Official 2014 Symantec ST0-085 Dump Free Download(141-150)!
QUESTION 141
Which option allows events to be ignored by the Correlation Rules and be no longer processed? A. Bypass Rules
B. Conditions
C. Criteria
D. Event Filters Answer: D QUESTION 142
"Pass Any Exam. Any Time." - www.actualtests.com 57
Symantec ST0-085 Exam
Which option in the Rules Monitors list allows for follow-up actions that are required to resolve the incident? A. Monitors list
B. Actions
C. Properties
D. History Answer: B QUESTION 143
Which two sources are used by Symantec Security Information Manager to create incidents? A. SANS Internet Storm Center
B. Assets Table
C. analyst input
D. Correlation Rules Answer: D QUESTION 144
What is the correct Symantec Security Information Manager incident identification pipeline? A. collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities --> incident prioritization
B. normalization --> collection --> rule processing --> attack tracing --> correlation to vulnerabilities --> incident prioritization
C. rule processing --> normalization --> collection --> attack tracing --> correlation to vulnerabilities --> incident prioritization
D. attack tracing --> rule processing --> normalization --> collection --> correlation to vulnerabilities --> incident prioritization Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 58
Symantec ST0-085 Exam QUESTION 145
What is the purpose of normalization? A. to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
B. to correlate events across multiple devices for the Correlation Manager to compare all events equally
C. to standardize events across multiple devices for the Correlation Manager to compare all events equally
D. to process the events across multiple devices for the Correlation Manager to strategize the events more quickly Answer: C QUESTION 146
Normalization provides a unique identifier for each type of event and _____. A. adds Correlation Manager-specific data to the translated incident
B. adds Correlation Manager-specific data to the translated event
C. maps events to a device-specific signature
D. maps incidents to a device-specific signature Answer: B QUESTION 147
When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. Depending on the configuration and the components installed on the SSIM, how can the inserted events be processed? A. correlate events
B. filter events
C. isolate events
D. send the events to SSIM internal compiler Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 59
Symantec ST0-085 Exam
QUESTION 148
Once custom rules are properly defined, the Correlation Engine _____. A. correlates events against the rule criteria, analyzes conclusions and creates impending incidents
B. analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incident
C. analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents
D. applies individual rules to events, analyzes conclusions and correlates events into incidents Answer: C QUESTION 149
What information does the Correlation Manager use to identify and prioritize incidents? A. DeepSight
B. event history
C. incident
D. assets Answer: D QUESTION 150
How can you populate the list of assets in the Correlation Manager? A. manually add asset entries in the Identities page
B. create assets based upon computers in the Incident pane on the Incident page
C. create assets by importing data from archived database information
D. create assets based upon computers in the Source View or Target View of the Assets page "Pass Any Exam. Any Time." - www.actualtests.com 60
Symantec ST0-085 Exam Answer: D If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump 1 full version. 
|
