Security Profile Management Lesson 6

Questions and Answers

What is responsible for both inspection and management on software-based IPS's and Eseries?

• Memory allocation
• One CPU (correct)
• Segmentation
• Two separate CPUs

What is required for the SMS to download Digital Vaccines from the Internet?

• Internet, a gateway, and DNS (correct)
• DNS only
• TMC connection
• Internet and a gateway only

Why can't you turn on certain filters within an IPS Profile in the case where the DV on the IPS is newer than on the SMS?

• The SMS is not connected to the TMC
• The filters do not exist (correct)
• The DV distribution history is obsolete
• The IPS Profile is corrupted

What does a Distribution Snapshot provide when distributing a profile to a device?

A restore point for rolling back changes (B)

When should a manual Snapshot be created for a profile?

At any time to allow rollback (C)

How can you clear DV distribution history entries?

Change the required version to Active (C)

What should be demonstrated if the TMC is not connected?

Load off of the course CD materials (D)

What will especially notice performance issues with High Priority on software-based IPS's and Eseries?

One CPU (C)

What must be done in order to roll-back changes using a Distribution Snapshot?

Change the required version to Active (A)

What is the purpose of Digital Vaccine (DV) packages?

To provide new signatures for protecting network security (D)

What is the function of the Adaptive Filter Configuration (AFC) setting in Digital Vaccine Filters?

It determines whether to permit or block traffic and/or send a notification (C)

How are Digital Vaccine (DV) packages distributed to devices?

Through automatic download from the Threat Management Center (TMC) (B)

What type of security needs do specialized filter packages address?

Advanced malware protection (B)

What is the purpose of Traffic Management Filters?

To filter malicious traffic from the network (A)

What is the role of Profile Version, Rollback, and Auditing in Security Profile Management?

To provide a history of changes made to security profiles (A)

What does Flow based vs. Non-flow based DV refer to?

Security measures for network traffic management (C)

What is the primary function of Inspection Bypass Rules?

To bypass inspection for specific types of traffic (D)

'Adaptive Filter Configuration (AFC)' setting is related to which aspect of Digital Vaccine Filters?

'Adaptive Filter Configuration (AFC)' determines whether to permit or block traffic and/or send a notification (B)

What is the purpose of Suspicious URL Metadata introduced with SMS 4.6?

To be used with Deep Discovery (A)

When editing multiple filters, what does the dialog change to?

Filters Being Modified (C)

How can you select multiple filters at the same time?

Use the CTRL key (C)

What can be achieved through Profile Import/Export?

Importing into another SMS (D)

What appears in the Filters tab if a filter has been modified?

Modified filters (A)

What additional criteria can be used for search besides release dates and filter source?

Actions and Exceptions (D)

What is the purpose of the Filter Taxonomy Search Results?

To view search results related to filter taxonomy (A)

What is the benefit of importing Profiles into another SMS?

Preserving or replacing existing settings (D)

What is the main use of Security Profile Management in relation to Education Lesson 6?

To manage and customize security profiles for specific criteria (C)