https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Deep Security 11 Certified Professional | Exam

QUESTIONS: 45 | ATTEMPTS: 3

1 Which of the following correctly describes the Firewall rule Action of

Force Allow?

Force Allow permits traffic to bypass analysis by both the Firewall

and Intrusion Prevention Protection Modules.
Force Allow permits traffic to bypass analysis by all Deep Security
Protection Modules.

Force Allow explicitly allows traffic that matches the Firewall rule to
pass, and implicitly denies all other traffic.

Force Allow permits traffic that would otherwise be denied by other

Firewall rules to pass, but still enforces filtering by the Intrusion
Prevention Protection Module.

2 The "Protection Source when in Combined Mode" settings are

configured for a virtual machine as in the exhibit. You would like to
enable Application Control on this virtual machine, but there is no
corresponding setting displayed. Why?

In the example displayed in the exhibit, the Application Control

Protection Module has not yet been enabled. Once it is enabled for
this virtual machine, the corresponding settings are displayed.

These settings are used when both an host-based agent and

agentless protection are available for the virtual machine. Since
Application Control is not supported in agentless installations, there is
no need for the setting.

In the example displayed in the exhibit, the VMware Guest

Introspection Service has not yet been installed. This service is
required to enable Application Control in agentless installations.
In the example displayed in the exhibit, no activation code was
entered for Application Control. Since the Protection Module is not
licensed, the corresponding settings are not displayed.

1 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

3 Multi-tenancy is enabled in Deep Security and new tenants are created.

Where does the new tenant data get stored when using SQL Server as
the Deep Security database?

The new tenant data is added to the existing SQL Server

database.
An additional database is created in SQL Server for each new
tenant to store its data.
An additional user is created for each new tenant in the SQL
Server database to store its data.
An additional table is created for each new tenant in the existing
database in the SQL Server database to store its data.

4 Which of the following statements correctly identifies the purpose of the

Integrity Monitoring Protection Module?

The Integrity Monitoring Protection Module monitors critical

operating system objects such as services, processes, registry keys
and ports to detect and report malicious or unexpected changes.

The Integrity Monitoring Protection Module monitors incoming

traffic to confirm the integrity of header information including packet
source and destination details.
The Integrity Monitoring Protection Module monitors traffic to verify
the integrity of incoming traffic to identify protocol deviations, packets
fragments and other protocol anomalies.

The Integrity Monitoring Protection Module monitors and analyzes

the integrity of application logs to identify tampering, corruption and
other suspicious modifications to the logs.

5 Which of following statements best describes Machine Learning in Deep

Security?

2 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Machine Learning is malware detection technique in which

features of an executable file are compared against a cloud-based
learning model to determine the probability of the file being malware.

Machine Learning is a malware detection technique in which the

Deep Security Agent monitors process memory in real time and once a
process is deemed to be suspicious, Deep Security will perform
additional checks with the Smart Protection Network to determine if
this is a known good process.
Machine Learning is malware detection technique in which
processes on the protected computer are monitored for actions that
are not typically performed by a given process.
Machine Learning is a malware detection technique in which files
are scanned based on the true file type as determined by the file
content, not the extension.

6 A Deep Security administrator wishes to monitor a Windows SQL Server

database and be alerted of any critical events which may occur on that
server. How can this be achieved using Deep Security?

This can not be achieved using Deep Security. Instead, the

administrator could set up log forwarding within Window SQL Server
2016 and the administrator could monitor the logs within the syslog
device.
The administrator could install a Deep Security Agent on the
server hosting the Windows Server 2016 database and enable the
Integrity Monitoring Protection Module. A rule can be assigned to
monitor the Windows SQL Server for any modifications to the server,
with Alerts enabled.

The administrator could install a Deep Security Agent on the

server hosting the Windows Server 2016 database and enable the Log
Inspection Protection Module. A rule can be assigned to monitor the
Windows SQL Server for any critical events, with Alerts enabled.
The administrator could install a Deep Security Agent on the
server hosting the Windows Server 2016 database and enable the
Intrusion Prevention Protection Module. A Recommendation Scan can
be run and any suggested rule can be assigned to monitor the
Windows SQL Server for any vulnerabilities, with Alerts enabled.

7 Which of the following statements is true regarding the Intrusion

Prevention Protection Module?

3 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The Intrusion Prevention Protection Module can identify changes

applied to protected objects, such as the Hosts file, or the Windows
Registry.

The Intrusion Prevention Protection Module analyzes the payload

within incoming and outgoing data packets to identify content that can
signal an attack.

The Intrusion Prevention Protection Module blocks or allows traffic

based on header information within data packets.

The Intrusion Prevention Protection Module can prevent

applications from executing, allowing an organization to block
unallowed software.

8 The details of a policy are displayed in the exhibit. Based on these

details, which of the following statements is true?

Any events generated by computers within your corporate

network, as defined by an IP address range, will be ignored
Packets failing the Network Packet Sanity Check will still be
allowed to pass through the network engine.
The credibility scores for visited web sites will be cached. If access
to the web site is requested again within 30 minutes, its credibility
score will be retrieved from the cache instead of the configured Smart
Protection source.

Live packet streams coming through the network engine will be

replicated and all traffic analysis will be performed on the replicated
stream

9 What is the purpose of the Deep Security Relay?

4 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Deep Security Relays forward policy details to Deep Security

Agents and Virtual Appliances immediately after changes to the policy
are applied.

Deep Security Relays are responsible for retrieving security and

software updates and distributing them to Deep Security Manager,
Agents and Virtual Appliances.

Deep Security Relays maintain the caches of policies applied to

Deep Security Agents on protected computers to improve
performance.

Deep Security Relays distribute load to the Deep Security

Manager nodes in a high-availability implementation.

10 Which of the following statements is true regarding Firewall Rules?

Firewall Rules are always processed in the order in which they

appear in the rule list, as displayed in the Deep Security manager Web
console.

Firewall Rules applied to Policy supersede similar rules applied to

individuals computers.
When traffic is intercepted by the network filter, Firewall Rules in
the policy are always applied before any other processing is done.
Firewall Rules applied through a parent-level Policy cannot be
unassigned in a child-level policy.

11 When viewing the details for a policy, as displayed in the exhibit, you
notice that the Application Control Protection Module is not available. In
this example, why would this Protection Modules not be available?

5 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The Application Control Protection Module is only supported on

Linux computers, the policy details displayed are for Windows
computers only.

An Activation Code for the Application Control Protection Module

has not been provided. Unlicensed Protection Modules will not be
displayed.

The Application Control Protection Modules has not been enabled

for this tenant.

The Application Control Protection Module has been disabled at

the Base Policy level and is not displayed in the details for child
policies.

12 Which of the following VMware components is not required to enable

agentless protection using Deep Security.

VMware NSX

VMware ESXi
VMware vCenter

VMware vRealize

13 Which of the following Firewall rule actions will allow data packets to
pass through the Firewall Protection Module without being subjected to
analysis by the Intrusion Prevention Protection Module?

Deny

Force Allow
Bypass

Allow

14 Your organization would like to implement a mechanism to alert

administrators when files on a protected servers are modified or
tampered with. Which Deep Security Protection Module should you
enable to provide this functionality?

The File Inspection Protection Module

Deep Security can not provide this type of functionality

The Integrity Monitoring Protection Module

The Intrusion Prevention Protection Module

15 Which of the following statements is true regarding Deep Security

Relays?

6 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Deep Security Agents communicate with Deep Security Relays to

obtain security updates.
Deep Security Agents promoted to Deep Security Relays no
longer provide the security capabilities enabled by the Protection
Modules.
Deep Security Relays are able to process Deep Security Agent
requests during updates.
Both 32-bit and 64-bit Deep Security Agents can be promoted to a
Deep Security Relay.

16 Which of the following statements is true regarding the use of the

Firewall Protection Module in Deep Security?

The Firewall Protection Module can detect and block Cross Site
Scripting and SQL Injection attacks.

The Firewall Protection Module can check files for certain

characteristics such as compression and known exploit code.
The Firewall Protection Module can prevent DoS attacks coming
from multiple systems.

The Firewall Protection Module can identify suspicious byte

sequences in packets.

17 Which of the following statements correctly describes Smart Folders?

Smart Folders are a collection of subfolders containing the policy

settings that are applied to child policies or directly to Computers.

Smart Folders identify the folders that will be scanned when a

Real-Time, Manual or Scheduled malware scan is run.

Smart Folders act as a saved search of computers which is

executed each time the folder is clicked to display its contents.

Smart Folders are the containers used to store the results of

Recommendation Scans. Once a Recommendation Scan has
completed, and administrator can click a Smart Folder and select
which of the recommended rules to apply.

18 Based on the following exhibit, what behavior would you expect for the
Application Control Protection Module

7 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Since this computer is in Maintenance Mode, new or changed

software will be automatically added to the list of Allowed software in
the currently active ruleset.
Since this computer is in Maintenance Mode, updates to the
Application Control Protection Module will be applied.

Since this computer is in Maintenance Mode, Application Control

will allow any Blocked software to temporarily run.
Since this computer is in Maintenance Mode, Application Control
will ignore any Blocked software in the currently active ruleset.

19 The Intrusion Prevention Protection Module is enabled and a

Recommendation Scan is run to identify vulnerabilities on a Windows
Server 2016 computer. How can you insure that the list of
recommendations is always kept up to date?

Enable "Ongoing Scans" to run a recommendation scan on a

regular basis. This will identify new Intrusion Prevention rules to be
applied.

New rules are configured to be automatically sent to Deep

Security Agents when Recommendation Scans are run.

Disabling, then re-enabling the Intrusion Prevention Protection

Module will trigger a new Recommendation Scan to be run. New rules
will be included in the results of this new scan.
Recommendation Scans are only able to suggest Intrusion
Prevention rules when the Protection Module is initially enabled.

20 Based on the Malware Scan Configuration displayed in the exhibit,

which of the following statements is false.

8 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Internet access is required to properly enable the features

identified in this configuration.
Any document files that display suspicious behavior will be
submitted and executed in a sandbox environment on a Deep
Discover Analyzer device.
Deep Security Agents using this Malware Scan Configuration will
not monitor for compromised Windows processes.

Deep Security Agents will only be able to identify malware in files

by using patterns downloaded from the Smart Protection Network.

21 What is the purpose of the Deep Security Notifier?

The Deep Security Notifier is a server component used in

agentless configurations to allow Deep Security Manager to notify
managed computers of pending updates.
The Deep Security Notifier is a application in the Windows System
Tray that displays the Status of Deep Security Manager during policy
and software updates.
The Deep Security Notifier is a server components that collects log
entries from managed computers for delivery to a configured SIEM
device.
The Deep Security Notifier is a application in the Windows System
Tray that communicates the state of Deep Security Agents and Relays
to endpoint computers.

22 How does Smart Scan vary from conventional pattern-based anti-

malware scanning?

9 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Smart Scan identifies files to be scanned based on the content of

the file, not the extension.
Smart Scan is performed in real time, where conventional
scanning must be triggered manually, or run on a schedule.
Smart Scan shifts much of the malware scanning functionality to
an external Smart Protection Server.
Smart Scan improves the capture rate for malware scanning by
sending features of suspicious files to an cloud-based server where
the features are compared to known malware samples.

23 Based on the policy configuration displayed in the exhibit, which of the

following statements is true?

Deep Security Agents will send event information to Deep Security

Manager every 10 minutes.
Changes to any of the Deep Security policies will be send to the
Deep Security Agents as soon as the changes are saved.

Administrators with access to the protected Server will be able to

uninstall the Deep Security Agent through Windows Control Panel.

If the Deep Security Manager does not receive a message from

the Deep Security agent every 20 minutes, an alert will be raised.

24 Policies in Deep Security can include a Context value. Which of the

following statements regarding Context is correct?

10 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The Context provides Deep Security Agents with location

awareness and are associated with Firewall and Intrusion Prevention
Rules.

The Context provides Deep Security Agents with location

awareness and are associated with Log Inspection and Integrity
Monitoring Rules.

The Context provides Deep Security Agents with location

awareness and are associated with Anti-Malware and Web Reputation
Rules.

The Context provides Deep Security Agents with location

awareness and are associated with Web Reputation Rules only.

25 How is caching used by the Web Reputation Protection Module?

Caching is used by the Web Reputation Protection Module to

temporarily store the pages that make up the Web site. The Web site
is cached in case the site is visited again for the life of the cache.

Caching is used by the Web Reputation Protection Module to keep

track of Allowed and Blocked Web sites. Any sites that are Allowed or
Blocked do not require the retrieval of a credibility score from the
Trend Micro Web Reputation Service.

Caching is used by the Web Reputation Protection Module to keep

track of Web sites that are added to the Allowed list. Any sites added
to the Allowed list will be accessible by protected servers regardless of
their credibility score.
Caching is used by the Web Reputation Protection Module to
temporarily store the credibility score for a Web site. The retrieved
credibility score is cached in case the score for the Web site is
required again for the life of the cache.

11 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

26 What is IntelliScan?

IntelliScan reduces the risk of viruses entering your network by

blocking real-time compressed executable files and pairs them with
other characteristics to improve malware catch rates.
IntelliScan is a method of identifying which files are subject to
malware scanning as determined from the file content. It uses the file
header to verify the true file type.
IntelliScan is a mechanism that improves scanning performance. It
recognizes files that have already been scanned based on a digital
fingerprint of the file.

IntelliScan is a malware scanning method that monitors process

memory in real time. It can identify known malicious processes and
terminate them.

27 Based on the details of event displayed in the exhibit, which of the

following statements is false?

You can instruct the Deep Security Agents and Appliances to

block traffic from the source IP address for a period of time.

The scan may be generated from an IP address which may be

known to you. If so, the source IP address can be added to the
reconnaissance whitelist.
You can create a firewall rule to permanently block traffic from the
originating IP address.

The Intrusion Prevention Protection Modules must be enabled to

detect reconnaissance scans.

28 A collection of servers protected by Deep Security do not have Internet

access. How can Smart Scan be used on these computers.

12 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Smart Scan can be configured to use a local pattern file containing

the same information as the Smart Protection Network.
Install a Smart Protection Server in the environment and set it as
the source for File Reputation information.
Smart Scan must contact the Smart Protection Network to
function. Any servers without Internet access will be unable to use
Smart Scan.
Promote one of the Deep Security Agents on the air gapped
computers to become a Relay.

29 The details for an event are displayed in the exhibit. Based on these
details, which Protection Module generated the event?

Log Inspection

Firewall
Integrity Monitoring

Intrusion Prevention

30 While viewing the details of the Firewall Protection Module, as displayed

in the exhibit, you note that a few rules have already been assigned.
You try to disable these rules, but they can not be unassigned. Why can
the displayed rules not be unassigned?

13 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The rules displayed in the exhibit have been assigned to the policy
at the parent level. Rules assigned to a parent policy can not be
unassigned at the child level.

The rules displayed in the exhibit can not be unassigned as the

administrator currently logged into the Deep Security Manager Web
console does not have the permissions necessary to unassign rules.
The rules displayed in the exhibit were assigned to the policy
automatically when a Recommendation Scan was run. Rules assigned
through a Recommendation Scan can not be disabled once assigned.
The rules displayed in the exhibit have been hard-coded with the
details of the policy. These rules will automatically be assigned to all
Firewall policies that are created and can not be unassigned.

31 The Intrusion Prevention Protection Module is enabled, its Behavior is

set to Prevent and rules are assigned. When viewing the events, you
notice that one of Intrusion Prevention rules is being triggered and an
event is being logged but the traffic is not being blocked. What is a
possible reason for this?

The default Prevention Behavior in this particular rule may be set

to Detect. This logs the triggering of the rule, but does not actually
enforce the block.

The Deep Security Agent is experiencing a system problem and is

not processing packets since the "Network Engine System Failure"
mode is set to "Fail Open".

The network engine is running in Inline mode. In Inline mode,

Deep Security provides no protection beyond a record of events.

The Intrusion Prevention rule is being triggered as a result of the

packet sanity check failing and the packet is being allowed to pass.

32 What is the default priority assigned to Firewall rules using the Allow
action?

14 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Firewall rules using the Allow action can be assigned a priority

between 1 and 3.
Firewall rules using the Allow action always have a priority of 0.

Firewall rules using the Allow action always have a priority of 4.

Firewall rules using the Allow action can be assigned a priority

between 0 and 4.

33 The Intrusion Prevention Protection Module is enabled, but the traffic it

is trying to analyze is encrypted through https. How is it possible for the
Intrusion Prevention Protection Module to monitor this encrypted traffic
against the assigned rules?

It is possible to monitor the https traffic by creating an SSL

Configuration. Creating a new SSL Configuration will make the key
information needed to decrypt the traffic available to the Deep Security
Agent.
The Intrusion Prevention Protection Module can only analyze https
traffic originating from other servers hosting a Deep Security Agent.
The Intrusion Prevention Protection Module is not able to analyze
encrypted https traffic.

The Intrusion Prevention Protection Module can analyze https

traffic if the public certificate of the originating server is imported into
the certificate store on the Deep Security Agent computer.

34 The Overrides settings for a computer are displayed in the exhibit.

Which of the following statements is true regarding the displayed
configuration?

15 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The Protection Modules identified as Inherited in the exhibit have

not yet been configured. Only the Web Reputation and Application
Control Protection Modules have been configured.

The Web Reputation and Application Control Protection Modules

have been assigned a different policy that the other Protection
Modules and as a result, are displayed with overrides.

The Protection Modules identified as Inherited in the exhibit have

not yet been enabled. Only the Web Reputation and Application
Control Protection Modules have been enabled at this point.

The configuration for the Protection Modules is inherited from the

policy assigned to this computer, except for the configuration of the
Web Reputation and Application Control Protection Modules which
have been set at the computer level.

35 Which of the following statements is false regarding the Log Inspection

Protection Module?

Custom Log Inspections rules can be created using the Open

Source Security (OSSEC) standard.

Deep Security Manager collects Log Inspection Events from Deep

Security Agents at every heartbeat.

The Log Inspection Protection Module is supported in both agent-

based and agentless environments.

Scan for Recommendations identifies Log Inspection rules that

Deep Security should implement.

36 New servers are added to the Computers list in Deep Security Manager
Web config by running a Discover operation. What behavior can you
expect for newly discovered computers?

Any servers within the IP address range that are hosting Deep
Security Agents will be added to the Computers list and will be
automatically activated.

Any servers discovered in the selected Active Directory branch

hosting a Deep Security Agent will be added to the Computers list.
Any servers within the IP address range will be added to the
Computers list, regardless of whether they are hosting a Deep Security
Agent or not.

Any servers within the IP address range hosting a Deep Security

Agent will be added to the Computers list.

37 Which Protection Modules can make use of a locally installed Smart

Protection Server?

16 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

The Anti-Malware and Web Reputation Protection Modules can

make use of the locally installed Smart Protection Server.
The Anti-Malware, Web Reputation and Intrusion Prevention
Protection Modules can make use of the locally installed Smart
Protection Server.
All Protection Modules can make use of the locally installed Smart
Protection Server.
Anti-Malware is the only Protection Modules that can use the
locally installed Smart Protection Server.

38 Recommendation scans can detect applications and/or vulnerabilities on

servers on the network. Which of the following Protection Modules make
use of Recommendation scans?

Intrusion Prevention, Firewall, Integrity Monitoring and Log

Inspection

Log Inspection, Application Control, and Intrusion Prevention

Intrusion Prevention, Integrity Monitoring, and Log Inspection

Firewall, Application Control, and Integrity Monitoring

39 Which of the following statements is true regarding Maintenance Mode

in the Application Control protection Module?

Maintenance Mode can be configured as a Scheduled Event. In

this scenario, all software upgrades will be performed at the same time
every day to avoid creating Alerts for normal software updates.

When enabled, Maintenance Mode rescans the protected

computer to rebuild the software inventory. Any new or changed
software will be included in this rebuilt inventory.
While in Maintenance Mode, all Block and Allow rules are ignored
while new or updated applications are added to the software inventory.
When in Maintenance Mode, the Application Control Protection
Module will continue to block software identified in Block rules, but will
allow new and changed applications to be added to the software
inventory.

40 Where does Deep Security Manager store the credentials it uses to

access the database?

17 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

In the database.properties file

In the dsm.properties file

In the Windows Registry

In the logging.properties file

41 The details for an event are displayed in the exhibit. Based on these
details, which Protection Module generated the event?

Web Reputation
Integrity Monitoring

Intrusion Prevention
Firewall

42 Which of the following statements is true regarding Deep Security

Manager-to-database communication?

18 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

Deep Security Manager-to-database traffic is encrypted by default,

but can be disabled by modifying settings in the dsm.properties file.
Deep Security Manager-to-database traffic is encrypted by default
but can be disabled by modifying settings in the db.properties file.
Deep Security Manager-to-database traffic is not encrypted by
default, but can be enabled by modifying settings in the dsm.properties
file.
Deep Security Manager-to-database traffic is not encrypted by
default, but can be enabled by modifying settings in the ssl.properties
file.

43 The maximum disk space limit for the Identified Files folder is reached.
What is the expected Deep Security Agent behavior in this scenario?

Deep Security Agents will delete the oldest files in this folder until
20% of the allocated space is available.

Deep Security Agents will delete any files that have been in the
folder for more than 60 days.

Any existing files are in the folder are compressed and forwarded
to Deep Security Manager to free up disk space.

Files will no longer be able to be quarantined. Any new files due to

be quarantined will be deleted instead.

44 Which of the following correctly identifies the order of the steps used by
the Web Reputation Protection Module to determine if access to a web
site should be allowed?

19 of 20 27/06/2019 19:46
 https://success.trendmicro.com/LMS/apex/lmsilt__quiz?Id=a9C0B00...

1. Checks the Approved list. 2. Checks the Deny list. 3. Checks

the cache. 4. If not found in any of the above, retrieves the credibility
score from the Rating Server. 5. Evaluates the credibility score against
the Security Level to determine if access to the web site should be
allowed.
1. Checks the cache. 2. Checks the Deny list. 3. Checks the
Approved list. 4. If not found in any of the above, retrieves the
credibility score from Rating Server. 5. Evaluates the credibility score
against the Security Level to determine if access to the web site
should be allowed.

1. Checks the cache. 2. Checks the Approved list. 3. Checks the

Deny list. 4. If not found in any of the above, retrieves the credibility
score from the Rating Server. 5. Evaluates the credibility score against
the Security Level to determine if access to the web site should be
allowed.
1. Checks the Deny list. 2. Checks the Approved list. 3. Checks
the cache. 4. If not found in any of the above, retrieves the credibility
score from Rating Server. 5. Evaluates the credibility score against the
Security Level to determine if access to the web site should be
allowed.

45 How can you prevent a file from being scanned for malware ?

Edit the "Scan Exclusions" section of the dsa.properties

configuration file on the Deep Security Agent computer to include the
file name. Save the configuration file and restart the Deep Security
Agent service.

Enable "File Types scanned by IntelliScan" in the Malware Scan

Configuration properties in the Deep Security Manager Web console.
Click "Scan All Except" and type the filename to exclude from the
scan.
Add the file to the Exclusions list in the "Allowed
Spyware/Grayware Configuration".
Add the file to the Exclusions list in the Malware Scan
Configuration.

OK

20 of 20 27/06/2019 19:46