Official 2014 Symantec ST0-085 Dump Free Download(191-200)!
QUESTION 191
What is the correct Symantec Security Information Manager incident identification pipeline?
A. collection –> normalization –> rule processing –> attack tracing –> correlation to vulnerabilities “Pass Any Exam. Any Time.” – www.actualtests.com 21
Symantec ST0-085 Exam
–> incident prioritization
B. normalization –> collection –> rule processing –> attack tracing –> correlation to vulnerabilities –> incident prioritization
C. rule processing –> normalization –> collection –> attack tracing –> correlation to vulnerabilities –> incident prioritization
D. attack tracing –> rule processing –> normalization –> collection –> correlation to vulnerabilities –> incident prioritization
Answer: A
QUESTION 192
What is the purpose of normalization?
A. to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quickly
B. to correlate events across multiple devices for the Correlation Manager to compare all events equally
C. to standardize events across multiple devices for the Correlation Manager to compare all events equally
D. to process the events across multiple devices for the Correlation Manager to strategize the events more quickly
Answer: C
QUESTION 193
What is the unique identifier that normalization provides for each type of event?
A. adds Correlation Manager-specific data to the translated incident
B. adds Correlation Manager-specific data to the translated event
C. maps events to a device-specific signature
D. maps incidents to a device-specific signature
Answer: B
“Pass Any Exam. Any Time.” – www.actualtests.com 22
Symantec ST0-085 Exam
QUESTION 194
When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the
installed on the SSIM, how can the inserted events be processed?
A. correlate events
B. filter events
C. isolate events
D. send the events to SSIM internal compiler
Answer: A
QUESTION 195
What information does the Correlation Manager use to identify and prioritize incidents?
A. DeepSight
B. event history
C. incident
D. assets
Answer: D
QUESTION 196
What does the Correlation Manager component of Symantec Security Information Manager perform in real-time?
A. correlation, aggregation, filtering, and incident creation
B. correlation, asset table analysis, event creation, and user input
C. correlation, agitation, filtering, and incident management
D. correlation, aggregation, asset table analysis, filtering, event and incident creation
Answer: A
“Pass Any Exam. Any Time.” – www.actualtests.com 23
Symantec ST0-085 Exam
QUESTION 197
What can the Correlation Manager identify in network based events?
A. attacks based on firewall patterns
B. worms that penetrate UNIX-only operating systems
C. viruses that permeate SNMP and SMTP traffic
D. OS failed user login attempts
Answer: A
QUESTION 198
If a filtering rule is matched, the event is discarded from what component?
A. collector
B. agent
C. aggregation
D. correlation
Answer: D
QUESTION 199
Which Correlation Rule type does the Correlation Manager use?
A. Assets Tables (matches a field in the asset table)
B. Contiguous Event Rules (looks for a pattern of events)
C. Multiple Event Rules (looks for a pattern of events)
D. Aggregation Processing (triggers on aggregorious behavior)
Answer: C
“Pass Any Exam. Any Time.” – www.actualtests.com 24
Symantec ST0-085 Exam
QUESTION 200
Where can an event be found after it is filtered out during correlation?
A. Event Logger
B. Incident Repository
C. Event Archive
D. Incident History
Answer: C
If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump full version.