ST0-085 Symantec Security Information Manager Practice Exam Set 6

Which statement is true about re-installing the Symantec Security Information Manager appliance?


Options are :

  • The database is off-storage, so re-installing software has no effect.
  • Prior to installation, all database information must be saved to the DeepSight Global Data Repository.
  • During installation, the Repair Software option must be selected to retain data on the appliance.
  • Re-installing the software deletes all data that is stored on the appliance.

Answer : Re-installing the software deletes all data that is stored on the appliance.

Which Correlation Rule type does the Correlation Manager use?


Options are :

  • Assets Tables (matches a field in the asset table)
  • Multiple Event Rules (looks for a pattern of events)
  • Contiguous Event Rules (looks for a pattern of events)
  • Aggregation Processing (triggers on aggregorious behavior)

Answer : Multiple Event Rules (looks for a pattern of events)

Where is information about the health and performance of the Symantec Security Information Manager appliance found?


Options are :

  • System tab
  • Service tab
  • Maintenance tab
  • Statistics tab

Answer : Statistics tab

ST0-91W ST0-91W Symantec NetBackup 7.0 For Windows Exam Set 11

What is the purpose of normalization?


Options are :

  • to correlate events across multiple devices for the Correlation Manager to compare all events equally
  • to standardize events across multiple devices for the Correlation Manager to compare all events equally
  • to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
  • to process the events across multiple devices for the Correlation Manager to strategize the events more quickly

Answer : to standardize events across multiple devices for the Correlation Manager to compare all events equally

If a filtering rule is matched, the event is discarded from what component?


Options are :

  • collector
  • aggregation
  • agent
  • correlation

Answer : correlation

When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. &,*È ¸ß¼¶Ìæ»»½áÊøDepending on the configuration and the components installed on the SSIM, how can the inserted events be processed?


Options are :

  • correlate events
  • send the events to SSIM internal compiler
  • isolate events
  • filter events

Answer : correlate events

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

What information does the Correlation Manager use to identify and prioritize incidents?


Options are :

  • incident
  • assets
  • DeepSight
  • event history

Answer : assets

Which is commonly used to view archived events?


Options are :

  • Event Viewer API
  • Incident Management Console tab
  • Information Manager Event Viewer
  • Archive Management Console tab

Answer : Information Manager Event Viewer

When multiple incidents involving the same issue are merged, what does Information Manager do?


Options are :

  • closes the original incidents and creates a new incident
  • reports the original incidents to the SANS Internet Storm Center, closes the incidents and creates a new incident
  • saves the original incidents and creates a new incident
  • deletes the original incidents and creates a new incident

Answer : closes the original incidents and creates a new incident

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 5

Which task does Symantec Security Information Manager perform relating to Incident Management?


Options are :

  • Performs remediation on the attack
  • Projects and documents future attacks
  • Creates a vulnerability category.
  • Assigns incidents to a team member.
  • Reports incidents to the SANS Internet Storm Center.

Answer : Assigns incidents to a team member.

Which option allows events to be ignored by the Correlation Rules and no longer be processed?


Options are :

  • Criteria
  • Event Filters
  • Bypass Rules
  • Conditions

Answer : Event Filters

Which tab on the Symantec Security Information Manager statistics page displays the appliance's memory and CPU utilization, the database statistics, and the status of any database jobs?


Options are :

  • System Status
  • Maintenance Schedule
  • Event Service
  • Service Status

Answer : System Status

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 1

Which two user actions can be executed by the Information Manager Event Viewer by default? (Select two.)


Options are :

  • Finger
  • whois
  • ping
  • nslookup
  • touch

Answer : Finger ping

How can you determine which ports are potentially vulnerable on a given host in the Assets Table?


Options are :

  • by running the Host Information report on the asset
  • by looking at the Services tab on the asset
  • by viewing the Details tab for the asset
  • by running the NetScan user action on the asset

Answer : by looking at the Services tab on the asset

Where can an event be found after it is filtered out during correlation?


Options are :

  • Event Logger
  • Incident History
  • Incident Repository
  • Event Archive

Answer : Event Archive

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

What information is reported by the Nessus scanner when it scans a range of network addresses?


Options are :

  • the SANS risk level of each discovered device
  • patch levels installed on discovered devices
  • vulnerabilities of discovered network devices
  • configuration data of discovered devices

Answer : vulnerabilities of discovered network devices

When are the effective privileges of the SES Administrator role and Domain Administrator role equivalent?


Options are :

  • when the administrator is assigned the SES Administrator role
  • when there is only one domain in the system
  • when the system is newly installed and a domain has not yet been created
  • when the Domain Administrator role is given permission to create users and roles

Answer : when there is only one domain in the system

What type of data that comes from DeepSight is mapped to vulnerability, exposure, malicious code, and safeguard mitigation strategies?


Options are :

  • normalized event signatures
  • correlated incident activities
  • relationships between events
  • correlated event activities

Answer : normalized event signatures

250-352 Administration of Storage Foundation Practice Exam Set 4

What does the Correlation Engine do once custom rules are properly defined?


Options are :

  • Analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incident.
  • Correlates events against the rule criteria, analyzes conclusions and creates impending incidents.
  • Applies individual rules to events, analyzes conclusions and correlates events into incidents.
  • Analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents.

Answer : Correlates events against the rule criteria, analyzes conclusions and creates impending incidents.

How many days of data is stored in the archives before it is purged?


Options are :

  • 10
  • 30
  • 60
  • unlimited

Answer : unlimited

Which statement is true about rules in a Symantec Security Information Manager solution?


Options are :

  • The Rules tab can be used on the console to automatically identify available ports on an asset.
  • The Rules Editor can create policies on each asset to determine what rules are executed when an event occurs.
  • Rules can be created that escalate events to incidents, based on policies defined on each asset.
  • Rules can be configured on each asset that will launch a vulnerability scan when a specific type of event occurs.

Answer : Rules can be created that escalate events to incidents, based on policies defined on each asset.

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 5

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 1

What does the Secure Sockets Layer (SSL) protocol use?


Options are :

  • Transport Layer Protection, Session-based communication and Agents to appliance
  • Transport Secure Layer, Session-based communication and Trusted Certificates
  • SSH File Transfer Protocol, Session-based communication and Trusted Certificates
  • Transport Layer Protection, Session-based communication and Trusted Certificates

Answer : Transport Layer Protection, Session-based communication and Trusted Certificates

Which three should be assessed to properly size a deployment?


Options are :

  • host operating system
  • perimeter firewall
  • desktop antivirus
  • desktop applications
  • network IDS

Answer : perimeter firewall desktop antivirus network IDS

In Symantec Security Information Manager, collectors send events to _____.


Options are :

  • Event Logger
  • Event Disposition
  • Event Reporting
  • Event Archive

Answer : Event Logger

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

Did you participate in formal Symantec training for this exam? If so, please select the type of training that you completed. (Select all that apply.)


Options are :

  • Distributor or reseller-hosted webcast
  • Other
  • Symantec-hosted webcast
  • Instructor-led classroom
  • Virtual instructor-led classroom
  • eLearning / web-based training

Answer : Other

Which Symantec Security Information Manager component retrieves security content from Symantec?


Options are :

  • Licensed DeepSight Integration Module
  • LiveUpdate
  • Security content retrieval is automatic.
  • LiveUpdate and licensed DeepSight Integration Module simultaneously

Answer : Licensed DeepSight Integration Module

On the Information Manager's Console, you can select the _____ tab to determine who is working on a problem.


Options are :

  • Incidents
  • Reports
  • Events
  • Tickets

Answer : Tickets

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 7

Which LDAP port is used by the security directory?


Options are :

  • Port 22
  • Port 443
  • Port 389
  • Port 636

Answer : Port 636

The Symantec Security Information Manager (SSIM) _____ runs on Symantec products that send events to the SSIM server component.


Options are :

  • on-box collector
  • off-box collector
  • collector
  • agent

Answer : agent

What are the specified minimum hardware requirements for installing and running the Symantec Security Information Manager Console?


Options are :

  • 1 GB RAM and 1 GB disk space
  • 1 GB RAM and 512 MB disk space
  • 512 MB RAM and 103 MB disk space
  • 512 MB RAM and 1 GB disk space

Answer : 512 MB RAM and 103 MB disk space

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 11

What can the Correlation Manager identify in network based events?


Options are :

  • worms that penetrate UNIX-only operating systems
  • viruses that permeate SNMP and SMTP traffic
  • OS failed user login attempts
  • attacks based on firewall patterns

Answer : attacks based on firewall patterns

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 4

What is the unique identifier that normalization provides for each type of event?


Options are :

  • adds Correlation Manager-specific data to the translated event
  • adds Correlation Manager-specific data to the translated incident
  • maps events to a device-specific signature
  • maps incidents to a device-specific signature

Answer : adds Correlation Manager-specific data to the translated event

Which two ratings does the Information Manager Assets Table use to quantify the importance of the device and help determine how to escalate security incidents related to that device? (Select two.)


Options are :

  • Severity
  • Priority
  • Confidentiality
  • Integrity
  • Criticality

Answer : Confidentiality Integrity

From the Information Manager Console, which procedure allows a Symantec Security Information Manager (SSIM) to forward events to another SSIM appliance?


Options are :

  • System tab -- > Maintenance tab --> create new Forward event --> input IP address of remoteappliance --> define Incident Criteria
  • System tab -- > Appliance Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria
  • System tab -- > Event Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria
  • Appliance Configuration tab -- > Event Configuration tab --> create new Forward event --> input IP address of remote appliance -- > define Incident Criteria

Answer : System tab -- > Appliance Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria

250-371 Administration Symantec NetBackup 7.5 for Windows Set 2

Which two search templates are pre-defined by Information Manager? (Select two.)


Options are :

  • IDS Activity
  • Firewall Activity
  • Host Activity
  • Internal Activity
  • Port Activity

Answer : Host Activity Port Activity

What does a conclusion that is untrackable to an existing incident become?


Options are :

  • an occurring incident
  • a new event
  • a new incident
  • an occurring event

Answer : an occurring incident

Which option in the Rules Monitors list allows for follow-up actions that are required to resolve the incident?


Options are :

  • Monitors list
  • History
  • Actions
  • Properties

Answer : Actions

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 4

For which two does Symantec Security Information Manager automatically create values when you manually create a new incident? (Select two.)


Options are :

  • Event Creator
  • Rule Name
  • Incident Creator
  • Help desk ticket
  • Event ID number

Answer : Rule Name Incident Creator

Which type of database backup is performed during the Symantec Security Information Manager installation?


Options are :

  • a full, offline backup
  • an incremental, offline backup
  • a full, online backup
  • an incremental, online backup

Answer : a full, offline backup

What is the correct Symantec Security Information Manager incident identification pipeline?


Options are :

  • rule processing --> normalization --> collection --> attack tracing --> correlation to vulnerabilities --> incident prioritization
  • normalization --> collection --> rule processing --> attack tracing --> correlation to vulnerabilities --> incident prioritization
  • attack tracing --> rule processing --> normalization --> collection --> correlation to vulnerabilities --> incident prioritization
  • collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities--> incident prioritization

Answer : collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities--> incident prioritization

ST0-095 ST0-095 Symantec Technical Foundations Security Exam Set 2

Which section can be found on the Status pane located on the Statistics page?


Options are :

  • Router Connectivity Status
  • Correlation Event Status
  • Agent Status
  • Rule Congruency
  • Database Health Monitor

Answer : Database Health Monitor

Which role is able to modify permissions within the Symantec Security Information Manager solution?


Options are :

  • Domain Administrator
  • DB2 Administrator
  • System Administrator
  • Root Administrator

Answer : Domain Administrator

Which service provides Symantec Security Information Manager with updated intelligence about threats?


Options are :

  • Symantec Endpoint Protection
  • Symantec Security Information Manager
  • Symantec Enterprise Security Manager
  • DeepSight Global Intelligence Network

Answer : DeepSight Global Intelligence Network

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 5

What is the common way in which new entries can be added to the Assets Table of a Symantec Security Information Manager solution?


Options are :

  • importing from a rule that is monitoring traffic on the network
  • automatic population through a supported vulnerability scanner
  • through the Lookup Tables pane of the Information Manager Console
  • importing from HP OpenView through the OpenView Integration feature

Answer : automatic population through a supported vulnerability scanner

Which source is used by Symantec Security Information Manager to create incidents?


Options are :

  • Correlation Rules
  • analyst input
  • Assets Table
  • SANS Internet Storm Center

Answer : Correlation Rules

When querying archived event data, how can you make a query available to other users of the system?


Options are :

  • Save it in Public Templates.
  • Grant Read Query permission to the domain.
  • Save it in Published Queries.
  • Check the Shared option on the saved query.

Answer : Check the Shared option on the saved query.

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 5

When configuring the Event Archive settings of an Information Manager appliance, which two options can be configured? (Select two.)


Options are :

  • Free disk space
  • Auxiliary Storage Device
  • Purge Start Time
  • Max Archive Quota
  • Purge certain events

Answer : Free disk space Max Archive Quota

What are two ways the Assets Table can reduce the reporting of false positive security incidents using built-in functionality? (Select two.)


Options are :

  • uses a supported vulnerability scanner to help prioritize incidents
  • schedules daily updates of vulnerability information from Symantec's LiveUpdate service
  • populates the Policies tab with policies that apply to each asset
  • assigns proper CIA values to each asset in the table
  • configures normalization of event data captured by the collectors

Answer : uses a supported vulnerability scanner to help prioritize incidents populates the Policies tab with policies that apply to each asset

What does the Correlation Manager component of Symantec Security Information Manager perform in real-time?


Options are :

  • correlation, agitation, filtering, and incident management
  • correlation, aggregation, filtering, and incident creation
  • correlation, asset table analysis, event creation, and user input
  • correlation, aggregation, asset table analysis, filtering, event and incident creation

Answer : correlation, aggregation, filtering, and incident creation

ST0-10X Veritas Storage Foundation 5 for Unix Practice Exam Set 6

Which condition needs to be met for a rule to be triggered on the Symantec Security Information Manager Conditions tab?


Options are :

  • Incident Type
  • Applicable Licenses
  • Asset to be vulnerable
  • Device Effected
  • Event Criteria

Answer : Event Criteria

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions