ST0-085 Symantec Security Information Manager Practice Exam Set 3

If a false positive is confirmed, the event is discarded from _____ in Symantec Security Information Manager.


Options are :

  • infiltration
  • correlation
  • aggregation
  • disposition

Answer : correlation

Symantec Security Information Manager performs which two tasks related to Incident Management?


Options are :

  • creates a helpdesk ticket
  • creates a vulnerability category
  • projects and documents future attacks
  • assigns incidents to a team member
  • reports incidents to the SANS Internet Storm Center

Answer : creates a helpdesk ticket assigns incidents to a team member

ST0-135 Symantec Network Access Control 12 Technical Exam Set 7

The Correlation Manager filters false positive events from networks and also identifies _____.


Options are :

  • failed user login attempts
  • viruses that permeate SNMP and SMTP traffic
  • worms that penetrate UNIX-only operating systems
  • attacks based on firewall patterns

Answer : attacks based on firewall patterns

If a conclusion does not track to an existing incident it will become a (n) ______.


Options are :

  • new incident
  • occurring event
  • occurring incident
  • new event

Answer : new event

Which types of rules does Symantec Security Information Manager use?


Options are :

  • Priority and Severity
  • Composition and Disposition
  • Filtering and Correlation
  • Manual and Automated

Answer : Filtering and Correlation

ST0-135 Symantec Network Access Controls Technical Exam Set 2

How can you populate the list of assets in the Correlation Manager?


Options are :

  • manually add asset entries in the Identities page
  • create assets by importing data from archived database information
  • create assets based upon computers in the Incident pane on the Incident page
  • create assets based upon computers in the Source View or Target View of the Assets page

Answer : create assets based upon computers in the Source View or Target View of the Assets page

Which tab on the Symantec Security Information Manager statistics page displays the appliance's memory and CPU utilization, the database statistics, and the status of any database jobs?


Options are :

  • Service Status
  • System Status
  • Event Service
  • Maintenance Schedule

Answer : System Status

Security data is continuously gathered from thousands of security sensors worldwide through the integrated _____.


Options are :

  • Symantec Security Information Manager
  • Symantec Sygate Solution
  • Symantec Enterprise Security Manager
  • DeepSight Global Intelligence Network

Answer : DeepSight Global Intelligence Network

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 1

Which option allows events to be ignored by the Correlation Rules and be no longer processed?


Options are :

  • Event Filters
  • Criteria
  • Bypass Rules
  • Conditions

Answer : Event Filters

Which two sources are used by Symantec Security Information Manager to create incidents?


Options are :

  • SANS Internet Storm Center
  • Assets Table
  • analyst input
  • Correlation Rules

Answer : Correlation Rules

Once custom rules are properly defined, the Correlation Engine _____.


Options are :

  • analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incident
  • correlates events against the rule criteria, analyzes conclusions and creates impending incidents
  • applies individual rules to events, analyzes conclusions and correlates events into incidents
  • analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents

Answer : analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents

250-270 Administration of Symantec NetBackup 7.0 Unix Test Set 2

Which is a Symantec Security Information Manager system monitoring and maintenance task?


Options are :

  • test and verify UPS reliability
  • set Watchlist on Database Access Monitor
  • monitor LDAP Connection Health Monitor
  • monitor CPU, memory usage and database space

Answer : monitor CPU, memory usage and database space

Which Correlation Rule types does the Correlation Manager use?


Options are :

  • Aggregation Processing (triggers on aggregorious behavior)
  • Assets Tables (matches a field in the asset table)
  • Contiguous Event Rules (looks for a pattern of events)
  • Multiple Event Rules (looks for a pattern of events)

Answer : Multiple Event Rules (looks for a pattern of events)

From the Information Manager Console, which procedure allows a Symantec Security Information Manager (SSIM) to forward events to another SSIM appliance?


Options are :

  • System tab --> Maintenance tab --> create new Forward event --> input IP address of remote appliance --> define Incident Criteria
  • System tab --> Event Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria
  • System tab --> Appliance Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria
  • Appliance Configuration tab --> Event Configuration tab --> create new Forward event -- > input IP address of remote appliance --> define Incident Criteria

Answer : System tab --> Appliance Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria

250-371 Administration Symantec NetBackup 7.5 Windows Exam Set 1

Where is information about the health and performance of the Symantec Security Information Manager appliance found?


Options are :

  • Statistics tab
  • System tab
  • Service tab
  • Maintenance tab

Answer : Statistics tab

Which ODBC relational database does the Symantec Security Information Manager appliance use to store event and incident data?


Options are :

  • IBM DB2
  • MySQL
  • Oracle
  • MSSQL

Answer : IBM DB2

What is the purpose of normalization?


Options are :

  • to standardize events across multiple devices for the Correlation Manager to compare all events equally
  • to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
  • to correlate events across multiple devices for the Correlation Manager to compare all events equally
  • to process the events across multiple devices for the Correlation Manager to strategize the events more quickly

Answer : to standardize events across multiple devices for the Correlation Manager to compare all events equally

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 6

Which statement is true about re-installing the Symantec Security Information Manager appliance?


Options are :

  • The database is off-storage, so re-installing software has no effect.
  • Prior to installation, all database information must be saved to the DeepSight Global Data Repository.
  • During installation, the Repair Software option must be selected to retain data on the appliance.
  • Re-installing the software deletes all data that are stored on the appliance.

Answer : Re-installing the software deletes all data that are stored on the appliance.

Events that are filtered out remain stored in the ______.


Options are :

  • Incident History
  • Event Logger
  • Incident Repository
  • Event Archive

Answer : Incident History

Once data is archived and removed from Symantec Security Information Manager, what allows you to access that data?


Options are :

  • Archive Log Viewer
  • Incident Archive Viewer
  • Correlated Event Viewer
  • Event Archive Viewer

Answer : Event Archive Viewer

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 6

You are installing the Symantec Security Information Manager Agent on a Windows platform. %&,* Which directory contains a log file indicating that the installation was successful?


Options are :

  • c:\Program Files\Symantec\sesa\agent\log
  • c:\Symantec\agent\log
  • c:\Program Files\Symantec\log
  • c:\Symantec\log

Answer : c:\Program Files\Symantec\sesa\agent\log

ST0-10X Veritas Storage Foundation 5 for Unix Practice Test Set 5

You manage the Symantec Security Information Manager system for your company. A newly installed server is performing very slowly on the network. You suspect a problem with the Ethernet duplex negotiation on the new server. %&,* Which console command should you use to see the duplex status on the server?


Options are :

  • ethtool
  • netstat
  • traceroute
  • ifconfig

Answer : ethtool

Which two roles are able to modify permissions within the Symantec Security Information Manager solution?


Options are :

  • Domain Administrator
  • SES Administrator
  • System Administrator
  • Root Administrator

Answer : Domain Administrator SES Administrator

You manage the Symantec Security Information Manager (SSIM) solution for your company. Your company has recently installed a Juniper NetScreen firewall.%&,* Which two actions must be taken on the firewall to allow the SSIM appliance to process firewall events?


Options are :

  • enable syslog messaging
  • turn on the Include Traffic Log option
  • define at least one event filtering rule
  • enable the Event Sensor

Answer : enable syslog messaging turn on the Include Traffic Log option

ST0-085 Symantec Security Information Manage Technical Exam Set 4

Which two default administrative user accounts are created during the installation of Symantec Security Information Manager?


Options are :

  • SES Administrator
  • Local Administrator
  • Root Administrator
  • System Administrator
  • Domain Administrator

Answer : SES Administrator Domain Administrator

When troubleshooting the installation of Symantec Security Information Manager, which console command would you use to determine the "status" of the HTTP server?


Options are :

  • sesa_chk http
  • status
  • eventservice
  • java -jar SesaInfo.jar

Answer : status

Where do you configure LiveUpdate for Symantec Security Information Manager (SSIM)?


Options are :

  • from a command prompt
  • SSIM Start Page --> Configure Appliance --> LiveUpdate tab
  • SSIM Client --> Maintenance tab --> LiveUpdate tab
  • SSIM Console --> Systems tab --> LiveUpdate tab

Answer : SSIM Start Page --> Configure Appliance --> LiveUpdate tab

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 9

You manage the Symantec Security Information Manager(SSIM) solution for your company. You need to configure the Cisco PIX collector to process events from a Cisco PIX firewall.%&,* What must you do on the PIX firewall to accomplish this?


Options are :

  • enable the Log Export API
  • open port 514 on the firewall for access from the SSIM appliance
  • configure it to send syslog messages to the SSIM appliance
  • configure SSL communication from the firewall to the SSIM appliance

Answer : configure it to send syslog messages to the SSIM appliance

Domains are organized into hierarchically organized groups of computers called _____.


Options are :

  • Domain Local Groups
  • Organizational Units
  • Global Groups
  • Organizational Roles

Answer : Organizational Units

Which component of a Symantec Event Collector reads event data from a specific security product?


Options are :

  • Filter
  • Sensor
  • Translator
  • Data Parser

Answer : Sensor

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 9

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions