ST0-085 Symantec Security Information Manager Technical Exam Set 3

Which service offers the Symantec Security Information Manager with updated intelligence about threats?


Options are :

  • None
  • Symantec Security Information Manager
  • DeepSight Global Intelligence Network
  • Symantec Enterprise Security Manager
  • Symantec Endpoint Protection

Answer : DeepSight Global Intelligence Network

Which device is in use by Symantec Security Information Manager to create dangerous situations?


Options are :

  • SANS Internet Storm Center
  • Table claims
  • correlation Policy
  • None
  • analyst input

Answer : correlation Policy

What information is reported by the Nessus scanner when it scans a number of network addresses?


Options are :

  • SANS risk level for each detected device
  • the configuration of discovered devices
  • patch levels are installed in devices found
  • Vulnerabilities discovered network devices
  • None

Answer : Vulnerabilities discovered network devices

250-371 Administration Symantec NetBackup 7.5 Windows Exam Set 3

Which option displays a list Rules of Procedure allows for follow-up actions needed to solve the case?


Options are :

  • features
  • None
  • displays a list
  • functions
  • History

Answer : functions

Which two search patterns predefined information manager? (Choose two.)


Options are :

  • host Action
  • IDS Action
  • firewall Action
  • internal operation
  • port operations

Answer : host Action port operations

When the number of cases where the same issue is combined with what information manager do?


Options are :

  • delete the original events and create a new event
  • closes the original events and create a new event
  • None
  • save the original events and create a new event
  • The reported events in the original SANS Internet Storm Center, will close the events and create a new event

Answer : closes the original events and create a new event

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 2

From the Information Manager console, a procedure which allows the Symantec Security Information Manager (SSIM) to forward events to another SSIM device?


Options are :

  • System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria
  • Device Configuration tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> Criteria to determine Incident
  • System tab -> Maintenance tab -> new event Forward -> input the IP address of remoteappliance -> Criteria to determine Incident
  • None
  • System tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria

Answer : System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria

What are two ways to assets Table can reduce the false positive reporting of security breaches built-in functions? (Choose two.)


Options are :

  • use a supported vulnerability scanner to help prioritize incidents
  • Policies tab populates the policies that apply to each commodity,
  • to determine the normalization of event data captured by the collectors
  • CIA indicating appropriate values for each of the contents of the table
  • Daily schedules vulnerability information to Symantec's LiveUpdate service

Answer : use a supported vulnerability scanner to help prioritize incidents Policies tab populates the policies that apply to each commodity,

With information on the health and performance of Symantec Security Information Manager Hardware Found?


Options are :

  • System Tab
  • Statistics tab
  • Service Tab
  • Maintenance tab,
  • None

Answer : Statistics tab

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 9

What is the unique identifier, which allows the normalization of each event?


Options are :

  • None
  • more Correlation Manager-specific data is translated into the incident
  • maps of events in the device-specific signature
  • maps of events in the device-specific signature
  • more Correlation Manager-specific data is translated to happen

Answer : more Correlation Manager-specific data is translated to happen

What information does the correlation Manager uses to identify and prioritize events?


Options are :

  • DeepSight
  • assets
  • event history
  • case
  • None

Answer : assets

Every tab on the Symantec Security Information Manager statistics page displays the device's memory and CPU usage, database statistics, and status of any database jobs?


Options are :

  • system status
  • maintenance Schedule
  • event service
  • None
  • service status

Answer : system status

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 2

How can you determine which ports are potentially vulnerable to a specific host assets in the table?


Options are :

  • by running Host Communication on the asset
  • None
  • looking at the Services tab assets
  • by driving NetScan user actions commodity
  • viewing the Details tab of the asset

Answer : looking at the Services tab assets

What is the conclusion that is unrecognizable to an existing case come from?


Options are :

  • None
  • a malfunction occurs case
  • new event
  • new event
  • occurring event

Answer : a malfunction occurs case

Which of them is true about the rules Symantec Security Information Manager solution?


Options are :

  • Policy Editor to create a policy for each asset category to determine what the rules will run when an event occurs.
  • Rules tab can be used as the console automatically detects available for the benefit of the gates.
  • The rules can be determined for each asset, which will launch a vulnerability scan task when a specific type of event.
  • Rules can be created to escalate events to events that are based on policies defined for each asset.
  • None

Answer : Rules can be created to escalate events to events that are based on policies defined for each asset.

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 4

What sort of information that comes from Symantec DeepSight Vulnerability mapping, exposure, malicious code and secure a mitigation?


Options are :

  • None
  • correlated to the incident action
  • normalized event signatures
  • Relations between events
  • correlate events

Answer : normalized event signatures

Which is commonly used to view archived events?


Options are :

  • Information Manager Event Viewer
  • None
  • Archive Management Console Tab
  • Event Viewer API
  • Incident Management Console Tab

Answer : Information Manager Event Viewer

What is the purpose of normalization?


Options are :

  • None
  • to correlate events across multiple devices correlation Manager to compare all the events in one
  • In order to minimize the number of events that affect multiple devices correlation manage events more quickly strategize
  • process transactions with multiple devices correlation of strategies to manage events more quickly
  • standardize the correlation of events across multiple devices Manager to compare all the events in one

Answer : standardize the correlation of events across multiple devices Manager to compare all the events in one

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 4

What role will be able to edit within the Symantec Security Information Manager solution?


Options are :

  • the domain administrator
  • root Administrator
  • Administrator
  • None
  • DB2 Administrator

Answer : the domain administrator

When an event is received by Symantec Security Information Manager (SSIM), The event component in the archives of more events without any further processing. This is the default behavior. &, * ¸ß¼¶Ì | A ½áÊøDepending configuration and components installed SSIM how to add events to be handled?


Options are :

  • to send events to SSIM internal compiler
  • None
  • filter events
  • isolate events
  • correlate events

Answer : correlate events

When you consider the archived event data, how can you make a query to other users of the system?


Options are :

  • None
  • Check the Shared option for a saved query.
  • Save it Published queries.
  • Grant Read permission to query the domain.
  • Save it to Public models.

Answer : Check the Shared option for a saved query.

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 5

Where an event is found, when it has been filtered during the correlation?


Options are :

  • case History
  • None
  • event logger
  • Event Archive
  • event archive

Answer : Event Archive

Each section can be found in the Status pane is located on page?


Options are :

  • Database Health Monitor
  • agent status
  • Router Connectivity Status
  • The correlation program status
  • a uniform rule

Answer : Database Health Monitor

When configuring the archive Event Information Manager settings for a device with two options can be configured? (Choose two.)


Options are :

  • Max Archive quota
  • Cleans certain events
  • Auxiliary Storage Device
  • free disk space
  • Purge Start Time

Answer : Max Archive quota free disk space

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 2

What is the correct Symantec Security Information Manager incident identification of the tube?


Options are :

  • None
  • Normalization -> Collection -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • tracing the attack -> Rule Processing -> normalization -> Collection -> correlation vulnerabilities -> case prioritization
  • Rule Processing -> normalization -> Collection -> Tracing attack -> correlation vulnerabilities -> case prioritization

Answer : collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization

Two non Symantec Security Information Manager to automatically generate values ??when manually create a new event? (Choose two.)


Options are :

  • name of the rule
  • Event ID number
  • event Creator
  • By case
  • support service request

Answer : name of the rule By case

So what is the correlation Manager to identify the network based on events?


Options are :

  • worms that penetrate the UNIX operating systems only
  • viruses that pass SNMP and SMTP traffic
  • OS failed user logon attempts
  • attacks based on patterns firewall
  • None

Answer : attacks based on patterns firewall

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 1

What is the correlation engine to make the custom rules are properly defined?


Options are :

  • None
  • Analyzes events against the rule conditions, correlate current findings and create an impending event.
  • The rules relating to individual events, the conclusions of the analyzes and correlates events into events.
  • Correlate events against the rule conditions, analyze the conclusions and create impending events.
  • Analyzes events against the rule conditions, creates the conclusions and the conclusions of the correlated events.

Answer : Correlate events against the rule conditions, analyze the conclusions and create impending events.

What is the common way in which new entries can be added to assets Table Symantec Security Information Manager solution?


Options are :

  • None
  • through the lookup tables on the screen Information Manager Console
  • the import rule, which monitors network traffic
  • Automatic population supported vulnerability scanner
  • imports via the HP OpenView OpenView Integration feature

Answer : Automatic population supported vulnerability scanner

Every task is Symantec Security Information Manager performs related Event Management?


Options are :

  • Performs remediation attack
  • The reported events SANS Internet Storm Center.
  • Projects and documents from future attacks
  • Specifies a member of the team events.
  • Create a vulnerability class.

Answer : Specifies a member of the team events.

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 9

What role will be able to edit within the Symantec Security Information Manager solution?


Options are :

  • Administrator
  • DB2 Administrator
  • None
  • root Administrator
  • the domain administrator

Answer : the domain administrator

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 3

When privileges are effective SES Administrator role and the role of the domain administrator in charge?


Options are :

  • None
  • After the administrator has configured the SES Administrator role
  • when there is only one domain name system
  • when the domain administrator role is authorized to create users and roles
  • when the system has just been installed and the domain has not been created yet

Answer : when there is only one domain name system

Where an event is found, when it has been filtered during the correlation?


Options are :

  • None
  • Event Archive
  • event logger
  • case History
  • event archive

Answer : Event Archive

How many days are stored in the archive before it is cleaned?


Options are :

  • unlimited
  • 60
  • 10
  • None
  • 30

Answer : unlimited

250-352 Administration of Storage Foundation and HA 6.0 Test Set 2

Each section can be found in the Status pane is located on page?


Options are :

  • Database Health Monitor
  • agent status
  • The correlation program status
  • a uniform rule
  • Router Connectivity Status

Answer : Database Health Monitor

Every tab on the Symantec Security Information Manager statistics page displays the device's memory and CPU usage, database statistics, and status of any database jobs?


Options are :

  • maintenance Schedule
  • event service
  • system status
  • service status
  • None

Answer : system status

In what condition must be met in order to rule the launch of the Symantec Security Information Manager Conditions tab?


Options are :

  • access rights
  • event criteria
  • event type
  • Asset vulnerable
  • the device performs

Answer : event criteria

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 3

What is the correlation manage part of Symantec Security Information Manager to perform real-time?


Options are :

  • None
  • correlation, aggregation, filtering, and case creation
  • correlation, aggregation, property table analysis, filtering, event and incident creation
  • correlation, agitation, filtration, and case management
  • correlation, a property table of the analysis, the creation of the event, and the user inputs

Answer : correlation, aggregation, filtering, and case creation

What is the common way in which new entries can be added to assets Table Symantec Security Information Manager solution?


Options are :

  • through the lookup tables on the screen Information Manager Console
  • imports via the HP OpenView OpenView Integration feature
  • None
  • Automatic population supported vulnerability scanner
  • the import rule, which monitors network traffic

Answer : Automatic population supported vulnerability scanner

If the filtering rule matched, the transaction is rejected from the component?


Options are :

  • None
  • collector
  • correlation
  • agent
  • aggregate

Answer : correlation

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 10

Which of them is true about the rules Symantec Security Information Manager solution?


Options are :

  • Policy Editor to create a policy for each asset category to determine what the rules will run when an event occurs.
  • Rules tab can be used as the console automatically detects available for the benefit of the gates.
  • Rules can be created to escalate events to events that are based on policies defined for each asset.
  • The rules can be determined for each asset, which will launch a vulnerability scan task when a specific type of event.
  • None

Answer : Rules can be created to escalate events to events that are based on policies defined for each asset.

What information is reported by the Nessus scanner when it scans a number of network addresses?


Options are :

  • Vulnerabilities discovered network devices
  • patch levels are installed in devices found
  • SANS risk level for each detected device
  • the configuration of discovered devices
  • None

Answer : Vulnerabilities discovered network devices

What are two ways to assets Table can reduce the false positive reporting of security breaches built-in functions? (Choose two.)


Options are :

  • Policies tab populates the policies that apply to each commodity,
  • to determine the normalization of event data captured by the collectors
  • CIA indicating appropriate values for each of the contents of the table
  • use a supported vulnerability scanner to help prioritize incidents
  • Daily schedules vulnerability information to Symantec's LiveUpdate service

Answer : Policies tab populates the policies that apply to each commodity, use a supported vulnerability scanner to help prioritize incidents

ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 2

How can you determine which ports are potentially vulnerable to a specific host assets in the table?


Options are :

  • None
  • looking at the Services tab assets
  • by running Host Communication on the asset
  • viewing the Details tab of the asset
  • by driving NetScan user actions commodity

Answer : looking at the Services tab assets

What is the conclusion that is unrecognizable to an existing case come from?


Options are :

  • new event
  • occurring event
  • None
  • new event
  • a malfunction occurs case

Answer : a malfunction occurs case

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions