ST0-085 Symantec Security Information Manager 4.7 Technical Set 4

Which component of a Symantec Event Collector processes raw events into security events usinga set of event mapping rules? 


Options are :

  • Filter
  • Sensor
  • Translator
  • Data Parser

Answer : Translator

Which statement about the capabilities of the Event Archive Viewer is true? 


Options are :

  • Based on a histogram, you can select a time period for viewing.
  • You can execute a ping on any device shown in the Event Viewer.
  • Event details can be exported to tabular CSV format.
  • You can narrow the viewable time period to 5 minutes.

Answer : Based on a histogram, you can select a time period for viewing.

When querying archived event data, how can you make a query available to other users of thesystem? 


Options are :

  • save it in Public Templates
  • save it in Published Queries
  • check the Shared option on the saved query
  • grant Read Query permission to the domain

Answer : save it in Published Queries

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 6

You are installing the Symantec Security Information Manager Agent on a Windows platform.%°&,*╚ Which directory contains a log file indicating that the installation was successful?


Options are :

  • c:\Symantec\agent\log
  • c:\Symantec\log
  • c:\Program Files\Symantec\sesa\agent\log
  • c:\Program Files\Symantec\log

Answer : c:\Program Files\Symantec\sesa\agent\log

Which three ratings does the Information Manager Assets Table use to quantify the importance ofthe device and help determine how to escalate security incidents related to that device? A. ConfidentialityB. CriticalityC. AvailabilityD. PriorityE. Integrity


Options are :

  • B,C,D
  • B,C,E
  • A,B,C
  • A,C,E

Answer : A,C,E

After setting up the Symantec Security Information Manager (SSIM) appliance, where do youchange network settings? 


Options are :

  • SSIM Client --> Configuration tab --> Network Settings
  • SSIM Start Page --> Configure Appliance --> Network Settings
  • SSIM Console --> Maintenance tab --> Network Settings
  • Command Prompt --> ifconfig

Answer : SSIM Start Page --> Configure Appliance --> Network Settings

ST0-085 Symantec Security Information Manager Practice Exam Set 1

Which is an off-box collector of Symantec Security Information Manager?


Options are :

  • Cisco PIX
  • Symantec AntiVirus
  • Snort
  • Checkpoint Firewall

Answer : Symantec AntiVirus

You are troubleshooting your Symantec Security Information Manager (SSIM) system. You issuethe "status" command at the console of your Correlation Server. %°&,*╚ Which SSIM processinformation does the "status" command display?A. process IDB. maximum uptimeC. process uptimeD. number of connections


Options are :

  • A,B,D
  • B,D,A
  • A,C,D
  • A,B,C

Answer : A,B,C

What are two ways in which new entries can be added to the Assets Table of a Symantec SecurityInformation Manager solution?A. through the Lookup Tables pane of the Information Manager ConsoleB. importing from HP OpenView through the OpenView Integration featureC. importing from a .CSV file exported from Active DirectoryD. automatic population through a supported vulnerability scanner


Options are :

  • A,D
  • C,D
  • A,C
  • A,B

Answer : C,D

250-371 Administration Symantec NetBackup 7.5 Windows Exam Set 10

You are troubleshooting performance problems on your Symantec Security Information Managersystem. %°&,*╚Which console utility should you use to view the number of dropped packets on the networkinterface?


Options are :

  • top
  • mii-tool
  • ifconfig
  • ps

Answer : ifconfig

How can you determine which ports are potentially vulnerable on a given host in the AssetsTable?


Options are :

  • by viewing the Details tab for the asset
  • by running the Host Information report on the asset
  • by running the NetScan user action on the asset
  • by looking at the Services tab on the asset

Answer : by looking at the Services tab on the asset

When troubleshooting the installation of Symantec Security Information Manager, which consolecommand would you use to determine the "status" of the HTTP server?


Options are :

  • java -jar SesaInfo.jar
  • status
  • eventservice
  • sesa_chk http

Answer : status

ST0-10X Veritas Storage Foundation 5 for Unix Practice Test Set 1

You manage the Symantec Security Information Manager system for your company. A newly installed server is performing very slowly on the network. You suspect a problem with the Ethernetduplex negotiation on the new server. %°&,*╚ Which console command should you use to see theduplex status on the server?


Options are :

  • traceroute
  • netstat
  • ifconfig
  • ethtool

Answer : ethtool

Which three statements about Symantec Security Information Manager domains are true?A. Domains allow logical grouping of appliances.B. Each domain must have its own model 9650 appliance.C. A domain can include many model 9630 appliances.D. A single master directory ties all domains together.


Options are :

  • A,B,D
  • A,B,C
  • A,C,D
  • B,D,A

Answer : A,B,C

Which two roles are able to modify permissions within the Symantec Security Information Managersolution?A. SES AdministratorB. Root AdministratorC. System AdministratorD. Domain Administrator


Options are :

  • A,D
  • B,D
  • A,B
  • A,C

Answer : A,D

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

Which Symantec Security Information Manager feature provides a centralized list of the hosts anddevices in a network that are subject to security event correlation?


Options are :

  • Security Object Database
  • Assets Table
  • Correlation Database
  • Host Table

Answer : Assets Table

How is vulnerability information added to asset properties in the Assets Table?


Options are :

  • automatically populated from a vulnerability scan
  • by importing a .CSV file generated by a vulnerability scanner
  • by running the Vulnerability Check user action on an asset
  • manually set through the console Vulnerabilities tab

Answer : automatically populated from a vulnerability scan

Which three user actions can be executed by the Information Manager Event Viewer?A. FingerB. pingC. trace routeD. nslookupE. whois


Options are :

  • B,C,D
  • A,B,C
  • A,C,E
  • A,C,D

Answer : A,B,C

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 12

After installation, where would you go to purge the database?


Options are :

  • Symantec Security Information Manager --> Configure Appliance --> Purge tab
  • Symantec Security Information Manager --> Configure Appliance --> Database Utilities tab
  • Symantec Security Information Manager Console --> Systems tab
  • use the dbpurge command at the server console

Answer : Symantec Security Information Manager --> Configure Appliance --> Database Utilities tab

Using built-in functionality, what are three ways the Assets Table can reduce the reporting of false

positive security incidents?A. assigns proper CIA values to each asset in the tableB. schedules daily updates of vulnerability information from Symantec's LiveUpdate serviceC. populates the Policies tab with policies that apply to each assetD. uses a supported vulnerability scanner to help prioritize incidentsE. configures normalization of event data captured by the collectors


Options are :

  • B,C,D
  • A,C,D
  • A,B,C
  • A,C,E

Answer : A,C,D

You are designing a new Symantec Security Information Manager (SSIM) solution for yourcompany.%°&,*╚When designing the structure of your SSIM domain, computers are separated into logical groupscalled _____.


Options are :

  • Organizational Units
  • Operational Groups
  • Domain Groups
  • Domain Roles

Answer : Organizational Units

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 8

Which step should be taken to prepare for an installation of a Symantec Security InformationManager Agent on a new system? 


Options are :

  • run "setup -i" to run the pre-installation check
  • verify that JRE 1.4.2 or higher is installed
  • remove old versions of the agent
  • ping the appliance IP address and name

Answer : ping the appliance IP address and name

Which two default administrative user accounts are created during the installation of SymantecSecurity Information Manager?A. Root AdministratorB. Domain AdministratorC. SES AdministratorD. System AdministratorE. Local Administrator


Options are :

  • A,C
  • A,D
  • A,E
  • B,C

Answer : B,C

When are the effective privileges of the SES Administrator role and Domain Administrator roleequivalent? 


Options are :

  • when the system is newly installed and a domain has not yet been created
  • when the Domain Administrator role is given permission to create users and roles
  • when there is only one domain in the system
  • when the administrator is assigned the SES Administrator role

Answer : when there is only one domain in the system

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 1

By default, event archives are stored for up to _____ days.


Options are :

  • 10
  • 90
  • 60
  • 30

Answer : 10

When troubleshooting the installation of Symantec Security Information Manager (SSIM), the"status" console command displays the status of which critical SSIM service?


Options are :

  • DB2 database
  • Tomcat servlet engine
  • Apache web server
  • Information Manager

Answer : DB2 database

Which statement is true about rules in a Symantec Security Information Manager solution? 


Options are :

  • Rules can be configured on each asset that will launch a vulnerability scan when a specific type of event occurs.
  • The Rules tab can be used on the console to automatically identify available ports on an asset.
  • Rules can be created that escalate events to incidents, based on policies defined on each asset.
  • The Rules Editor can create policies on each asset to determine what rules are executed when an event occurs.

Answer : Rules can be created that escalate events to incidents, based on policies defined on each asset.

ST0-085 Symantec Security Information Manager Practice Exam Set 6

Which two are commonly used to view archived events?A. Information Manager Event ViewerB. Archive Management Console tabC. Query WizardD. Incident Management Console tab


Options are :

  • B,D
  • A,C
  • A,B
  • A,D

Answer : A,C

You are in the process of installing and configuring a new Symantec Security Information Manager(SSIM) solution. Your company uses a CheckPoint firewall. %°&,*╚ Which two tasks must youperform to allow the CheckPoint collector to receive log information from the CheckPoint firewall?A. create the OPSEC applicationB. configure CheckPoint ACL to communicate with the SSIM applianceC. configure the CheckPoint LEA serverD. configure CheckPoint to forward syslog events to the SSIM appliance


Options are :

  • A,C
  • B,D
  • A.D
  • A,B

Answer : A,C

Which two search templates are pre-defined by Information Manager?A. Host ActivityB. Internal ActivityC. IDS ActivityD. Firewall ActivityE. Port Activity


Options are :

  • A,E
  • A,C
  • A,B
  • A,D

Answer : A,E

251-312 Administration Symantec Backup Exec 12 Windows Exam Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions