ST0-085 Symantec Security Information Manager 4.7 Technical Set 1

What is Device-level aggregation?


Options are :

  • parsing data with data sensors
  • event and logcensoring
  • forwarding event data to the appliance
  • grouping data to reduce traffic and database size

Answer : grouping data to reduce traffic and database size

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

Which of the following vendor hardware is recommended to use with Symantec SecurityInformation Manager (SSIM)? 


Options are :

  • NEC
  • Dell
  • IBM
  • Hitachi

Answer : Dell

Which OS listed does hardware used for the Symantec Security Information Manager (SSIM)image support?


Options are :

  • Centos
  • SUSE
  • Redhat
  • SE Linux

Answer : Redhat

Which third-party software components support LDAP for users, roles, and configurations?


Options are :

  • IBM Directory Server
  • IBM DB2 8.1
  • IBM DB2 8.2
  • Microsoft Active Directory Server

Answer : IBM Directory Server

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 8

Which critical SSIM service status is displayed on the "status" console command whentroubleshooting the installation of Symantec Security Information Manager (SSIM)?


Options are :

  • Apache web server
  • DB2 database
  • Tomcat servlet engine
  • Information Manager

Answer : DB2 database

Which statement about Symantec Security Information Manager domains is true? 


Options are :

  • Domains are based on Active Directory domains.
  • A domain can be a group of separate correlation systems.
  • A single master directory ties all domains together.
  • A domain can be a group of a single correlation system and multiple collection systems.

Answer : A domain can be a group of a single correlation system and multiple collection systems.

Which tab on the Information Manager Console allows you to view threat and vulnerabilityinformation?


Options are :

  • Reports
  • Intelligence
  • None of the Above
  • Rules
  • Dashboard

Answer : Intelligence

ST0-135 Symantec Network Access Controls Technical Exam Set 2

How are computers logically grouped in Symantec Security Information Manager (SSIM)?


Options are :

  • Domain Local Groups
  • Organizational Units
  • Organizational Roles
  • Global Groups

Answer : Organizational Units

Which component sends events to the Event Service for processing?


Options are :

  • the Symantec Security Information Manager (SSIM) collector
  • the Symantec Security Information Manager (SSIM) off-box collector
  • the Symantec Security Information Manager (SSIM) agent
  • the Symantec Security Information Manager (SSIM) on-box collector

Answer : the Symantec Security Information Manager (SSIM) agent

Which of the following are all on-box collectors? 


Options are :

  • PIX, UNIX Syslog and Data Leakage Prevention
  • Checkpoint, Snort and PIX
  • PIX, Snort and Symantec Web Gateway
  • Checkpoint, UNIX Syslog and Control Compliance Suitex

Answer : Checkpoint, Snort and PIX

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 3

Which two default administrative user accounts are created during the installation of SymantecSecurity Information Manager? (Select two.)A. Root AdministratorB. Domain AdministratorC. SES AdministratorD. System Administrator E. Local Administrator  


Options are :

  • B,C
  • A,C
  • A,B
  • A,D

Answer : B,C

Which step should be taken to prepare for an installation of a Symantec Security InformationManager Agent on a new system? 


Options are :

  • Ping the appliance IP address and name.
  • Remove old versions of the agent.
  • Run "setup -i" to run the pre-installation check.
  • Verify that JRE 1.4.2 or higher is installed.

Answer : Ping the appliance IP address and name.

Where is LiveUpdate for Symantec Security Information Manager (SSIM) configured?   


Options are :

  • from a command prompt
  • SSIM Start Page --> Maintenance--> LiveUpdate tab
  • SSIM Console --> Systems tab --> LiveUpdate tab
  • SSIM Client --> Maintenance tab --> LiveUpdate tab

Answer : SSIM Start Page --> Maintenance--> LiveUpdate tab

250-405 Administration of Symantec Management Platform Exam Set 2

Where do Symantec Security Information Manager collectors send events? 


Options are :

  • Event Archive
  • Event Logger
  • Event Disposition
  • Event Reporting

Answer : Event Logger

Which component of a Symantec Event Collector reads event data from a specific securityproduct?


Options are :

  • Data Parser
  • Translator
  • Filter
  • Sensor

Answer : Sensor

Which LDAP port is used by the security directory?


Options are :

  • Port 443
  • Port 22
  • Port 389
  • Port 636

Answer : Port 636

ST0-247 Symantec Cluster Server 6.1 for UNIX Certifate Exam Set 1

Which is an off-box collector of Symantec Security Information Manager?


Options are :

  • Snort
  • Cisco PIX
  • Checkpoint Firewall
  • Windows

Answer : Windows

What information must be obtained prior to product deployment and configuration of the SymantecSecurity Information Manager appliance?


Options are :

  • the number of nodes found in the customer's infrastructure
  • which on-box collectors are appropriate for installation
  • the number of security events per day the appliance will handle
  • the air-conditioning and power requirements

Answer : the number of security events per day the appliance will handle

Symantec Security Information Manager Series Appliance installs which operating system bydefault?


Options are :

  • SUSE
  • Windows
  • Solaris
  • Red Hat

Answer : Red Hat

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 7

A newly installed server is performing very slowly on the network. A problem with the Ethernetduplex negotiation on the new server is suspected. &,* ߼滻Which console commandshould the Administrator of the Symantec Security Information Manager use to see the duplexstatus on the server? 


Options are :

  • ifconfig
  • netstat
  • traceroute
  • ethtool

Answer : ethtool

What is the purpose of the critical business assets management feature?


Options are :

  • It obtains an overview of business assets.
  • It makes it possible to change collectors' configurations to meet business assets needs.
  • It provides a visual picture of where critical business assets are located.
  • It enables automatic identification and prioritization of security threats that impact businesscritical applications.

Answer : It provides a visual picture of where critical business assets are located.

Where are the database options configured after installation?


Options are :

  • Symantec Security Information Manager --> Configure Appliance --> Purge tab
  • Symantec Security Information Manager Console --> Systems tab
  • use the dbpurge command at the server console
  • Symantec Security Information Manager --> Settings--> Database Utilities tab

Answer : Symantec Security Information Manager --> Settings--> Database Utilities tab

ST0-085 Symantec Security Information Manager Practice Exam Set 4

What is the difference between Symantec Security Information Manager (SSIM) on-box and offboxcollectors?


Options are :

  • Off-box collectors are installed on the appliance and on-box collectors are installed on assets.
  • On-box collectors are automatically installed with the SSIM software and off-box collectors are installed separately.
  • Off-box collectors are installed on the SSIM products and on-box collectors are installed on the appliance.
  • On-box collectors are installed prior to SSIM software installation and off-box collectors are installed separately.

Answer : On-box collectors are automatically installed with the SSIM software and off-box collectors are installed separately.

When installing the Symantec Security Information Manager Agent and Collector on a Windowsplatform, which command shows that the agent is installed and running?


Options are :

  • java -jar agentstatus.jar -a
  • agent_constatus
  • sesa_status
  • agentmgmt.bat

Answer : agentmgmt.bat

Which Symantec Security Information Manager component retrieves security content in near-realtimefrom Symantec?


Options are :

  • LiveUpdate and licensed DeepSight Integration Module simultaneously
  • Licensed DeepSight Integration Module
  • Security content retrieval is automatic.
  • LiveUpdate

Answer : Licensed DeepSight Integration Module

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 6

Which database houses incidents and summary data?


Options are :

  • IBM DB2
  • MSSQL
  • Oracle
  • MySQL

Answer : MSSQL

What are the specified minimum hardware requirements for installing and running the SymantecSecurity Information Manager Console?


Options are :

  • 1 GB RAM and 512 MB disk space
  • 512 MB RAM and 103 MB disk space
  • 512 MB RAM and 1 GB disk space
  • 1 GB RAM and 1 GB disk space

Answer : 512 MB RAM and 103 MB disk space

On which two operating systems can the Symantec Security Information Manager Agent beinstalled? (Select two.)A. Solaris 9B. Windows 2000C. CentosD. IBM AIX 5E. HP-UX 11


Options are :

  • A,D
  • A,C
  • A,B
  • A,E

Answer : A,B

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 2

When managing the Symantec Security Information Manager (SSIM) solution for a company, theCisco PIX collector needs to be configured to process events from a Cisco PIX firewall.&,* ߼滻What must be done on the PIX firewall to accomplish this? 


Options are :

  • Configure SSL communication from the firewall to the SSIM appliance.
  • Enable the Log Export API.
  • Open port 514 on the firewall for access from the SSIM appliance.
  • Configure it to send syslog messages to the SSIM appliance.

Answer : Configure it to send syslog messages to the SSIM appliance.

What does the Correlation Engine analyze events against once all rules are properly defined?


Options are :

  • false positives, create conclusions, and correlate conclusions into incidents
  • the rule criteria, create triggers, and correlate conclusions into incidents
  • the rule criteria, create conclusions, and send conclusions to the database
  • the rule criteria, create conclusions, and correlate conclusions into incidents

Answer : the rule criteria, create conclusions, and correlate conclusions into incidents

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions