ST0-085 Symantec Security Information Manager Technical Exam Set 2

Which option displays a list Rules of Procedure allows for follow-up actions needed to solve the case?


Options are :

  • None
  • features
  • functions
  • displays a list
  • History

Answer : functions

With information on the health and performance of Symantec Security Information Manager Hardware Found?


Options are :

  • None
  • Service Tab
  • System Tab
  • Maintenance tab,
  • Statistics tab

Answer : Statistics tab

ST0-085 Symantec Security Information Manager 4.7 Technical Set 3

From the Information Manager console, a procedure which allows the Symantec Security Information Manager (SSIM) to forward events to another SSIM device?


Options are :

  • System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria
  • Device Configuration tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> Criteria to determine Incident
  • System tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria
  • System tab -> Maintenance tab -> new event Forward -> input the IP address of the remote appliance -> Criteria to determine Incident
  • None

Answer : System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria

What are the two sources are used Symantec Security Information Manager to create dangerous situations?


Options are :

  • Table claims
  • analyst input
  • correlation Policy
  • SANS Internet Storm Center
  • None

Answer : correlation Policy

That the two parts can be found in the status box is located on page?


Options are :

  • The correlation program status
  • Database Health Monitor
  • Router Connectivity Status
  • The rule Congurency
  • Work

Answer : Database Health Monitor Work

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 7

Symantec Security Information Manager performs two tasks associated with Incident Management?


Options are :

  • creates vulnerability class
  • The reported events SANS Internet Storm Center
  • creates a helpdesk ticket
  • projects and documents from future attacks
  • specify a member of the team incidents

Answer : creates a helpdesk ticket specify a member of the team incidents

Which is the Symantec Security Information Manager system monitoring and maintenance work?


Options are :

  • test and verify the reliability of the UPS
  • LDAP Connection Monitor Health Monitor
  • None
  • to monitor CPU, memory usage and status database
  • set Watch List Database Access Monitor

Answer : to monitor CPU, memory usage and status database

If the conclusion does not follow from the existing case it becomes a (n) ______.


Options are :

  • new event
  • new event
  • occurring case
  • None
  • occurring event

Answer : new event

ST0-237 Symantec Loss Prevention Technical Practice Exam Set 9

In any ODBC relational database does Symantec Security Information Manager using the device record transaction and event details?


Options are :

  • IBM DB2
  • Oracle
  • None
  • MySQL
  • MSSQL

Answer : IBM DB2

Safety Data collected thousands of constantly Security sensors globally integrated _____.


Options are :

  • Symantec Sygate Solution
  • DeepSight Global Intelligence Network
  • Symantec Enterprise Security Manager
  • None
  • Symantec Security Information Manager

Answer : DeepSight Global Intelligence Network

How to populate a list of the correlation property manager?


Options are :

  • to create resources by importing data archived database information
  • Create assets based computers Incident Incident box on page
  • manually add annotations to assets Identities page
  • None
  • Create assets based computers Source View or target view of the assets of the page

Answer : Create assets based computers Source View or target view of the assets of the page

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 3

Symantec Security Information Manager Conditions tab that two conditions must be met in order to launch rule?


Options are :

  • event criteria
  • access rights
  • event type
  • the device performs
  • the rule type

Answer : event criteria the rule type

What is the correct Symantec Security Information Manager incident identification of the tube?


Options are :

  • None
  • tracing the attack -> Rule Processing -> normalization -> Collection -> correlation vulnerabilities -> case prioritization
  • Rule Processing -> normalization -> Collection -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • Normalization -> Collection -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization

Answer : collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization

Mille three non Symantec Security Information Manager to automatically generate values ??when manually create a new event?


Options are :

  • name of the rule
  • Case ID Number
  • By case
  • Event ID number
  • event Creator

Answer : name of the rule Case ID Number By case

ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 5

Whichever option allows events to mediate the correlation rules and to no longer be handled?


Options are :

  • Criterion
  • event Filters
  • conditions
  • override Policy
  • None

Answer : event Filters

When the modified rules are properly defined, the correlation engine _____.


Options are :

  • analyze the events against the rule conditions, creates the conclusions and the conclusions of the correlated events
  • analyze the events against the rule conditions, correlate current findings and creating an intimidating incident
  • None
  • the rules relating to individual events, the conclusions of the analyzes and correlates events into events
  • correlate events against the rule conditions, analyze the conclusions and create impending events

Answer : analyze the events against the rule conditions, creates the conclusions and the conclusions of the correlated events

Three of which are valid archive file suffixes?


Options are :

  • xml
  • .sar
  • .csv
  • .ndx
  • .vdx

Answer : .sar .ndx .vdx

ST0-085 Symantec Security Information Manager Technical Exam Set 4

When the number of cases where the same issue is combined with what information manager do?


Options are :

  • The reported events in the original SANS Internet Storm Center, will close the events and create a new event
  • delete the original events and create a new event
  • None
  • save the original events and createion Processing (triggers is aggregorious behavior)
  • Successive Event Rules (looking for a set of events)
  • None

Answer : Multiple Event Rules (looking for a set of events)

Every tab on the Symantec Security Information Manager statistics page displays the device's memory and CPU usage, database statistics, and status of any database jobs?


Options are :

  • maintenance Schedule
  • service status
  • event service
  • None
  • system status

Answer : system status

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 4

What information is reported by the Nessus scanner when it scans a number of network addresses?


Options are :

  • ulnerabilities of discovered network devices
  • SANS risk level for each detected device
  • All equipment can be found in a scanned networks
  • patch levels are installed in devices found

Answer : ulnerabilities of discovered network devices All equipment can be found in a scanned networks

How Symantec Security Information Manager gives the user the ability to customize the tables in the event data archive?


Options are :

  • add, remove, and rearrange predetermined lines
  • add, delete and modify pre-existing columns
  • None
  • add, delete, and rename predefined columns
  • add, remove, and reorder the columns in advance

Answer : add, remove, and reorder the columns in advance

What type of database backup is performed during the Symantec Security Information Manager installation?


Options are :

  • increases, offline backup
  • a complete, online backup
  • incremental, online backup
  • None
  • a full, offline backup

Answer : a full, offline backup

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 2

What information does the correlation Manager uses to identify and prioritize events?


Options are :

  • DeepSight
  • assets
  • case
  • event history
  • None

Answer : assets

Normalization provides a unique identifier for each event and _____.


Options are :

  • more Correlation Manager-specific data is translated to happen
  • maps of events in the device-specific signature
  • None
  • maps of events in the device-specific signature
  • more Correlation Manager-specific data is translated into the incident

Answer : more Correlation Manager-specific data is translated to happen

Which of them is true about re-installing Symantec Security Information Manager appliance?


Options are :

  • Prior to installation, all data is stored in the database DeepSight Global Data Repository.
  • The database has been off-state, so the re-installation of the software will have no effect.
  • Re-installing the software erase all the data stored on the device.
  • None
  • During the installation, repair software option must be selected to maintain the information on the device.

Answer : Re-installing the software erase all the data stored on the device.

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

Which Symantec Security Information Manager console allows you to set up and configure the DAS devices?


Options are :

  • Information Manager DAS Storage Configuration Interface
  • The assembly must only be performed from the DAS device.
  • Information Manager Web Configuration Interface
  • None
  • Simuser CLI menu

Answer : Information Manager Web Configuration Interface

If a false positive is confirmed, the transaction is rejected _____ Symantec Security Information Manager.


Options are :

  • penetration
  • correlation
  • None
  • aggregate
  • disposition

Answer : correlation

Symantec Security Information Manager system of rules to keep events have _____ objects, while the conclusions are products of the system of rules.


Options are :

  • complex
  • None
  • dispositional
  • explosive
  • elemental

Answer : elemental

250-371 Administration Symantec NetBackup 7.5 Windows Exam Set 4

What type of database backup is performed during the Symantec Security Information Manager installation?


Options are :

  • a complete, online backup
  • None
  • incremental, online backup
  • a full, offline backup
  • increases, offline backup

Answer : a full, offline backup

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 11

In what condition must be met in order to rule the launch of the Symantec Security Information Manager Conditions tab?


Options are :

  • event criteria
  • event type
  • Asset vulnerable
  • the device performs
  • access rights

Answer : event criteria

What is the correlation manage part of Symantec Security Information Manager to perform real-time?


Options are :

  • correlation, aggregation, property table analysis, filtering, event and incident creation
  • correlation, agitation, filtration, and case management
  • None
  • correlation, a property table of the analysis, the creation of the event, and the user inputs
  • correlation, aggregation, filtering, and case creation

Answer : correlation, aggregation, filtering, and case creation

When privileges are effective SES Administrator role and the role of the domain administrator in charge?


Options are :

  • when the domain administrator role is authorized to create users and roles
  • None
  • when the system has just been installed and the domain has not been created yet
  • when there is only one domain name system
  • After the administrator has configured the SES Administrator role

Answer : when there is only one domain name system

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 12

Two user actions can be performed Information Manager Event Viewer by default? (Choose two.)


Options are :

  • nslookup
  • ping
  • Finger
  • who is
  • contact, touch, feel

Answer : ping Finger

Whichever option allows events to mediate the correlation rules, and no longer to deal with?


Options are :

  • event Filters
  • Criterion
  • conditions
  • None
  • override Policy

Answer : event Filters

If the filtering rule matched, the transaction is rejected from the component?


Options are :

  • correlation
  • None
  • agent
  • aggregate
  • collector

Answer : correlation

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 4

How many days are stored in the archive before it is cleaned?


Options are :

  • unlimited
  • 30
  • 60
  • None
  • 10

Answer : unlimited

In any correlation rule type of correlation does not manage to use?


Options are :

  • Aggregation Processing (triggers is aggregorious behavior)
  • None
  • Assets tables (corresponding to table field asset)
  • Multiple Event Rules (looking for a set of events)
  • Successive Event Rules (looking for a set of events)

Answer : Multiple Event Rules (looking for a set of events)

Which two appraisal is Information Manager receivables Table used to quantitatively important device to help determine how to escalate security incidents associated with this device? (Choose two.)


Options are :

  • integrity
  • severity
  • priority
  • confidence
  • criticality

Answer : integrity confidence

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions