Deep-Security-Professional Questions and Answers

Deep Security Relays distribute load to the Deep Security Manager nodes in a high-availability implementation.

Deep Security Relays forward policy details to Deep Security Agents and Virtual Ap-pliances immediately after changes to the policy are applied.

Deep Security Relays maintain the caches of policies applied to Deep Security Agents on protected computers to improve performance.

Deep Security Relays are responsible for retrieving security and software updates and distributing them to Deep Security Manager, Agents and Virtual Appliances.

The Intrusion Prevention Protection Module blocks or allows traffic based on header information within data packets.

The Intrusion Prevention Protection Module analyzes the payload within incoming and outgoing data packets to identify content that can signal an attack.

The Intrusion Prevention Protection Module can identify changes applied to protected objects, such as the Hosts file, or the Windows Registry.

The Intrusion Prevention Protection Module can prevent applications from executing, allowing an organization to block unallowed software.

All traffic is permitted through the firewall until either a Deny or Allow rule is assigned.

A collection of default rules will automatically be assigned when the Firewall Protection Module is enabled.

All traffic is blocked by the firewall until an Allow rule is assigned.

All traffic is passed through the Firewall using a Bypass rule

Intrusion Prevention rules can block unrecognized software from executing.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

Intrusion Prevention rules can detect or block traffic associated with specific applica-tions, such as Skype or file-sharing utilities.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.

While in Maintenance Mode, all Block and Allow rules are ignored while new or updated applications are added to the software inventory

When in Maintenance Mode, the Application Control Protection Module will continue to block software identified in Block rules, but will allow new and changed applications to be added to the software inventory.

When enabled, Maintenance Mode rescans the protected computer to rebuild the soft-ware inventory. Any new or changed software will be included in this rebuilt inventory.

Maintenance Mode can be configured as a Scheduled Event. In this scenario, all soft-ware upgrades will be performed at the same time every day to avoid creating Alerts for normal software updates.

Both 32-bit and 64-bit Deep Security Agents can be promoted to a Deep Security Relay.

Deep Security Agents promoted to Deep Security Relays no longer provide the security capabilities enabled by the Protection Modules.

Deep Security Relays are able to process Deep Security Agent requests during updates.

Deep Security Agents communicate with Deep Security Relays to obtain security up-dates.

A Reset operation generates Event information that can be used to troubleshoot Agent-to -Manager communication issues.

A Reset operation forces an update to the Deep Security Agent software installed on a managed computer.

A Reset operation forces the Deep Security Agent service to restart on the managed computer.

A Reset operation wipes out any Deep Security Agent settings, including its relationship with Deep Security Manager.