Symantec Security Information Manager 4.7 (STS) Set 7

1.

Which option in the Rules Monitors list allows for follow-up actions that are required to resolve the incident?

Monitors list Actions Properties History

2.

Which source is used by Symantec Security Information Manager to create incidents?

SANS Internet Storm Center Assets Table analyst input Correlation Rules

3.

What is the correct Symantec Security Information Manager incident identification pipeline?

collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities

normalization --> collection --> rule processing --> attack tracing --> correlation to vulnerabilities --> incidentprioritization

rule processing --> normalization --> collection --> attack tracing --> correlation to vulnerabilities --> incidentprioritization

attack tracing --> rule processing --> normalization --> collection --> correlation to vulnerabilities --> incidentprioritization

4.

What is the purpose of normalization?

to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the
events more quickly to correlate events across multiple devices for the Correlation Manager to compare all events equally to standardize events across multiple devices for the Correlation Manager to compare all events equally to process the events across multiple devices for the Correlation Manager to strategize the events morequickly

5.

What is the unique identifier that normalization provides for each type of event?

adds Correlation Manager-specific data to the translated incident adds Correlation Manager-specific data to the translated event maps events to a device-specific signature maps incidents to a device-specific signature

6.

When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the installed on the SSIM, how can the inserted events be processed?

correlate events filter events isolate events send the events to SSIM internal compiler

7.

What information does the Correlation Manager use to identify and prioritize incidents?

DeepSight event history incident assets

8.

What does the Correlation Manager component of Symantec Security Information Manager perform in real- time?

correlation, aggregation, filtering, and incident creation correlation, asset table analysis, event creation, and user input correlation, agitation, filtering, and incident management correlation, aggregation, asset table analysis, filtering, event and incident creation

9.

What can the Correlation Manager identify in network based events?

attacks based on firewall patterns worms that penetrate UNIX-only operating systems viruses that permeate SNMP and SMTP traffic OS failed user login attempts

10.

If a filtering rule is matched, the event is discarded from what component?

collector agent aggregation correlation

Symantec Security Information Manager 4.7 (STS) Set 7

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

Symantec Security Information Manager 4.7 (STS) Set 7

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner