QUESTION 191What is the correct Symantec Security Information Manager incident identification pipeline? A. collection –> normalization –> rule processing –> attack tracing –> correlation to vulnerabilities “Pass Any Exam. Any Time.” – www.actualtests.com 21Symantec ST0-085 Exam–> incident prioritizationB. normalization –>…Continue Reading →
QUESTION 181“Pass Any Exam. Any Time.” – www.actualtests.com 2Symantec ST0-085 ExamWhat is the purpose of the critical business assets management feature? A. It enables automatic identification and prioritization of security threats that impact business- critical applications.B. It obtains an overview…Continue Reading →
QUESTION 171When should a Symantec Security Information Manager database be restored?“Pass Any Exam. Any Time.” – www.actualtests.com 67Symantec ST0-085 Exam A. when false-positive data is confirmed to exist in the databaseB. when there is a hardware failureC. when the database…Continue Reading →
QUESTION 161On the Symantec Security Information Manager Conditions tab, which two conditions need to be met for a rule to be triggered? A. Incident TypeB. Event CriteriaC. Rule TypeD. Device EffectedE. Applicable Licenses Answer: BC QUESTION 162If a conclusion does…Continue Reading →
QUESTION 151The Correlation Manager component of Symantec Security Information Manager performs automated real-time event ______. A. correlation, aggregation, filtering, and incident creationB. correlation, asset table analysis, event creation, and user inputC. correlation, agitation, filtering, and incident managementD. correlation, aggregation, asset…Continue Reading →
QUESTION 141Which option allows events to be ignored by the Correlation Rules and be no longer processed? A. Bypass RulesB. ConditionsC. CriteriaD. Event Filters Answer: D QUESTION 142“Pass Any Exam. Any Time.” – www.actualtests.com 57Symantec ST0-085 ExamWhich option in the…Continue Reading →
QUESTION 131What are two ways in which new entries can be added to the Assets Table of a Symantec Security Information Manager solution? A. through the Lookup Tables pane of the Information Manager ConsoleB. importing from HP OpenView through the…Continue Reading →
QUESTION 121When are the effective privileges of the SES Administrator role and Domain Administrator role equivalent? A. when there is only one domain in the systemB. when the administrator is assigned the SES Administrator role “Pass Any Exam. Any Time.”…Continue Reading →
QUESTION 111You are installing the Symantec Security Information Manager Agent on a Windows platform. A. c:\Symantec\logB. c:\Program Files\Symantec\logC. c:\Program Files\Symantec\sesa\agent\logD. c:\Symantec\agent\log Answer: C QUESTION 112When installing the Symantec Security Information Manager Agent and Collector on a Windows platform, which command…Continue Reading →
QUESTION 101When troubleshooting the installation of Symantec Security Information Manager (SSIM), the “status” console command displays the status of which critical SSIM service? A. Information ManagerB. DB2 databaseC. Tomcat servlet engineD. Apache web server Answer: B QUESTION 102When troubleshooting the…Continue Reading →
QUESTION 91What are the specified minimum hardware requirements for installing and running the Symantec Security Information Manager Console? A. 1 GB RAM and 1 GB disk spaceB. 1 GB RAM and 512 MB disk spaceC. 512 MB RAM and 1…Continue Reading →
QUESTION 81What is the difference between Symantec Security Information Manager (SSIM) on-box and off- box collectors?“Pass Any Exam. Any Time.” – www.actualtests.com 36Symantec ST0-085 Exam A. Off-box collectors are installed on the SSIM products and on-box collectors are installed on…Continue Reading →
QUESTION 71Symantec Security Information Manager automatically escalates security events into incidents based on a number of pre-defined and user-defined _____. A. rulesB. eventsC. incidentsD. tickets Answer: A QUESTION 72“Pass Any Exam. Any Time.” – www.actualtests.com 33Symantec ST0-085 ExamOnce all rules…Continue Reading →
QUESTION 61Once data is archived and removed from Symantec Security Information Manager, what allows you to access that data? A. Event Archive ViewerB. Incident Archive ViewerC. Correlated Event ViewerD. Archive Log Viewer Answer: A QUESTION 62Which Symantec Security Information Manager…Continue Reading →
QUESTION 51For which two does Symantec Security Information Manager automatically create values when you manually create a new incident? (Select two.)“Pass Any Exam. Any Time.” – www.actualtests.com 26Symantec ST0-085 Exam A. Event CreatorB. Incident CreatorC. Help desk ticketD. Rule NameE. …Continue Reading →
QUESTION 41Which statement is true about rules in a Symantec Security Information Manager solution? A. Rules can be created that escalate events to incidents, based on policies defined on each asset.B. The Rules Editor can create policies on each asset…Continue Reading →
QUESTION 31Which two default administrative user accounts are created during the installation of Symantec Security Information Manager? (Select two.) A. Root AdministratorB. Domain AdministratorC. SES AdministratorD. System Administrator E. Local Administrator Answer: BC QUESTION 32When are the effective privileges of…Continue Reading →
QUESTION 21Which console utility should be used to view the number of dropped packets on the network interface when troubleshooting performance problems on the Symantec Security Information Manager system? A. ifconfigB. mii-toolC. psD. top Answer: A QUESTION 22“Pass Any Exam….Continue Reading →
QUESTION 11What are the specified minimum hardware requirements for installing and running the Symantec Security Information Manager Console? A. 1 GB RAM and 1 GB disk spaceB. 1 GB RAM and 512 MB disk spaceC. 512 MB RAM and 1…Continue Reading →
QUESTION 1Which database houses incidents and summary data? A. OracleB. MySQLC. MSSQLD. IBM DB2 Answer: C QUESTION 2Which component sends events to the Event Service for processing? A. the Symantec Security Information Manager (SSIM) collectorB. the Symantec Security Information Manager…Continue Reading →