Trend Micro Deep-Security-Professional Dumps

Firewall, Application Control, and Integrity Monitoring

Intrusion Prevention, Firewall, Integrity Monitoring and Log Inspection

Log Inspection, Application Control, and Intrusion Prevention

Intrusion Prevention, Integrity Monitoring, and Log Inspection

Once the inventory scan has run when Application Control is first enabled, there is no way to update the inventory to incorporate modified software.

Software updates performed by a Trusted Updater will be automatically approved.

Edit the inventory database file (AC.db) on the Agent computer to include the hash of the newly updated software. Save the change and restart the Deep Security Agent. The software updates will now be approved.

Maintenance mode can be enabled while completing the updates.

Adding a tag to an Event modifies the Event data by adding fields, including the name of the tag, the date the tag was applied, and whether the tag was applied manually or automatically

Only a single tag can be assigned to an Event.

Events can be tagged automatically if they are similar to known good Events.

Events can be automatically deleted based on tags.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on specifically in this child policy.

The state for a Protection Module is always displayed as "Inherited (On)" until the module components are installed on the Deep Security Agent.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on at the computer level.

In this example, the state for the Web Reputation Protection Module is listed as "In-herited (On)" as it was inherited from the default setting in the Base Policy.

The Web Reputation and Application Control Protection Modules have been assigned a different policy that the other Protection Modules and as a result, are displayed with overrides.

The configuration for the Protection Modules is inherited from the policy assigned to this computer, except for the configuration of the Web Reputation and Application Control Protection Modules which have been set at the computer level.

The Protection Modules identified as Inherited in the exhibit have not yet been config-ured. Only the Web Reputation and Application Control Protection Modules have been configured.

The Protection Modules identified as Inherited in the exhibit have not yet been enabled. Only the Web Reputation and Application Control Protection Modules have been enabled at this point.

Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction.

Firewall rules using the Bypass action do not generate log events.

Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis.

Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there.

The Firewall Protection Module can check files for certain characteristics such as compression and known exploit code.

The Firewall Protection Module can identify suspicious byte sequences in packets.

The Firewall Protection Module can detect and block Cross Site Scripting and SQL In-jection attacks.

The Firewall Protection Module can prevent DoS attacks coming from multiple systems.

Firewall

Intrusion Prevention

Log Inspection

Integrity Monitoring

Disabling, then re-enabling the Intrusion Prevention Protection Module will trigger a new Recommendation Scan to be run. New rules will be included in the results of this new scan.

Recommendation Scans are only able to suggest Intrusion Prevention rules when the Protection Module is initially enabled.

Enable "Ongoing Scans" to run a recommendation scan on a regular basis. This will identify new Intrusion Prevention rules to be applied.

New rules are configured to be automatically sent to Deep Security Agents when Rec-ommendation Scans are run.

Both 32-bit and 64-bit Deep Security Agents can be promoted to a Deep Security Relay.

Deep Security Agents promoted to Deep Security Relays no longer provide the security capabilities enabled by the Protection Modules.

Deep Security Relays are able to process Deep Security Agent requests during updates.

Deep Security Agents communicate with Deep Security Relays to obtain security up-dates.

Smart Folders identify the folders that will be scanned when a Real-Time, Manual or Scheduled malware scan is run.

Smart Folders are a collection of subfolders containing the policy settings that are ap-plied to child policies or directly to Computers.

Smart Folders act as a saved search of computers which is executed each time the folder is clicked to display its contents.

Smart Folders are the containers used to store the results of Recommendation Scans. Once a Recommendation Scan has completed, and administrator can click a Smart Folder and select which of the recommended rules to apply.

Deep Security Agents forward Log Inspection Event details to Deep Security Manager in real time.

Log Inspection can only examine new Events and cannot examine logs entries created before the Protection Module was enabled.

Log Inspection can only examine Deep Security log information.

The Log Inspection Protection Module is supported in both Agent-based and Agentless implementations.