep Security, Apex One, as well as other Trend Micro
products, from a single interface.
User-based visibility shows what is happening across all endpoints, enabling administrators
to review
policy status and make changes across all user devices. In the event of a threat outbreak,
administrators have complete visibility of an environment to track how threats have spread.
Responsible for compiling the Suspicious Objects for use in Connected Threat
Defense.
Deep Security Virtual Appliance - CORRECT ANSWER- Is a virtual machine that
transparently enforces security policies on VMware ESXi virtual machines through NSX,
allowing agentless protection through the Anti-
Malware, Web Reputation, Firewall, Intrusion Prevention, and Integrity Monitoring modules.
If protection through the Log Inspection and Application Control module is required on a
virtual
machine, a Deep Security Agent can be installed on the virtual machine itself.
It runs as a VMware virtual machine and protects other virtual machines running on the same
ESXi Server, each with its own individual set of security policies. The implementation
depends on
limitations that exist within the licensing structure of VMWare NSX.
Deep Security Notifier - CORRECT ANSWER- A Windows System Tray application that
communicates the state of the Deep Security Agent and Deep Security Relay to client
machines. Displays a pop-up notifications in the System Tray when a Deep Security Agent
begins a scan, blocks malware or identifies a malicious web page.
