Official 2014 Symantec ST0-085 Dump Free Download(151-160)!

QUESTION 151
The Correlation Manager component of Symantec Security Information Manager performs automated real-time event ______.

A.    correlation, aggregation, filtering, and incident creation
B.    correlation, asset table analysis, event creation, and user input
C.    correlation, agitation, filtering, and incident management
D.    correlation, aggregation, asset table analysis, filtering, event and incident creation

Answer: A

QUESTION 152
The Correlation Manager filters false positive events from networks and also identifies _____.

A.    attacks based on firewall patterns
B.    worms that penetrate UNIX-only operating systems
C.    viruses that permeate SNMP and SMTP traffic
D.    failed user login attempts

Answer: A

QUESTION 153
If a false positive is confirmed, the event is discarded from _____ in Symantec Security Information Manager.

A.    infiltration
B.    disposition
C.    aggregation
D.    correlation
“Pass Any Exam. Any Time.” – www.actualtests.com 61
Symantec ST0-085 Exam

Answer: D

QUESTION 154
Which Correlation Rule types does the Correlation Manager use?

A.    Assets Tables (matches a field in the asset table)
B.    Contiguous Event Rules (looks for a pattern of events)
C.    Multiple Event Rules (looks for a pattern of events)
D.    Aggregation Processing (triggers on aggregorious behavior)

Answer: C

QUESTION 155
Events that are filtered out remain stored in the ______.

A.    Event Logger
B.    Incident Repository
C.    Event Archive
D.    Incident History

Answer: D

QUESTION 156
From the Information Manager Console, which procedure allows a Symantec Security Information Manager (SSIM) to forward events to another SSIM appliance?

A.    System tab –> Appliance Configuration tab –> create new Forward event –> input IP address of remote appliance –> define Event Criteria
B.    System tab –> Event Configuration tab –> create new Forward event –> input IP address of remote appliance –> define Event Criteria
C.    Appliance Configuration tab –> Event Configuration tab –> create new Forward event –> input IP address of remote appliance –> define Incident Criteria “Pass Any Exam. Any Time.” – www.actualtests.com 62
Symantec ST0-085 Exam
D.    System tab –> Maintenance tab –> create new Forward event –> input IP address of remote appliance –> define Incident Criteria

Answer: A

QUESTION 157
Symantec Security Information Manager performs which two tasks related to Incident Management?

A.    creates a vulnerability category
B.    creates a helpdesk ticket
C.    projects and documents future attacks
D.    reports incidents to the SANS Internet Storm Center
E.    assigns incidents to a team member

Answer: BE

QUESTION 158
When multiple incidents involving the same issue are merged, what does Information Manager do?

A.    saves the original incidents and creates a new incident
B.    closes the original incidents and creates a new incident
C.    deletes the original incidents and creates a new incident
D.    reports the original incidents to the SANS Internet Storm Center, closes the incidents and creates a new incident

Answer: B

QUESTION 159
Which types of rules does Symantec Security Information Manager use?
“Pass Any Exam. Any Time.” – www.actualtests.com 63
Symantec ST0-085 Exam

A.    Filtering and Correlation
B.    Manual and Automated
C.    Priority and Severity
D.    Composition and Disposition

Answer: A

QUESTION 160
Symantec Security Information Manager’s rule system considers events to be _____ objects, while conclusions are products of the rule system.

A.    elemental
B.    dispositional
C.    exponential
D.    complex

Answer: A

If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump full version.

         

Comments are closed.