ST0-085 Symantec Security Information Manager Practice Exam Set 2

Which is an off-box collector of Symantec Security Information Manager?


Options are :

  • Cisco PIX
  • Snort
  • Windows
  • Checkpoint Firewall

Answer : Windows

250-371 Administration Symantec NetBackup 7.5 Windows Exam Set 9

Which component sends events to the Event Service for processing?


Options are :

  • the Symantec Security Information Manager (SSIM) agent
  • the Symantec Security Information Manager (SSIM) off-box collector
  • the Symantec Security Information Manager (SSIM) on-box collector
  • the Symantec Security Information Manager (SSIM) collector

Answer : the Symantec Security Information Manager (SSIM) agent

Where are the database options configured after installation?


Options are :

  • Symantec Security Information Manager Console --> Systems tab
  • Symantec Security Information Manager --> Settings--> Database Utilities tab
  • use the dbpurge command at the server console
  • Symantec Security Information Manager --> Configure Appliance --> Purge tab

Answer : Symantec Security Information Manager --> Settings--> Database Utilities tab

What does the Correlation Engine analyze events against once all rules are properly defined?


Options are :

  • the rule criteria, create conclusions, and correlate conclusions into incidents
  • the rule criteria, create triggers, and correlate conclusions into incidents
  • false positives, create conclusions, and correlate conclusions into incidents
  • the rule criteria, create conclusions, and send conclusions to the database

Answer : the rule criteria, create conclusions, and correlate conclusions into incidents

ST0-085 Symantec Security Information Manager Practice Exam Set 6

When installing the Symantec Security Information Manager Agent and Collector on a Windows platform, which command shows that the agent is installed and running?


Options are :

  • agentmgmt.bat
  • java -jar agentstatus.jar -a
  • agent_constatus
  • sesa_status

Answer : agentmgmt.bat

When designing a new Symantec Security Information Manager (SSIM) solution for a company, what structure should be created in a SSIM domain to place systems under?


Options are :

  • Organizational Units
  • Domain Groups
  • Operational Groups
  • Domain Roles

Answer : Organizational Units

What are the specified minimum hardware requirements for installing and running the Symantec Security Information Manager Console?


Options are :

  • 512 MB RAM and 1 GB disk space
  • 1 GB RAM and 512 MB disk space
  • 1 GB RAM and 1 GB disk space
  • 512 MB RAM and 103 MB disk space

Answer : 512 MB RAM and 103 MB disk space

ST0-247 Symantec Cluster Server 6.1 for UNIX Certifate Exam Set 7

When managing the Symantec Security Information Manager (SSIM) solution for a company, the Cisco PIX collector needs to be configured to process events from a Cisco PIX firewall. &,* ߼滻 What must be done on the PIX firewall to accomplish this?


Options are :

  • Configure it to send syslog messages to the SSIM appliance.
  • Configure SSL communication from the firewall to the SSIM appliance.
  • Enable the Log Export API.
  • Open port 514 on the firewall for access from the SSIM appliance.

Answer : Configure it to send syslog messages to the SSIM appliance.

Which tab on the Information Manager Console allows you to view threat and vulnerability information?


Options are :

  • Dashboard
  • Rules
  • Reports
  • Intelligence

Answer : Intelligence

What is the purpose of the critical business assets management feature?


Options are :

  • It obtains an overview of business assets.
  • It provides a visual picture of where critical business assets are located.
  • It enables automatic identification and prioritization of security threats that impact business-critical applications.
  • It makes it possible to change collectors' configurations to meet business assets needs.

Answer : It provides a visual picture of where critical business assets are located.

250-400 Administration of Altiris Client Management Suite Set 3

Symantec Security Information Manager's rule system considers events to be _____ objects, while conclusions are products of the rule system.


Options are :

  • dispositional
  • elemental
  • exponential
  • complex

Answer : elemental

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 12

Which is a viable Symantec Security Information Manager purge parameter?


Options are :

  • Check status of database schema
  • Purge correlation activities
  • Control regularly scheduled database maintenance activities
  • Delete database

Answer : Control regularly scheduled database maintenance activities

When multiple incidents involving the same issue are merged, what does Information Manager do?


Options are :

  • saves the original incidents and creates a new incident
  • deletes the original incidents and creates a new incident
  • reports the original incidents to the SANS Internet Storm Center, closes the incidents and creates a new incident
  • closes the original incidents and creates a new incident

Answer : closes the original incidents and creates a new incident

Which type of database backup is performed during the Symantec Security Information Manager installation?


Options are :

  • an incremental, offline backup
  • a full, offline backup
  • an incremental, online backup
  • a full, online backup

Answer : a full, offline backup

ST0-247 Symantec Cluster Server 6.1 for UNIX Certifate Exam Set 2

What information is reported by the Nessus scanner when it scans a range of network addresses?


Options are :

  • all devices found on the networks scanned
  • the SANS risk level of each discovered device
  • patch levels installed on discovered devices
  • ulnerabilities of discovered network devices

Answer : all devices found on the networks scanned ulnerabilities of discovered network devices

How does Symantec Security Information Manager allow the user to modify the tables in the event data archive?


Options are :

  • add, delete, and modify pre-existing columns
  • add, delete, and reorganize predetermined rows
  • add, delete, and reorganize predetermined columns
  • add, delete, and rename predetermined columns

Answer : add, delete, and reorganize predetermined columns

When should a Symantec Security Information Manager database be restored?


Options are :

  • when false-positive data is confirmed to exist in the database
  • when there is a hardware failure
  • when the data has reached its lifetime expectancy
  • when the database has been compromised

Answer : when there is a hardware failure

ST0-10X Veritas Storage Foundation 5 for Unix Practice Test Set 5

Normalization provides a unique identifier for each type of event and _____.


Options are :

  • adds Correlation Manager-specific data to the translated event
  • maps events to a device-specific signature
  • adds Correlation Manager-specific data to the translated incident
  • maps incidents to a device-specific signature

Answer : adds Correlation Manager-specific data to the translated event

Which option in the Rules Monitors list allows for follow-up actions that are required to resolve the incident?


Options are :

  • Properties
  • History
  • Monitors list
  • Actions

Answer : Actions

Which three are valid file archive suffixes?


Options are :

  • .csv
  • .ndx
  • .sar
  • .vdx
  • .xml

Answer : .ndx .sar .vdx

250-352 Administration of Storage Foundation Practice Exam Set 9

What information does the Correlation Manager use to identify and prioritize incidents?


Options are :

  • assets
  • event history
  • DeepSight
  • incident

Answer : assets

For which three does Symantec Security Information Manager automatically create values when you manually create a new incident?


Options are :

  • Event ID number
  • Incident ID number
  • Rule Name
  • Incident Creator
  • Event Creator

Answer : Incident ID number Rule Name Incident Creator

Which Symantec Security Information Manager Console allows you to set up and configure DAS devices?


Options are :

  • Simuser CLI menu
  • Information Manager Web Configuration Interface
  • Configuration must only be performed from the DAS device.
  • Information Manager DAS Storage Configuration Interface

Answer : Information Manager Web Configuration Interface

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 3

The integrated Global Security Intelligence updates from Symantec and third-party products include _____ that are mapped to vulnerability, exposure, malicious code, and safeguard mitigation strategies.


Options are :

  • normalized event signatures
  • correlated incident activities
  • correlated event activities
  • relationships between events

Answer : normalized event signatures

When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. Depending on the configuration and the components installed on the SSIM, how can the inserted events be processed?


Options are :

  • send the events to SSIM internal compiler
  • isolate events
  • correlate events
  • filter events

Answer : correlate events

Which two sections are found on the Status pane located on the Statistics page?


Options are :

  • Rule Congurency
  • Correlation Event Status
  • Router Connectivity Status
  • Job Status
  • Database Health Monitor

Answer : Job Status Database Health Monitor

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 2

The Correlation Manager component of Symantec Security Information Manager performs automated real-time event ______.


Options are :

  • correlation, agitation, filtering, and incident management
  • correlation, asset table analysis, event creation, and user input
  • correlation, aggregation, filtering, and incident creation
  • correlation, aggregation, asset table analysis, filtering, event and incident creation

Answer : correlation, aggregation, filtering, and incident creation

What is the correct Symantec Security Information Manager incident identification pipeline?


Options are :

  • collection --> normalization -- > rule processing -- > attack tracing -- > correlation to vulnerabilities --> incident prioritization
  • normalization -- > collection -- > rule processing -- > attack tracing -- > correlation to vulnerabilities --> incident prioritization
  • attack tracing -- > rule processing -- > normalization --> collection -- > correlation to vulnerabilities --> incident prioritization
  • rule processing --> normalization --> collection -- > attack tracing -- > correlation to vulnerabilities --> incident prioritization

Answer : collection --> normalization -- > rule processing -- > attack tracing -- > correlation to vulnerabilities --> incident prioritization

Which RAID level is supported in a DAS configuration?


Options are :

  • RAID 1
  • RAID 10
  • RAID 5
  • RAID 7

Answer : RAID 5

ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 6

On the Symantec Security Information Manager Conditions tab, which two conditions need to be met for a rule to be triggered?


Options are :

  • Incident Type
  • Applicable Licenses
  • Event Criteria
  • Device Effected
  • Rule Type

Answer : Event Criteria Rule Type

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions