ST0-085 Symantec Security Information Manager 4.7 Technical Set 2

How is the Symantec Security Information Manager (SSIM) Console installed?


Options are :

  • On the SSIM DVD, go to Tools and install the client.
  • No installation is necessary because SSIM is a browser-based tool.
  • Go to the SSIM web interface, download the client and click Run.
  • From the SSIM appliance, deploy the console to your machine.

Answer : Go to the SSIM web interface, download the client and click Run.

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 10

Which console command would you use to determine the "status" of the HTTP server whentroubleshooting the installation of Symantec Security Information Manager (SSIM)?


Options are :

  • eventservice
  • status
  • sesa_chk http
  • java -jar SesaInfo.jar

Answer : status

When designing a new Symantec Security Information Manager (SSIM) solution for a company,what structure should be created in a SSIM domain to place systems under? 


Options are :

  • Operational Groups
  • Domain Groups
  • Organizational Units
  • Domain Roles

Answer : Organizational Units

How do you install a valid DeepSight Integration License?


Options are :

  • Open the Symantec Security Information Manager Console; select Configure Appliance; click on DeepSight Integration Manager Configuration.
  • On the appliance, place the license in the /opt/Symantec/license folder. D. Use the Install License Wizard.
  • Open Symantec Security Information Manager Console; select Configure Appliance; click on Licenses.

Answer : On the appliance, place the license in the /opt/Symantec/license folder. D. Use the Install License Wizard.

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 10

What information is necessary to properly size a deployment?  


Options are :

  • hard drive space, incidents per second and collector types
  • hard drive space, events per second and geographic locations
  • events per second,collector types and incident-to-event ratio
  • events per second, geographic locations and event-to-incident ratio

Answer : events per second, geographic locations and event-to-incident ratio

What are the hard drive specifications for the hardware?


Options are :

  • 6 drives (2 mirrored and 4 in RAID 5)
  • 6 drives (RAID 5)
  • 2 drives (mirrored)
  • 6 drives (2 mirrored and 4 in RAID 10)

Answer : 6 drives (2 mirrored and 4 in RAID 5)

After setting up the Symantec Security Information Manager (SSIM) appliance, where are networksettings changed?


Options are :

  • SSIM Start Page --> Settings--> Network Settings
  • SSIM Client --> Configuration tab --> Network Settings
  • SSIM Console --> Maintenance tab --> Network Settings
  • Command Prompt --> ifconfig

Answer : SSIM Start Page --> Settings--> Network Settings

250-271 Administration Symantec Net Backup 7.5 for Unix Exam Set 9

Which console utility should be used to view the number of dropped packets on the networkinterface when troubleshooting performance problems on the Symantec Security InformationManager system? 


Options are :

  • ifconfig
  • top
  • mii-tool
  • ps

Answer : ifconfig

Which component of a Symantec Event Collector processes raw events into security events usinga set of event mapping rules?


Options are :

  • Data Parser
  • Translator
  • Sensor
  • Filter

Answer : Filter

Which component escalates security events into incidents?


Options are :

  • events
  • incidents
  • rules
  • tickets

Answer : rules

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 7

When are the effective privileges of the SES Administrator role and Domain Administrator roleequivalent?


Options are :

  • when there is only one domain in the system
  • when the system is newly installed and a domain has not yet been created
  • when the administrator is assigned the SES Administrator role
  • when the Domain Administrator role is given permission to create users and roles

Answer : when there is only one domain in the system

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 10

Which two ratings does the Information Manager Assets Table use to quantify the importance ofthe device and help determine how to escalate security incidents related to that device? (Selecttwo.)A. ConfidentialityB. CriticalityC. SeverityD. PriorityE. Integrity


Options are :

  • A,C
  • A,E
  • B,C
  • A,D
  • A,B

Answer : A,E

Which task does Symantec Security Information Manager perform relating to IncidentManagement?


Options are :

  • Performs remediation on the attack.
  • Creates a vulnerability category.
  • Projects and documents future attacks.
  • Assigns incidents to a team member.

Answer : Assigns incidents to a team member.

Which Correlation Rule type does the Correlation Manager use?


Options are :

  • Aggregation Processing (triggers on aggregorious behavior)
  • Contiguous Event Rules (looks for a pattern of events)
  • Assets Tables (matches a field in the asset table)
  • Multiple Event Rules (looks for a pattern of events)

Answer : Multiple Event Rules (looks for a pattern of events)

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 1

Which section can be found on the Status pane located on the Statistics page?


Options are :

  • Router Connectivity Status
  • Agent Status
  • Database Health Monitor
  • Correlation Event Status

Answer : Database Health Monitor

How many days of data is stored in the archives before it is purged?


Options are :

  • 10
  • 30
  • unlimited
  • 60

Answer : unlimited

What does the Correlation Engine do once custom rules are properly defined?


Options are :

  • Analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incident.
  • Correlates events against the rule criteria, analyzes conclusions and creates impending incidents.
  • Analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents.
  • Applies individual rules to events, analyzes conclusions and correlates events into incidents.

Answer : Correlates events against the rule criteria, analyzes conclusions and creates impending incidents.

250-405 Administration of Symantec Management Platform Test Set 1

Which is commonly used to view archived events?


Options are :

  • Event Viewer API
  • Incident Management Console tab
  • Archive Management Console tab
  • Information Manager Event Viewer

Answer : Information Manager Event Viewer

Which option in the Rules Monitors list allows for follow-up actions that are required to resolve theincident?


Options are :

  • Actions
  • Properties
  • History
  • Monitors list

Answer : Actions

What is the common way in which new entries can be added to the Assets Table of a SymantecSecurity Information Manager solution?


Options are :

  • importing from a rule that is monitoring traffic on the network
  • importing from HP OpenView through the OpenView Integration feature
  • automatic population through a supported vulnerability scanner
  • through the Lookup Tables pane of the Information Manager Console

Answer : automatic population through a supported vulnerability scanner

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 6

Which role is able to modify permissions within the Symantec Security Information Managersolution?


Options are :

  • Domain Administrator
  • System Administrator
  • Root Administrator
  • DB2 Administrator

Answer : Domain Administrator

When querying archived event data, how can you make a query available to other users of thesystem? 


Options are :

  • Check the Shared option on the saved query.
  • Grant Read Query permission to the domain.
  • Save it in Published Queries.
  • Save it in Public Templates.

Answer : Check the Shared option on the saved query.

What are two ways the Assets Table can reduce the reporting of false positive security incidentsusing built-in functionality? (Select two.)A. assigns proper CIA values to each asset in the tableB. schedules daily updates of vulnerability information from Symantec's LiveUpdate serviceC. populates the Policies tab with policies that apply to each assetD. uses a supported vulnerability scanner to help prioritize incidentsE. configures normalization of event data captured by the collectors


Options are :

  • A,C
  • A,B
  • A,E
  • C,D

Answer : C,D

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 4

Which statement is true about rules in a Symantec Security Information Manager solution?


Options are :

  • The Rules tab can be used on the console to automatically identify available ports on an asset.
  • The Rules Editor can create policies on each asset to determine what rules are executed when an event occurs.
  • Rules can be configured on each asset that will launch a vulnerability scan when a specific type of event occurs.
  • Rules can be created that escalate events to incidents, based on policies defined on each asset.

Answer : Rules can be created that escalate events to incidents, based on policies defined on each asset.

Which option allows events to be ignored by the Correlation Rules and no longer be processed?


Options are :

  • Conditions
  • Criteria
  • Event Filters
  • Bypass Rules

Answer : Event Filters

How can you determine which ports are potentially vulnerable on a given host in the AssetsTable?


Options are :

  • by viewing the Details tab for the asset
  • by running the Host Information report on the asset
  • by looking at the Services tab on the asset
  • by running the NetScan user action on the asset

Answer : by looking at the Services tab on the asset

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 3

What information does the Correlation Manager use to identify and prioritize incidents? 


Options are :

  • DeepSight
  • event history
  • incident
  • assets

Answer : assets

What is the purpose of normalization? 


Options are :

  • to process the events across multiple devices for the Correlation Manager to strategize the events more quickly
  • to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
  • to correlate events across multiple devices for the Correlation Manager to compare all events equally
  • to standardize events across multiple devices for the Correlation Manager to compare all events equally

Answer : to standardize events across multiple devices for the Correlation Manager to compare all events equally

What is the unique identifier that normalization provides for each type of event?


Options are :

  • maps events to a device-specific signature
  • adds Correlation Manager-specific data to the translated event
  • maps incidents to a device-specific signature
  • adds Correlation Manager-specific data to the translated incident

Answer : adds Correlation Manager-specific data to the translated event

250-400 Administration Altiris Client Management Suite Exam Set 6

What type of data that comes from DeepSight is mapped to vulnerability, exposure, maliciouscode, and safeguard mitigation strategies?


Options are :

  • relationships between events
  • correlated incident activities
  • normalized event signatures
  • correlated event activities

Answer : normalized event signatures

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions