ST0-085 Symantec Security Information Manager 4.7 Technical Set 6

Which tab on the Information Manager Console allows you to view threat and vulnerabilityinformation? 


Options are :

  • Rules
  • Reports
  • Intellegence
  • Dashboard

Answer : Intellegence

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

Which third-party software components support LDAP for users, roles, and configurations?


Options are :

  • IBM DB2 8.2
  • IBM Directory Server 7.0
  • IBM DB2 8.1
  • IBM Directory Server 6.0

Answer : IBM Directory Server 6.0

Did you participate in formal Symantec training for this exam? If so, please select the type oftraining that you completed. (Select all that apply.)


Options are :

  • Virtual instructor-led classroom
  • Distributor or reseller-hosted webcast
  • Instructor-led classroom
  • Other
  • Symantec-hosted webcast

Answer : Other

The Symantec Security Information Manager includes a(n) _____ feature that allows the securityadministrator to instantly access a customized view of major security indicators. 


Options are :

  • dashboard
  • events
  • None
  • reports
  • intelligence page

Answer : dashboard

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 4

What is the purpose of the critical business assets management feature?


Options are :

  • It provides a visual picture of where ciritical business assets are located.
  • It enables automatic identification and priorization of security threats that impact businesscritical applications.
  • It obtains an overview of business assets.
  • It makes it possible to change collectors' configurations to meet business assets needs.

Answer : It enables automatic identification and priorization of security threats that impact businesscritical applications.

Symantec Security Information Manager automatically escalates security events into incidentsbased on a number of pre-defined and user-defined _____. 


Options are :

  • tickets
  • rules
  • incidents
  • events

Answer : rules

Once data is archived and removed from Symantec Security Information Manager, what allowsyou to access that data? 


Options are :

  • Correlated Event Viewer
  • Event Archive Viewer
  • Archive Log Viewer
  • Incident Archive Viewer

Answer : Event Archive Viewer

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 8

Which general release version of JRE is installed with the product? 


Options are :

  • 2.0
  • 1.2
  • 1.4.2
  • 1.5.0

Answer : 1.5.0

Which RAID level is recommended in a DAS configuration? 


Options are :

  • RAID 1
  • RAID 7
  • RAID 5
  • RAID 10

Answer : RAID 5

Once all rules are properly defined, the Correlation Engine can analyze events against _____.


Options are :

  • the rule criteria, create conclusions, and correlate conclusions into incidents
  • the rule criteria, create conclusions, and send conclusions to the database
  • the rule criteria, create triggers, and correlate conclusions into incidents
  • false positives, create conclusions, and correlate conclusions into incidents

Answer : the rule criteria, create conclusions, and correlate conclusions into incidents

250-265 Data Protection Administration UNIX Practice Exam Set 3

Symantec Security Information Manager performs which two tasks related to IncidentManagement?A. creates a vulnerability categoryB. creates a helpdesk ticketC. projects and documents future attacksD. reports incidents to the SANS Internet Storm CenterE. assigns incidents to a team member


Options are :

  • A,D
  • B,E
  • A,C
  • B,E

Answer : B,E

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 1

Events that are filtered out remain stored in the ______.


Options are :

  • Event Archive
  • Incident History
  • Incident Repository
  • Event Logger

Answer : Incident History

Once custom rules are properly defined, the Correlation Engine _____. 


Options are :

  • applies individual rules to events, analyzes conclusions and correlates events into incidents
  • correlates events against the rule criteria, analyzes conclusions and creates impending incidents
  • analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incident
  • analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents

Answer : analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents

Symantec Security Information Manager's rule system considers events to be _____ objects, whileconclusions are products of the rule system.


Options are :

  • elemental
  • dispositional
  • complex
  • exponential

Answer : elemental

ST0-135 Symantec Network Access Control 12 Technical Exam Set 8

Which ODBC relational database does the Symantec Security Information Manager appliance useto store event and incident data? 


Options are :

  • MySQL
  • Oracle
  • MSSQL
  • IBM DB2

Answer : IBM DB2

Which two sources are used by Symantec Security Information Manager to create incidents? 


Options are :

  • Correlation Rules
  • Assets Table
  • analyst input
  • SANS Internet Storm Center

Answer : Correlation Rules

Which option allows events to be ignored by the Correlation Rules and be no longer processed?


Options are :

  • Bypass Rules
  • Event Filters
  • Criteria
  • Conditions

Answer : Event Filters

ST0-135 Symantec Network Access Controls Technical Exam Set 7

The Correlation Manager filters false positive events from networks and also identifies _____.


Options are :

  • attacks based on firewall patterns
  • worms that penetrate UNIX-only operating systems
  • failed user login attempts
  • viruses that permeate SNMP and SMTP traffic

Answer : attacks based on firewall patterns

Which tab on the Symantec Security Information Manager statistics page displays the appliance'smemory and CPU utilization, the database statistics, and the status of any database jobs?


Options are :

  • System Status
  • Maintenance Schedule
  • Event Service
  • Service Status

Answer : System Status

If a conclusion does not track to an existing incident it will become a (n) ______.


Options are :

  • occurring incident
  • new incident
  • occurring event
  • new event

Answer : new event

ST0-237 Symantec Loss Prevention Technical Practice Exam Set 4

The Correlation Manager component of Symantec Security Information Manager performsautomated real-time event ______.


Options are :

  • correlation, asset table analysis, event creation, and user input
  • correlation, aggregation, filtering, and incident creation
  • correlation, aggregation, asset table analysis, filtering, event and incident creation
  • correlation, agitation, filtering, and incident management

Answer : correlation, aggregation, filtering, and incident creation

When an event is received by the Symantec Security Information Manager (SSIM), the EventLogger component inserts events into the archive without doing other processing. This is thedefault behavior. Depending on the configuration and the components installed on the SSIM, howcan the inserted events be processed? 


Options are :

  • correlate events
  • isolate events
  • filter events
  • send the events to SSIM internal compiler

Answer : correlate events

What is the purpose of normalization? 


Options are :

  • to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
  • to process the events across multiple devices for the Correlation Manager to strategize the events more quickly
  • to correlate events across multiple devices for the Correlation Manager to compare all events equally
  • to standardize events across multiple devices for the Correlation Manager to compare all events equally

Answer : to standardize events across multiple devices for the Correlation Manager to compare all events equally

ST0-237 Symantec Loss Prevention Technical Practice Exam Set 2

Security data is continuously gathered from thousands of security sensors worldwide through theintegrated _____. 


Options are :

  • DeepSight Global Intelligence Network
  • Symantec Enterprise Security Manager
  • Symantec Security Information Manager
  • Symantec Sygate Solution

Answer : DeepSight Global Intelligence Network

Where is information about the health and performance of the Symantec Security InformationManager appliance found?


Options are :

  • Maintenance tab
  • System tab
  • Service tab
  • Statistics tab

Answer : Statistics tab

What information does the Correlation Manager use to identify and prioritize incidents?


Options are :

  • assets
  • DeepSight
  • event history
  • incident

Answer : assets

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 4

How does Symantec Security Information Manager allow the user to modify the tables in the eventdata archive? 


Options are :

  • add, delete, and reorganize predetermined rows
  • add, delete, and rename predetermined columns
  • add, delete, and reorganize predetermined columns
  • add, delete, and modify pre-existing columns

Answer : add, delete, and reorganize predetermined columns

If a false positive is confirmed, the event is discarded from _____ in Symantec SecurityInformation Manager. 


Options are :

  • disposition
  • aggregation
  • infiltration
  • correlation

Answer : correlation

Which type of database backup is performed during the Symantec Security Information Managerinstallation?


Options are :

  • an incremental, offline backup
  • an incremental, online backup
  • a full, offline backup
  • a full, online backup

Answer : a full, offline backup

251-312 Administration of Symantec Backup Exec 12 for Exam Set 7

Which two sections are found on the Status pane located on the Statistics page?A. Router Connectivity StatusB. Job StatusC. Database Health MonitorD. Correlation Event StatusE. Rule Congurency


Options are :

  • B,C
  • A,E
  • A,D
  • B,D

Answer : B,C

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions