ST0-085 - Symantec Security Information Manager 4.7 Technical Assessment

Go back to Symantec

Example Questions

Which two default administrative user accounts are created during the installation of Symantec Security Information Manager? (Select two.) Which menu options do you select in the user interface to shut down or reboot the Symantec Security Information Manager (SSIM) appliance? Which Correlation Rule type does the Correlation Manager use? What information is necessary to properly size a deployment? Where is information about the health and performance of the Symantec Security Information Manager appliance found? - / When are the effective privileges of the SES Administrator role and Domain Administrator role equivalent? What information must be obtained prior to product deployment and configuration of the Symantec Security Information Manager appliance? Which three need to be collected as part of pre-deployment planning? Which statement about the capabilities of the Event Archive Viewer is true? How do you install a valid DeepSight Integration License? After installation, where would you go to purge the database? For which three does Symantec Security Information Manager automatically create values when you manually create a new incident? The Symantec Security Information Manager includes a(n) _____ feature that allows the security administrator to instantly access a customized view of major security indicators. On which three operating systems can the Symantec Security Information Manager Agent 2.5 be installed? What type of data that comes from DeepSight is mapped to vulnerability, exposure, malicious code, and safeguard mitigation strategies? Which third-party software components support LDAP for users, roles, and configurations? - / What is the purpose of normalization? You are troubleshooting performance problems on your Symantec Security Information Manager Which console utility should you use to view the number of dropped packets on the network interface? How can you determine which ports are potentially vulnerable on a given host in the Assets Table? When installing the Symantec Security Information Manager Agent and Collector on a Windows platform, which command shows that the agent is installed and running? When configuring the Event Archive settings of an Information Manager appliance, which two options can be configured? (Select two.) You are troubleshooting your Symantec Security Information Manager (SSIM) system. You issue information does the "status" command display? Where do Symantec Security Information Manager collectors send events? Which source is used by Symantec Security Information Manager to create incidents? From the Information Manager Console, the _____ feature allows you to prioritize remediation efforts on critical network devices. You are designing a new Symantec Security Information Manager (SSIM) solution for your company. When designing the structure of your SSIM domain, computers are separated into logical groups called _____. What are the specified minimum hardware requirements for installing and running the Symantec Security Information Manager Console? For which two does Symantec Security Information Manager automatically create values when you manually create a new incident? (Select two.) Which LDAP port is used by the security directory? Symantec Security Information Manager ____ Series provides dynamic correlation and centralized management of large, distributed enterprise deployments. Which condition needs to be met for a rule to be triggered on the Symantec Security Information Manager Conditions tab? After setting up the Symantec Security Information Manager (SSIM) appliance, where are network settings changed? - / Which statement about Symantec Security Information Manager domains is true? What information is reported by the Nessus scanner when it scans a range of network addresses? What is the unique identifier that normalization provides for each type of event? Which type of database backup is performed during the Symantec Security Information Manager installation? Which statement is true about rules in a Symantec Security Information Manager solution? When should a Symantec Security Information Manager database be restored? - / You manage the Symantec Security Information Manager(SSIM) solution for your company. You need to configure the Cisco PIX collector to process events from a Cisco PIX firewall. What must you do on the PIX firewall to accomplish this? Which of the following are all on-box collectors? When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. Depending on the configuration and the components installed on the SSIM, how can the inserted events be processed? Which two are commonly used to view archived events? Which three user actions can be executed by the Information Manager Event Viewer? Which of the following vendor hardware is recommended to use with Symantec Security Information Manager (SSIM)? What does a conclusion that is untrackable to an existing incident become? On which two operating systems can the Symantec Security Information Manager Agent be installed? (Select two.) Which three statements about Symantec Security Information Manager domains are true? How can an organization connect to the Integrated Global Security Intelligence to receive updates? Which types of rules does Symantec Security Information Manager use? - / Symantec Security Information Manager Series Appliance installs which operating system by default?