Trend Micro Deep Security Certification Exams Questions and Answers 2023

The Firewall Protection Module is enabled in a new child policy called Internal-SQL. You notice that some rules for Firewall are already enabled in the policy, but when you try to remove one of the rules, the item is greyed out. Why are you not able to remove the rules for the Firewall Protection Module in this policy? - Rules can be assigned at any level in the Rules hierarchy, but not unassigned DS Protection modules - Enterprise level gives everything. DSaaS does, too. Otherwise can choose from following packages: Anti-malware package: Anti-malware and web reputation Systems package: Integrity monitoring, log inspection, and application control Networking Package: Firewall and intrusion prevention Anti-Malware - Detects and blocks malicious software intended to harm. Can run scheduled, real-time, on-demand scans. If new file found, connects to SPN to identify. Web Reputation - Tracks the credibility of websites to safeguard servers from malicious URLs. It integrates with the Trend Micro Smart Protection Network to detect and block Web-based security risks, including phishing attacks. Blocks servers from accessing compromised sites using internal requests. Web Reputation vs Firewall - Web reputation dynamically looks at all traffic to see if it is malicious. Firewall is binary and only blocks what you tell it to. It does not connect with SPN. Firewall - Provides broad coverage for all IP-based protocols and frame types as well as fine-grained filtering for ports and IP and MAC addresses through a bidirectional, stateful firewall. Examines the header information in each network packet to allow or deny traffic based on direction, specific frame types, transport protocols, source and destination addresses, ports, and header flags. Can prevent denial of service attacks as well as block reconnaissance scans. Intrusion Prevention - Examines all incoming and outgoing traffic at the packet level searching for any content that can signal an attack. Uses sophisticated, proprietary rules based on known vulnerabilities to your OS and applications. Rules are recommended based on recommendation scan for vulnerabilities. If a packet matches a rule, it will be dropped. Intrusion Prevention vs Intrusion Detection - Intrusion detection will only notify if a packet matches a rule. Intrusion prevention will drop the packet if a rule matches it. Virtual Patching - Intrusion Prevention allows for applications with unpatched vulnerabilities to be protected via the application of relevant rules using Intrusion Prevention . Not a replacement for software updates. Protocol Hygiene - Intrusion Prevention blocks traffic based on how it follows protocol specifications. Ex: if malformed, corrupted. Packets would be dropped any by the OS, but Intrusion Prevention prevents the OS from having to drop it. Integrity Monitoring - Monitors critical operating system and application files, including directories, custom files, registry keys and values, open ports, processes and services to provide real time detection and reporting of malicious and unexpected changes. The Integrity Monitoring modules tracks both authorized and unauthorized changes made to a server instance. Trusted event tagging reduces administration overhead by automatically tagging similar events across the entire data center. Application Control - Takes baseline of the system, and if in 'allow' mode, will track and monitor all changes based on golden image of correct configuration. If in 'block' mode will block all sw actions that will modify it from that state. Deep Security Manager - The centralized management system to create and manage comprehensive security policies and deploy protection to Deep Security Agents and Deep Security Virtual Appliances. Does not provide protection itself, but instead, manages the rules and policies which are distributed to the enforcement components in the system. Supports multiple nodes for increased reliability, availability, scalability and performance. Supported on 64-bit Windows and Linux Red Hat Operating Systems. Database - Required for DSM for storing the information it needs to function. Must be installed and a user account with the appropriate permissions must be created before installing the DSM. Supports: Microsoft SQL Server, Oracle or PostgreSQL, and cloud deployments using the Marketplace option. Deep Security Manager Web Console - Allows for web-based administration of system. Administrative users authenticate to the console using Deep Security-created credentials or a user name and password stored in Microsoft Active Directory. Can apply MFA to authentication. Some operations can also be performed through the Windows Command Prompt. Deep Security Agent - This software component provides the protection modules to user endpoints. Supported on Windows, Linux, Solaris, HP-UX, and AIX and can be installed on either physical servers, virtual machines or cloud servers. Can also operate without an on-host Agent for specific operations in a VMware environment using the Deep Security Virtual Appliance. Deep Security Relay - Is a Deep Security Agent with relay functionality enabled. Downloads and distributes security and software updates from the Trend Micro Global Update Server to Deep Security Agents and Deep Security Virtual Appliances. You must have at least one enabled in your environment to keep your protection up-to-date. Improves performance by distributing the task of delivering updates throughout your Deep Security installation. You must have at least one Deep Security Relay in your environment. You can co-locate the Deep Security Relay on the same host as Deep Security Manager or install it on a separate computer. Can inherited Firewall rules be unassigned? - Firewall Rules applied through a parent-level Policy cannot be unassigned in a child-level policy. Apex Central - Previously known as Control Manager, provides a single unified interface to manage, monitor, and report across multiple layers of security and deployment models. Allows management of Deep Security, Apex One, as well as other Trend Micro products, from a single interface. User-based visibility shows what is happening across all endpoints, enabling administrators to review policy status and make changes across all user devices. In the event of a threat outbreak, administrators have complete visibility of an environment to track how threats have spread. Responsible for compiling the Suspicious Objects for use in Connected Threat Defense. Deep Security Virtual Appliance - Is a virtual machine that transparently enforces security policies on VMware ESXi virtual machines through NSX, allowing agentless protection through the Anti- Malware, Web Reputation, Firewall, Intrusion Prevention, and Integrity Monitoring modules. If protection through the Log Inspection and Application Control module is required on a virtual machine, a Deep Security Agent can be installed on the virtual machine itself. It runs as a VMware virtual machine and protects other virtual machines running on the same ESXi Server, each with its own individual set of security policies. The implementation depends on limitations that exist within the licensing structure of VMWare NSX. Deep Security Notifier - A Windows System Tray application that communicates the state of the Deep Security Agent and Deep Security Relay to client machines. Displays a pop-up notifications in the System Tray when a Deep Security Agent begins a scan, blocks malware or identifies a malicious web page. The Notifier also provides a console utility that allows the user to view events and check the status of the agent. Installed with the Deep Security Agent by default on Windows servers. It may be installed separately on Windows VMs protected by the Deep Security Virtual Appliance. In this case, the Anti-Malware module must be licensed and enabled on the VM. Smart Protection Network - Delivers real-time updates of malware signatures and patterns. This cloud-client infrastructure delivers protection from emerging threats by continuously evaluating and correlating threat and reputation intelligence for websites, email sources, and files. Smart Protection Server - Can optionally be deployed locally on the network to improve access time and increase privacy on behalf of Anti-Malware and Web Reputation modules. Deep Security Smart Check - Performs pre-runtime scans of Docker images to detect OS vulnerabilities and malware, enabling you to fix issues before they reach the orchestration environment. Deep Security Scanner - Provides integration with the SAP NetWeaver platform and performs antimalware scans and reviews the information to identify potential threats in SAP systems. This is not supported on computers where the Deep Security Agent is enabled as a Relay. Deep Discovery Analyzer - A secure virtual environment used to analyze samples submitted by Trend Micro products. Sandbox images allow observation of file and network behavior in a natural setting without any risk of compromising the network. Performs static analysis and behavior simulation to identify potentially malicious characteristics. During analysis, rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings which is then forwarded to Trend Micro Apex Central to build the suspicious objects list. Trend Micro Deep Security - The core of the Trend Micro Hybrid Cloud Security solution. Provides advanced server security for physical, virtual, and cloud-based computers and delivers multiple security techniques in a single product. This centrally-managed platform consolidates security operations within a single management dashboard for all capabilities. FIPS certified.