2013年12月29日星期日

Les meilleures Symantec ST0-025 examen pratique questions et réponses

Le Pass4Test est un site qui peut offrir les facilités aux candidats et aider les candidats à réaliser leurs rêve. Si vous êtes souci de votre test Certification, Pass4Test peut vous rendre heureux. La haute précision et la grande couverture de la Q&A de Pass4Test vous aidera pendant la préparation de test. Vous n'aurez aucune raison de regretter parce que Pass4Test réalisera votre rêve.

Vous pouvez tout d'abord télécharger le démo Symantec ST0-025 gratuit dans le site Pass4Test. Une fois que vous décidez à choisir le Pass4Test, Pass4Test va faire tous efforts à vous permettre de réussir le test. Si malheureusement, vous ne passez pas le test, nous allons rendre tout votre argent.

Pass4Test a capacité d'économiser vos temps et de vous faire plus confiant à réussir le test. Vous pouvez télécharger le démo Symantec ST0-025 gratuit à connaître mieux la bonne fiabilité de Pass4Test. Nous nous font toujours confiant sur nos produits, et vous aussi dans un temps proche. La réussite de test Symantec ST0-025 n'est pas loin de vous une fois que vous choisissez le produit de Pass4Test. C'est un choix élégant pour vous faciliter à réussir le test Symantec ST0-025.

Il y a plusieurs de façons pour réussir le test Symantec ST0-025, vous pouvez travailler dur et dépenser beaucoup d'argents, ou vous pouvez travailler plus efficacement avec moins temps dépensés.

Code d'Examen: ST0-025
Nom d'Examen: Symantec (Symantec Security Information Manager 4.5 (STS))
Questions et réponses: 100 Q&As

ST0-025 Démo gratuit à télécharger: http://www.pass4test.fr/ST0-025.html

NO.1 Normalization provides a unique identifier for each type of event and _____.
A. adds Correlation Manager-specific data to the translated incident
B. adds Correlation Manager-specific data to the translated event
C. maps events to a device-specific signature
D. maps incidents to a device-specific signature
Answer: B

Symantec   ST0-025 examen   ST0-025

NO.2 Which two are commonly used to view archived events? (Choose two.)
A. Information Manager Event Viewer
B. Archive Management Console tab
C. Query Wizard
D. Incident Management Console tab
Answer: A, C

Symantec examen   ST0-025   ST0-025   certification ST0-025

NO.3 What is the purpose of normalization?
A. to minimize the number of events affecting multiple devices for the Correlation Manager to strategize
the events more quickly
B. to correlate events across multiple devices for the Correlation Manager to compare all events equally
C. to standardize events across multiple devices for the Correlation Manager to compare all events
equally
D. to process the events across multiple devices for the Correlation Manager to strategize the events
more quickly
Answer: C

Symantec   ST0-025   ST0-025

NO.4 Which Symantec Security Information Manager component retrieves security content from Symantec?
A. LiveUpdate
B. LiveUpdate and licensed DeepSight Integration Module simultaneously
C. Licensed DeepSight Integration Module
D. Security content retrieval is automatic.
Answer: C

certification Symantec   ST0-025   ST0-025   ST0-025   ST0-025 examen

NO.5 What are on-box collectors?
A. PIX, UNIX Syslog and Sygate
B. Checkpoint, Snort and PIX
C. PIX, Snort and Symantec Mail Security
D. Checkpoint, UNIX Syslog and Symantec Network Security
Answer: B

Symantec   ST0-025 examen   ST0-025 examen   certification ST0-025

NO.6 What information does the Correlation Manager use to identify and prioritize incidents?
A. DeepSight
B. event history
C. incident
D. assets
Answer: D

Symantec   ST0-025 examen   ST0-025 examen   certification ST0-025

NO.7 What are two ways in which new entries can be added to the Assets Table of a Symantec Security
Information Manager solution? (Choose two.)
A. through the Lookup Tables pane of the Information Manager Console
B .importing from HP OpenView through the OpenView Integration feature
C. importing from a .CSV file exported from Active Directory
D. automatic population through a supported vulnerability scanner
Answer: C, D

certification Symantec   ST0-025 examen   certification ST0-025   ST0-025

NO.8 Which menu options do you select in the user interface to shut down or reboot the Symantec Security
Information Manager (SSIM) appliance?
A. System --> Shutdown/Restart
B. SSIM Console --> Shutdown/Restart
C. SSIM --> Configure Appliance --> Shutdown/Restart
D. SSIM Console --> Systems tab
Answer: C

certification Symantec   ST0-025   ST0-025 examen

NO.9 Which three ratings does the Information Manager Assets Table use to quantify the importance of the
device and help determine how to escalate security incidents related to that device? (Choose three.)
A. Confidentiality
B. Criticality
C. Availability
D. Priority
E. Integrity
Answer: A, C, E

Symantec   ST0-025 examen   certification ST0-025   ST0-025

NO.10 In Symantec Security Information Manager, collectors send events to _____.
A. Event Disposition
B. Event Archive
C. Event Reporting
D. Event Logger
Answer: D

Symantec   ST0-025   certification ST0-025   certification ST0-025   ST0-025

NO.11 Once custom rules are properly defined, the Correlation Engine _____.
A. correlates events against the rule criteria, analyzes conclusions and creates impending incidents
B. analyzes events against the rule criteria, correlates with existing conclusions and creates the
impending incident
C. analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents
D. applies individual rules to events, analyzes conclusions and correlates events into incidents
Answer: C

Symantec   ST0-025   certification ST0-025   ST0-025 examen   ST0-025

NO.12 By default, event archives are stored for up to _____ days.
A. 10
B. 30
C. 60
D. 90
Answer: A

certification Symantec   ST0-025   certification ST0-025   ST0-025 examen

NO.13 When querying archived event data, how can you make a query available to other users of the system?
A. save it in Published Queries
B. save it in Public Templates
C. grant Read Query permission to the domain
D. check the Shared option on the saved query
Answer: A

certification Symantec   ST0-025   ST0-025 examen   ST0-025

NO.14 Events that are filtered out remain stored in the ______.
A. Event Logger
B. Incident Repository
C. Event Archive
D. Incident History
Answer: D

Symantec   certification ST0-025   ST0-025   ST0-025 examen

NO.15 Security data is continuously gathered from thousands of security sensors worldwide through the
integrated _____.
A. Symantec Security Information Manager
B. DeepSight Global Intelligence Network
C. Symantec Enterprise Security Manager
D. Symantec Sygate Solution
Answer: B

Symantec examen   certification ST0-025   ST0-025 examen   certification ST0-025   ST0-025

NO.16 How can you determine which ports are potentially vulnerable on a given host in the Assets Table?
A. by running the NetScan user action on the asset
B. by looking at the Services tab on the asset
C. by viewing the Details tab for the asset
D. by running the Host Information report on the asset
Answer: B

certification Symantec   ST0-025   ST0-025   ST0-025

NO.17 How do you install the Symantec Security Information Manager (SSIM) Console?
A. on the SSIM DVD, go to Tools and install the client
B. go to the SSIM web interface, download the client and click Run
C. from the SSIM appliance, deploy the console to your machine
D. No installation is necessary because SSIM is a browser-based tool.
Answer: B

Symantec   ST0-025   ST0-025   ST0-025 examen   ST0-025 examen

NO.18 Where do you configure LiveUpdate for Symantec Security Information Manager (SSIM)?
A. SSIM Start Page --> Configure Appliance --> LiveUpdate tab
B. SSIM Console --> Systems tab --> LiveUpdate tab
C. from a command prompt
D. SSIM Client --> Maintenance tab --> LiveUpdate tab
Answer: A

certification Symantec   ST0-025 examen   ST0-025 examen   certification ST0-025

NO.19 What is Device-level aggregation?
A. parsing data with data sensors
B. grouping data to reduce traffic and database size
C. forwarding event data to the appliance
D. event and log sensoring
Answer: B

Symantec examen   ST0-025   ST0-025 examen

NO.20 What is the correct Symantec Security Information Manager incident identification pipeline?
A. collection --> normalization --> rule processing --> attack tracing --> correlation to vulnerabilities -->
incident prioritization
B. normalization --> collection --> rule processing --> attack tracing --> correlation to vulnerabilities -->
incident prioritization
C. rule processing --> normalization --> collection --> attack tracing --> correlation to vulnerabilities -->
incident prioritization
D. attack tracing --> rule processing --> normalization --> collection --> correlation to vulnerabilities -->
incident prioritization
Answer: A

Symantec   ST0-025   ST0-025   ST0-025 examen   ST0-025 examen

Le test certification Symantec ST0-025 est une bonne preuve de connaissances professionnelles et la techniques. Dans l'Industrie IT, beaucoiup de humains ressource font l'accent de lesquels certificats que les volontiers obtiennent. C'est clairement que le certificat Symantec ST0-025 puisse augmenter la compétition dans ce marché.

没有评论:

发表评论