This page was exported from Braindump2go Free Latest Microsoft Hot Exam Dumps In PDF & VCE Free Download [ https://www.symantecdumps.com ] Export date:Thu Mar 28 11:43:43 2024 / +0000 GMT ___________________________________________________ Title: Official 2014 Symantec ST0-085 Dump Free Download(141-150)! --------------------------------------------------- QUESTION 141Which option allows events to be ignored by the Correlation Rules and be no longer processed? A.    Bypass RulesB.    ConditionsC.    CriteriaD.    Event Filters Answer: D QUESTION 142"Pass Any Exam. Any Time." - www.actualtests.com 57Symantec ST0-085 ExamWhich option in the Rules Monitors list allows for follow-up actions that are required to resolve the incident? A.    Monitors listB.    ActionsC.    PropertiesD.    History Answer: B QUESTION 143Which two sources are used by Symantec Security Information Manager to create incidents? A.    SANS Internet Storm CenterB.    Assets TableC.    analyst inputD.    Correlation Rules Answer: D QUESTION 144What is the correct Symantec Security Information Manager incident identification pipeline? A.    collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities --> incident prioritizationB.    normalization --> collection --> rule processing --> attack tracing --> correlation to vulnerabilities --> incident prioritizationC.    rule processing --> normalization --> collection --> attack tracing --> correlation to vulnerabilities --> incident prioritizationD.    attack tracing --> rule processing --> normalization --> collection --> correlation to vulnerabilities --> incident prioritization Answer: A"Pass Any Exam. Any Time." - www.actualtests.com 58Symantec ST0-085 Exam QUESTION 145What is the purpose of normalization? A.    to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quicklyB.    to correlate events across multiple devices for the Correlation Manager to compare all events equallyC.    to standardize events across multiple devices for the Correlation Manager to compare all events equallyD.    to process the events across multiple devices for the Correlation Manager to strategize the events more quickly Answer: C QUESTION 146Normalization provides a unique identifier for each type of event and _____. A.    adds Correlation Manager-specific data to the translated incidentB.    adds Correlation Manager-specific data to the translated eventC.    maps events to a device-specific signatureD.    maps incidents to a device-specific signature Answer: B QUESTION 147When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. Depending on the configuration and the components installed on the SSIM, how can the inserted events be processed? A.    correlate eventsB.    filter eventsC.    isolate eventsD.    send the events to SSIM internal compiler Answer: A "Pass Any Exam. Any Time." - www.actualtests.com 59Symantec ST0-085 ExamQUESTION 148Once custom rules are properly defined, the Correlation Engine _____. A.    correlates events against the rule criteria, analyzes conclusions and creates impending incidentsB.    analyzes events against the rule criteria, correlates with existing conclusions and creates the impending incidentC.    analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidentsD.    applies individual rules to events, analyzes conclusions and correlates events into incidents Answer: C QUESTION 149What information does the Correlation Manager use to identify and prioritize incidents? A.    DeepSightB.    event historyC.    incidentD.    assets Answer: D QUESTION 150How can you populate the list of assets in the Correlation Manager? A.    manually add asset entries in the Identities pageB.    create assets based upon computers in the Incident pane on the Incident pageC.    create assets by importing data from archived database informationD.    create assets based upon computers in the Source View or Target View of the Assets page "Pass Any Exam. Any Time." - www.actualtests.com 60Symantec ST0-085 Exam Answer: D If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump full version. --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2014-04-29 08:09:06 Post date GMT: 2014-04-29 08:09:06 Post modified date: 2014-04-29 08:09:07 Post modified date GMT: 2014-04-29 08:09:07 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com