ST0-085 Symantec Security Information Manager Technical Exam Set 4

What is the purpose of normalization?


Options are :

  • to correlate events across multiple devices correlation Manager to compare all the events in one
  • standardize the correlation of events across multiple devices Manager to compare all the events in one
  • None
  • process transactions with multiple devices correlation of strategies to manage events more quickly
  • In order to minimize the number of events that affect multiple devices correlation manage events more quickly strategize

Answer : standardize the correlation of events across multiple devices Manager to compare all the events in one

250-253 Administration of Veritas Cluster Server 6.0 Unix Set 1

What information does the correlation Manager uses to identify and prioritize events?


Options are :

  • DeepSight
  • None
  • assets
  • case
  • event history

Answer : assets

When you consider the archived event data, how can you make a query to other users of the system?


Options are :

  • None
  • Check the Shared option for a saved query.
  • Save it to Public models.
  • Save it Published queries.
  • Grant Read permission to query the domain.

Answer : Check the Shared option for a saved query.

When the number of cases where the same issue is combined with what information manager do?


Options are :

  • save the original events and create a new event
  • delete the original events and create a new event
  • closes the original events and create a new event
  • The reported events in the original SANS Internet Storm Center, will close the events and create a new event
  • None

Answer : closes the original events and create a new event

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 7

Every task is Symantec Security Information Manager performs related Event Management?


Options are :

  • Projects and documents from future attacks
  • Create a vulnerability class.
  • Performs remediation attack
  • Specifies a member of the team events.
  • The reported events SANS Internet Storm Center.

Answer : Specifies a member of the team events.

Which option displays a list Rules of Procedure allows for follow-up actions needed to solve the case?


Options are :

  • displays a list
  • History
  • functions
  • features
  • None

Answer : functions

Which is commonly used to view archived events?


Options are :

  • None
  • Event Viewer API
  • Information Manager Event Viewer
  • Archive Management Console Tab
  • Incident Management Console Tab

Answer : Information Manager Event Viewer

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 6

Which service offers the Symantec Security Information Manager with updated intelligence about threats?


Options are :

  • Symantec Security Information Manager
  • Symantec Enterprise Security Manager
  • Symantec Endpoint Protection
  • None
  • DeepSight Global Intelligence Network

Answer : DeepSight Global Intelligence Network

Whichever option allows events to mediate the correlation rules, and no longer to deal with?


Options are :

  • event Filters
  • None
  • Criterion
  • override Policy
  • conditions

Answer : event Filters

What is the correct Symantec Security Information Manager incident identification of the tube?


Options are :

  • tracing the attack -> Rule Processing -> normalization -> Collection -> correlation vulnerabilities -> case prioritization
  • collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • None
  • Normalization -> Collection -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization
  • Rule Processing -> normalization -> Collection -> Tracing attack -> correlation vulnerabilities -> case prioritization

Answer : collection -> normalization -> Rule Processing -> Tracing attack -> correlation vulnerabilities -> case prioritization

ST0-10X Veritas Storage Foundation 5 for Unix Practice Test Set 6

What is the correlation engine to make the custom rules are properly defined?


Options are :

  • The rules relating to individual events, the conclusions of the analyzes and correlates events into events.
  • Analyzes events against the rule conditions, correlate current findings and create an impending event.
  • None
  • Correlate events against the rule conditions, analyze the conclusions and create impending events.
  • Analyzes events against the rule conditions, creates the conclusions and the conclusions of the correlated events.

Answer : Correlate events against the rule conditions, analyze the conclusions and create impending events.

From the Information Manager console, a procedure which allows the Symantec Security Information Manager (SSIM) to forward events to another SSIM device?


Options are :

  • System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria
  • None
  • System tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria
  • Device Configuration tab -> Event Configuration tab -> new event Forward -> input the IP address of the remote appliance -> Criteria to determine Incident
  • System tab -> Maintenance tab -> new event Forward -> input the IP address of remoteappliance -> Criteria to determine Incident

Answer : System tab -> Appliance Configuration tab -> new event Forward -> input the IP address of the remote appliance -> set the Event Criteria

What type of database backup is performed during the Symantec Security Information Manager installation?


Options are :

  • incremental, online backup
  • None
  • a complete, online backup
  • a full, offline backup
  • increases, offline backup

Answer : a full, offline backup

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 6

Two non Symantec Security Information Manager to automatically generate values ??when manually create a new event? (Choose two.)


Options are :

  • Event ID number
  • name of the rule
  • support service request
  • event Creator
  • By case

Answer : name of the rule By case

When configuring the archive Event Information Manager settings for a device with two options can be configured? (Choose two.)


Options are :

  • Auxiliary Storage Device
  • Max Archive quota
  • Purge Start Time
  • free disk space
  • Cleans certain events

Answer : Max Archive quota free disk space

In any correlation rule type of correlation does not manage to use?


Options are :

  • Successive Event Rules (looking for a set of events)
  • Aggregation Processing (triggers is aggregorious behavior)
  • None
  • Assets tables (corresponding to table field asset)
  • Multiple Event Rules (looking for a set of events)

Answer : Multiple Event Rules (looking for a set of events)

ST0-91W Symantec NetBackup 7.0 for Windows Practice Exam Set 1

What sort of information that comes from Symantec DeepSight Vulnerability mapping, exposure, malicious code and secure a mitigation?


Options are :

  • normalized event signatures
  • correlated to the incident action
  • correlate events
  • None
  • Relations between events

Answer : normalized event signatures

What is the unique identifier, which allows the normalization of each event?


Options are :

  • maps of events in the device-specific signature
  • maps of events in the device-specific signature
  • more Correlation Manager-specific data is translated into the incident
  • None
  • more Correlation Manager-specific data is translated to happen

Answer : more Correlation Manager-specific data is translated to happen

With information on the health and performance of Symantec Security Information Manager Hardware Found?


Options are :

  • Service Tab
  • Statistics tab
  • Maintenance tab,
  • System Tab
  • None

Answer : Statistics tab

250-253 Administration of Veritas Cluster Server 6.0 Unix Set 4

Which two search patterns predefined information manager? (Choose two.)


Options are :

  • host Action
  • firewall Action
  • IDS Action
  • port operations
  • internal operation

Answer : host Action port operations

So what is the correlation Manager to identify the network based on events?


Options are :

  • OS failed user logon attempts
  • viruses that pass SNMP and SMTP traffic
  • worms that penetrate the UNIX operating systems only
  • None
  • attacks based on patterns firewall

Answer : attacks based on patterns firewall

Two user actions can be performed Information Manager Event Viewer by default? (Choose two.)


Options are :

  • who is
  • nslookup
  • Finger
  • contact, touch, feel
  • ping

Answer : Finger ping

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 9

Which device is in use by Symantec Security Information Manager to create dangerous situations?


Options are :

  • analyst input
  • correlation Policy
  • None
  • Table claims
  • SANS Internet Storm Center

Answer : correlation Policy

Which two appraisal is Information Manager receivables Table used to quantitatively important device to help determine how to escalate security incidents associated with this device? (Choose two.)


Options are :

  • severity
  • confidence
  • priority
  • integrity
  • criticality

Answer : confidence integrity

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 5

What are the collectors box?


Options are :

  • Check Point, UNIX Syslog and Symantec Network Security
  • None
  • Check Point, Snort and PIX
  • PIX, Snort, and Symantec Mail Security
  • PIX, UNIX Syslog and Sygate

Answer : Check Point, Snort and PIX

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 9

Symantec Security Information Manager (SSIM) _____ works Symantec products that send events to SSIM server component.


Options are :

  • off-box collector
  • on-box collector
  • agent
  • collector
  • None

Answer : agent

What information is required prior to deployment and configuration of the product Symantec Security Information Manager appliance?


Options are :

  • a-box collectors suitable for installation
  • air conditioning and power requirements
  • The number of nodes can be found in the customer's infrastructure
  • None
  • The number of security events per device handles

Answer : The number of security events per device handles

Symantec Security Information Manager includes a (n) _____ feature that allows the security administrator to instantly access a customized view of major safety indicators.


Options are :

  • reports
  • Proceedings
  • None
  • intelligence page
  • dashboard

Answer : dashboard

ST0-91W Symantec NetBackup 7.0 for Windows (STS) Test Set 6

Which three can be installed in operating systems, Symantec Security Information Manager Agent 2.5?


Options are :

  • Solaris 9
  • Red Hat 3
  • For Windows 2000
  • Aix 5
  • HP-UX 11

Answer : Solaris 9 Red Hat 3 For Windows 2000

Which Symantec Security Information Manager console allows you to set up and configure the DAS devices?


Options are :

  • Simuser CLI menu
  • None
  • The assembly must only be performed from the DAS device
  • Information Manager Web Configuration Interface
  • Information Manager DAS Storage Configuration Interface

Answer : Information Manager Web Configuration Interface

After all the rules are properly defined, the correlation engine can analyze the events of the _____.


Options are :

  • false positives, create conclusions, conclusions and correlate events
  • rule criteria, create triggers, and correlate the conclusions events
  • rule criteria, create conclusions, and send its conclusions to the database
  • rule criteria, create conclusions, conclusions and correlate events
  • None

Answer : rule criteria, create conclusions, conclusions and correlate events

ST0-237 Symantec Loss Prevention Technical Assessment Exam Set 9

Which RAID level is recommended for DAS configuration?


Options are :

  • RAID 1
  • RAID 5
  • RAID 7
  • None
  • RAID 10

Answer : RAID 5

Three of which have been collected as part of pre-deployment planning?


Options are :

  • the number of transactions per second
  • a desktop application
  • host operating systems
  • Several geographical areas
  • event-to-event in terms of normal and peak conditions

Answer : the number of transactions per second host operating systems event-to-event in terms of normal and peak conditions

How do you install a valid license DeepSight Integration?


Options are :

  • open the Symantec Security Information Manager console; Configure the Appliance; click Licenses
  • None
  • Install License Wizard
  • device, insert the license / opt / Symantec / license folder
  • open the Symantec Security Information Manager Console; Configure the Appliance; click on the DeepSight Integration Manager Configuration

Answer : open the Symantec Security Information Manager Console; Configure the Appliance; click on the DeepSight Integration Manager Configuration

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 4

Which of them is true about re-installing Symantec Security Information Manager appliance?


Options are :

  • During the installation, repair software option must be selected to maintain the information on the device.
  • None
  • Prior to installation, all data is stored in the database DeepSight Global Data Repository.
  • The database has been off-state, so the re-installation of the software will have no effect.
  • Re-installing the software erase all the data stored on the device.

Answer : Re-installing the software erase all the data stored on the device.

Every general version of JRE is installed with the product?


Options are :

  • $2
  • $2
  • None
  • 1.4.2
  • 1.5.0

Answer : 1.5.0

Which three should be properly assessed throughout a deployment?


Options are :

  • the perimeter firewall
  • host operating system
  • desktop applications
  • desktop antivirus
  • network IDS

Answer : the perimeter firewall desktop antivirus network IDS

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 12

Which Symantec Security Information Manager component applies security content from Symantec?


Options are :

  • Live update
  • Security content search is done automatically.
  • None
  • Licensed DeepSight Integration Module
  • Live Update and licensed DeepSight Integration Module at the same time

Answer : Licensed DeepSight Integration Module

What is the purpose of business critical assets management feature?


Options are :

  • It gets an overview of the business.
  • This makes it possible to change the collector configurations to meet the needs of the business assets.
  • It provides a visual image of where ciritical the company's resources are located.
  • It enables the automatic identification and prioritization of security threats that affect business-critical applications
  • None

Answer : It enables the automatic identification and prioritization of security threats that affect business-critical applications

Is the Information Manager Console, you can select the _____ tab to decide who is working the problem.


Options are :

  • bunting
  • incidents
  • Proceedings
  • reports
  • None

Answer : bunting

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 2

What information is needed to properly size a deployment?


Options are :

  • hard disk, incidents per second and collector types
  • transactions per second, collector types of incidents and incident ratio
  • hard disk space, transactions per second and geographic locations
  • transactions per second, geographical locations and event-to-event in terms of
  • None

Answer : transactions per second, geographical locations and event-to-event in terms of

What is the level of integration of the device?


Options are :

  • None
  • event log and sensor system
  • forwarding the transaction data to the device
  • Grouping data and reduce the size of the database traffic
  • Parsing data sensors data

Answer : Grouping data and reduce the size of the database traffic

Symatec Security Information Manager Series _____ also referred to as the collection device.


Options are :

  • 9650
  • 9530
  • 9630
  • 9550
  • None

Answer : 9630

ST0-135 Symantec Network Access Controls Technical Exam Set 6

Symantec Security Information Manager, collectors send events _____.


Options are :

  • event Disposition
  • event logger
  • Event Archive
  • event reporting
  • None

Answer : event logger

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions