This page was exported from Braindump2go Free Latest Microsoft Hot Exam Dumps In PDF & VCE Free Download
[
https://www.symantecdumps.com
]
Export date: Fri Mar 29 9:51:37 2024 / +0000 GMT
QUESTION 151 A. correlation, aggregation, filtering, and incident creation Answer: A QUESTION 152 A. attacks based on firewall patterns Answer: A QUESTION 153 A. infiltration Answer: D QUESTION 154 A. Assets Tables (matches a field in the asset table) Answer: C QUESTION 155 A. Event Logger Answer: D QUESTION 156 A. System tab --> Appliance Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria Answer: A QUESTION 157 A. creates a vulnerability category Answer: BE QUESTION 158 A. saves the original incidents and creates a new incident Answer: B QUESTION 159 A. Filtering and Correlation Answer: A QUESTION 160 A. elemental Answer: A If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump full version.
The Correlation Manager component of Symantec Security Information Manager performs automated real-time event ______.
B. correlation, asset table analysis, event creation, and user input
C. correlation, agitation, filtering, and incident management
D. correlation, aggregation, asset table analysis, filtering, event and incident creation
The Correlation Manager filters false positive events from networks and also identifies _____.
B. worms that penetrate UNIX-only operating systems
C. viruses that permeate SNMP and SMTP traffic
D. failed user login attempts
If a false positive is confirmed, the event is discarded from _____ in Symantec Security Information Manager.
B. disposition
C. aggregation
D. correlation
"Pass Any Exam. Any Time." - www.actualtests.com 61
Symantec ST0-085 Exam
Which Correlation Rule types does the Correlation Manager use?
B. Contiguous Event Rules (looks for a pattern of events)
C. Multiple Event Rules (looks for a pattern of events)
D. Aggregation Processing (triggers on aggregorious behavior)
Events that are filtered out remain stored in the ______.
B. Incident Repository
C. Event Archive
D. Incident History
From the Information Manager Console, which procedure allows a Symantec Security Information Manager (SSIM) to forward events to another SSIM appliance?
B. System tab --> Event Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Event Criteria
C. Appliance Configuration tab --> Event Configuration tab --> create new Forward event --> input IP address of remote appliance --> define Incident Criteria "Pass Any Exam. Any Time." - www.actualtests.com 62
Symantec ST0-085 Exam
D. System tab --> Maintenance tab --> create new Forward event --> input IP address of remote appliance --> define Incident Criteria
Symantec Security Information Manager performs which two tasks related to Incident Management?
B. creates a helpdesk ticket
C. projects and documents future attacks
D. reports incidents to the SANS Internet Storm Center
E. assigns incidents to a team member
When multiple incidents involving the same issue are merged, what does Information Manager do?
B. closes the original incidents and creates a new incident
C. deletes the original incidents and creates a new incident
D. reports the original incidents to the SANS Internet Storm Center, closes the incidents and creates a new incident
Which types of rules does Symantec Security Information Manager use?
"Pass Any Exam. Any Time." - www.actualtests.com 63
Symantec ST0-085 Exam
B. Manual and Automated
C. Priority and Severity
D. Composition and Disposition
Symantec Security Information Manager's rule system considers events to be _____ objects, while conclusions are products of the rule system.
B. dispositional
C. exponential
D. complex
Post date: 2014-04-29 08:10:06
Post date GMT: 2014-04-29 08:10:06
Post modified date: 2014-04-29 08:10:07
Post modified date GMT: 2014-04-29 08:10:07
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com