Deck 3: Administration of Symantec Data Loss Prevention 12 (Broadcom)

A) Content categories
B) Threat risk levels
C) All of these
D) Geolocation

A) Premium Edition
B) MACH5 edition
C) SWG Edition
D) Proxy Edition

A) The time-to-live for credentials
B) The protocol used to communicate with the authentication service
C) The challenge type and the accepted surrogate
D) Whether the credentials will be encrypted

A) They are uploaded in real time to the backup upload destination configured in the Management Console
B) None of these answers
C) They are stored locally until the connection is re-established, and then they are uploaded
D) They are discarded

A) Sysinfo
B) Health checks
C) Event log
D) SNMP

A) Reporter
B) PacketShaper
C) Content Analysis
D) Management Center

A) On clients' mobile devices
B) On a properly licensed ProxySG
C) At several data centers around the world
D) At third-party data centers

A) When a client request is first received
B) When the client sends an NTLM type 2 message to ProxySG
C) When IWA authentication fails
D) When the client sends an NTLM type 3 message to the ProxySG

A) It uses less encryption
B) None of these answers
C) Only two round trips are required between the browser and an authentication server
D) It works with later versions of Microsoft Windows

A) When the final rule on the layer is reached
B) When two rules match
C) When a later rule contradicts an earlier rule
D) The first rule in the layer that matches

A) Username and password are base-64 encoded
B) No session identifier is required
C) No cookies are required
D) No other credentials are compatible with HTTPS

A) Unix
B) VxWorks
C) pSOS
D) None of these answers
E) Windows

A) Presents a security risk
B) Less accurate than HTTP content type detection
C) None of these answers
D) Most resource-intensive

A) ProxySG SGOS version
B) Proxy type to use to process traffic
C) Attributes
D) Policy

A) The IP address of the origin content server
B) A hostname that the user agent can DNS-resolve to an IP address
C) None of these answers
D) The IP address of the ProxySG

A) Time
B) Source
C) Destination
D) Service
E) Action

A) bcreportermain_v1
B) main
C) elf
D) http

A) A miss against the trigger in that rule
B) Neither a miss nor a match
C) A default policy of Deny
D) A match against the trigger in that rule

A) In the Visual Policy Manager
B) You cannot do this
C) In the Management Console
D) In Content Policy Language

A) None of these answers
B) Inline XXX
C) Explicit
D) Transparent

A) Firewalls and proxies
B) Cloud application APIs
C) CloudSOC gateway
D) Manual uploads

A) Checking the HTTP content type (or MIME type)
B) Performing an anti-virus scan
C) Detecting apparent data type
D) Checking the file extension

A) Open a serial connection, and use the CLI command restore-defaults factory-defaults
B) Use the appliance reset button, if available on this model
C) Use the front panel buttons and screen, if available on this model, to reset the password
D) Press Control + ALT + DEL

A) An edge device
B) A man-in-the-middle
C) A Layer 3 switch
D) A router

A) Heartbeats
B) Maintenance > System Tools
C) Statistics > Sessions > Active Sessions
D) Advanced statistics

A) Edit the size of emulated certificates
B) Deny wildcard certificates
C) Enable DHE
D) Reduce the number of emulated certificates

A) No policy can be applied
B) Only the default policy can be applied
C) The traffic is blocked
D) An exception message is displayed to the user

A) When you need to establish more than one Schannel to increase performance
B) When the ProxySG cannot directly use APIs that require traditional operating systems
C) When more than one ProxySG are deployed
D) When Basic credentials are used

A) Port 443
B) Enable ADN
C) Early Intercept
D) Detect Protocol

A) Information relevant to the connection between the client and the server
B) DNS query
C) ICAP version number
D) Cipher suite

A) On the server side
B) On the client side

A) Asynchronous adaptive refresh
B) Popularity contest
C) Pipelining
D) Cost-based deletion

A) On the authentication server
B) In the ProxySG authentication cache
C) In a cookie in the user's web browser

A) Yes
B) No

A) They would not be able to authenticate to the ProxySG
B) The ProxySG does not need to use surrogate credentials to authenticate users who use transparent proxy connections
C) They would have to reauthenticate for each domain that they access

A) Local policy file
B) Central policy file
C) VPM-XML file
D) VPM-CPL file

A) Go to Configuration > Network
B) This information is not visible from the Management Console
C) The serial number is contained in the Management Console home link at top.
D) Go to Statistics > Advanced

A) Explicit proxy
B) In every connection type
C) Inline
D) Transparent

A) Source IP address
B) Port range
C) Destination IP address
D) Proxy type

A) Protect
B) Audit
C) Detect
D) Investigate

A) File transfer
B) Access enforcement
C) ThreatScore based
D) Data exposure

A) Data
B) Compliance
C) Business
D) Access

A) To restrict the direct sharing of documents from cloud applications based both on their content and the characteristics of the user.
B) To prevent users from sharing documents, either publicly, externally, or internally.
C) To notify an administrator when activities, such as objects being modified, are performed in a cloud application.
D) To restrict the uploading and downloading of documents from the user's computer to the cloud application, based both on the content of the documents, and the characteristics of the user.

A) Public, external, and internal
B) Public, confidential, and company confidential
C) Public, semi-private, and private
D) Public, confidential, and private

A) Sanction
B) Monitor
C) Block
D) Substitute

A) Securlets
B) Gatelets
C) Audit
D) Investigate

A) Audit
B) Securlets
C) Detect
D) Investigate

A) Behavior based
B) Threshold based
C) Sequence based
D) Threats based

A) Detect, Protect, and Investigate
B) Detect and Investigate
C) Detect
D) Detect and Securlets

A) Protect and Investigate
B) Protect, Investigate, and Securlets
C) Protect and Audit
D) Protect and Securlets

A) Detect
B) Protect
C) Investigate
D) Audit

A) Access monitoring
B) File transfer
C) Data exposure
D) Access enforcement

A) Detect
B) Investigate
C) Audit
D) Securlet

A) Create an access enforcement policy and block access to the file
B) Create a file transfer policy and block the download of the file
C) Create a file sharing policy and block the sharing of the file
D) Create an access monitoring policy and monitor the usage of the file

A) Access Monitoring policy
B) ThreatScore based policy
C) Access enforcement policy
D) None of the above

A) Notify the owner when an email is sent
B) Send a ticket when a user with a ThreatScore higher than 80 performs an invalid login
C) Notify the admin when a folder is deleted by a user with a ThreatScore higher than 80
D) Create a ticket when a user with a ThreatScore higher than 80 sends an email

A) Single Sign On (SSO)
B) Block the application
C) Role based access
D) Biometric access

A) Intrusion Detection System/Intrusion Protection System (IDS/IPS)
B) Cloud Access Security Broker (CASB)
C) Web application firewalls
D) Proxies

A) Access monitoring
B) File transfer
C) File sharing
D) Access enforcement

A) To notify an administrator when activities, such as objects being modified, are performed in a cloud application.
B) To restrict the direct sharing of documents from cloud applications based both on their content and the characteristics of the user.
C) To prevent users from sharing documents, either publically, externally, or internally.
D) To restrict the uploading and downloading of documents from the user's computer to the cloud application, based both on the content of the documents and the characteristics of the user.

A) Exposure level
B) Exposed files
C) Exposed content
D) Exposure summary

A) Threshold based, download/upload based, threats based, and sequence based
B) Threshold based, behavior based, and sequence based
C) Threshold based, behavior based, download/upload based, and access control based
D) Threshold based, behavior based, malware based, and sequence based

A) Sanction
B) Monitor
C) Block
D) Review

A) Detect
B) Investigate
C) Audit
D) Protect

A) Risk Rating
B) Business Readiness Rating (BRR)
C) Incident Index
D) ThreatScore

A) Detect, Protect, Investigate, and Securlets
B) Audit
C) Detect, Protect, and Investigate
D) Investigate and Securlets

A) Phishing, Data Security, Threat Protection
B) Cloud Visibility, Data Security, Threat Protection
C) Cloud Visibility, Data Security, Web Scanning
D) Phishing, Cloud Visibility, Threat Protection

A) File sharing policy
B) File transfer policy
C) Access monitoring policy
D) Data exposure policy

A) Informational
B) Service
C) Administrative
D) Data

A) Audit
B) Detect
C) Protect
D) Investigate

A) Investigate
B) Securlets
C) Audit
D) Detect

A) Protect
B) Investigate
C) Detect
D) Audit

A) SpanVA
B) ProxySG
C) The Reach agent
D) SCP/SFTP

A) Data
B) Informational
C) Administrative
D) Business

A) Content types
B) Custom dictionaries
C) Keywords
D) Risk types

A) Accept, Reject, Block
B) Accept, Monitor, Block
C) Valid, Invalid, In Process
D) Sanction, Monitor, Block

A) Custom dictionaries
B) Training profiles
C) Risk types
D) Content types

A) Detect, Protect, and Investigate
B) Detect, Protect, Investigate, and Securlets
C) Audit and Investigate
D) Audit

A) To notify an administrator when activities, such as objects being modified, are performed in a cloud application.
B) To restrict the direct sharing of documents from cloud applications based both on their content and the characteristics of the user.
C) To restrict the uploading and downloading of documents from the user's computer to the cloud application, based both on the content of the documents, and the characteristics of the user.
D) To restrict user access to cloud applications not based on content, but based on the user's characteristics, such as devices and locations.