Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam Questions and Answers

Questions 4

Which Protection Modules can make use of a locally installed Smart Protection Server?

Options:

The Anti-Malware and Web Reputation Protection Modules can make use of the locally installed Smart Protection Server.

All Protection Modules can make use of the locally installed Smart Protection Server

Anti-Malware is the only Protection Modules that can use the locally installed Smart Protection Server.

The Anti-Malware, Web Reputation and Intrusion Prevention Protection Modules can make use of the locally installed Smart Protection Server.

Buy Now

Answer:

Explanation:

Only the Anti-Malware and Web Reputation modules are designed to interact with a Smart Protection Server for real-time threat lookups. The other modules do not leverage the Smart Protection Server.

From the official documentation:

“Smart Protection Server provides global threat intelligence lookups to the Anti-Malware and Web Reputation modules. Other modules do not use Smart Protection Server.”

[References:, , Trend Micro Smart Protection Server Administrator’s Guide, , Trend Micro Deep Security Administrator's Guide: Smart Protection Server IntegrationQUESTION NO: 16, Which of the following statements is false regarding Firewall rules using the Bypass action?, A. Applying a Firewall rule using the Bypass action to traffic in one direction automatically applies the same action to traffic in the other direction., B. Firewall rules using the Bypass action do not generate log events., C. Firewall rules using the Bypass action allow incoming traffic to skip both Firewall and Intrusion Prevention analysis., D. Firewall rules using the Bypass action can be optimized, allowing traffic to flow as effi-ciently as if a Deep Security Agent was not there., Answer: A, Explanation, Firewall rules using Bypass have the following noteworthy characteristics:, • Bypass skips both Firewall and Intrusion Prevention analysis., • Since stateful inspection is for bypassed traffic, bypassing traffic in one direction does not automatically bypass the response in the other direction. As a result firewall rules using Bypass are always created in pairs, one for incoming traffic and another for outgoing., • Firewall rules using Bypass will not be logged. This is not a configurable behavior., • Some firewall rules using Bypass are optimized, in that traffic will flow as efficiently as if the Deep Security Agent/Deep Security Virtual Appliance was not there., Explication: Study Guide - page (236), ]

Questions 5

The details for an event are displayed in the exhibit. Based on these details, which Protection Module generated the event?

Deep-Security-Professional Question 5

Options:

Firewall

Intrusion Prevention

Log Inspection

Integrity Monitoring

Buy Now

Questions 6

Which of the following statements is true regarding software inventories used as part of the Application Control Protection Module?

Options:

Disable the Application Control Protection Module when installing software upgrades, otherwise, the new software will be prevented from installing.

An administrator can view the list of allowed software in the inventory from the Details tab for each individual Computer.

An administrator can share the inventory of allowed software with other computers protected by Deep Security Agents, by copying the inventory database file (ac.db) from the source computer.

When an administrator allows software that would be otherwise blocked by the Enforcement Mode, it isn't added to the inventory of approved software. Instead, it is added to that computer's whitelist.

Buy Now

Questions 7

Multiple Application Control Events are being displayed in Deep Security after a series of application updates and the administrator would like to reset Application Control. How can this be done?

Options:

On the Deep Security Agent computer, type the following command to reset Application Control: dsa_control -r

Click "Clear All" on the Actions tab in the Deep Security Manager Web console to reset the list of Application Control events.

Application Control can be reset by disabling the Protection Module, then enabling it once again. This will cause local rulesets to be rebuilt.

Application Control can not be reset.

Buy Now

Questions 8

How can you prevent a file from being scanned for malware?

Options:

Enable "File Types scanned by IntelliScan" in the Malware Scan Configuration prop-erties in the Deep Security Manager Web console. Click "Scan All Except" and type the filename to exclude from the scan.

Edit the "Scan Exclusions" section of the dsa.properties configuration file on the Deep Security Agent computer to include the file name. Save the configuration file and restart the Deep Security Agent service.

Add the file to the Exclusions list in the Malware Scan Configuration.

Add the file to the Exclusions list in the "Allowed Spyware/Grayware Configuration".

Buy Now

Questions 9

The Intrusion Prevention Protection Module is enabled, its Behavior is set to Prevent and rules are assigned. When viewing the events, you notice that one of Intrusion Prevention rules is being triggered and an event is being logged but the traffic is not being blocked. What is a possible reason for this?

Options:

The Deep Security Agent is experiencing a system problem and is not processing packets since the "Network Engine System Failure" mode is set to "Fail Open".

The network engine is running in Inline mode. In Inline mode, Deep Security provides no protection beyond a record of events.

The Intrusion Prevention rule is being triggered as a result of the packet sanity check failing and the packet is being allowed to pass.

The default Prevention Behavior in this particular rule may be set to Detect. This logs the triggering of the rule, but does not actually enforce the block.

Buy Now

Questions 10

What is the purpose of the override.properties file?

Options:

This file is used to transfer policy settings from one installation of Deep Security Man-ager to another

This file allows properties to be tested on Deep Security Manager without affecting the original configuration.

This file contains the original out-of-the-box configuration properties for Deep Security Manager. This file is renamed to dsm.properties upon initialization of Deep Security Manager.

This file allows Deep Security Agents to override enforced behavior by providing new policy configuration details.

Buy Now

Questions 11

Which of the following statements is true regarding the Intrusion Prevention Protection Module?

Options:

The Intrusion Prevention Protection Module blocks or allows traffic based on header information within data packets.

The Intrusion Prevention Protection Module analyzes the payload within incoming and outgoing data packets to identify content that can signal an attack.

The Intrusion Prevention Protection Module can identify changes applied to protected objects, such as the Hosts file, or the Windows Registry.

The Intrusion Prevention Protection Module can prevent applications from executing, allowing an organization to block unallowed software.

Buy Now

Questions 12

Which of the following statements is true regarding Intrusion Prevention protection?

Options:

Intrusion Prevention protection can drop malicious packets but cannot reset the connection.

Intrusion Prevention protection only works in conjunction with the Anti-Malware Protection Module.

Intrusion Prevention protection can only work on computers where a Deep Security Agent is installed; agentless protection is not supported.

Intrusion Prevention protection can drop or reset a connection.

Buy Now

Questions 13

Based on the script displayed in the exhibit, which of the following statements are correct? Select all that apply.

Deep-Security-Professional Question 13

Options:

Deep Security Agents deployed using this script will be activated against Tenant 0 in a multi-tenant environment.

This script will deploy the Deep Security Agent on a server, but will not automatically activate it.

Deep Security Agents deployed using this script are activated against a specific tenant.

Deep Security Agents deployed using this script will be assigned a specific policy when activated.

Buy Now

Questions 14

As the administrator in a multi-tenant environment, you would like to monitor the usage of security services by tenants? Which of the following are valid methods for monitoring the usage of the system by the tenants?

Options:

Generate a Chargeback report in Deep Security manager Web console.

All the choices listed here are valid.

Use the Representational State Transfer (REST) API to collect usage data from the tenants.

Monitor usage by the tenants from the Statistics tab in the tenant Properties window.

Buy Now

Questions 15

How is caching used by the Web Reputation Protection Module?

Options:

Caching is used by the Web Reputation Protection Module to temporarily store the credibility score for a Web site. The retrieved credibility score is cached in case the score for the Web site is required again for the life of the cache.

Caching is used by the Web Reputation Protection Module to temporarily store the pages that make up the Web site. The Web site is cached in case the site is visited again for the life of the cache.

Caching is used by the Web Reputation Protection Module to keep track of Web sites that are added to the Allowed list. Any sites added to the Allowed list will be accessible by protected servers regardless of their credibility score.

Caching is used by the Web Reputation Protection Module to keep track of Allowed and Blocked Web sites. Any sites that are Allowed or Blocked do not require the retrieval of a credibility score from the Trend Micro Web Reputation Service.

Buy Now

Questions 16

The maximum disk space limit for the Identified Files folder is reached. What is the expected Deep Security Agent behavior in this scenario?

Options:

Any existing files are in the folder are compressed and forwarded to Deep Security Manager to free up disk space.

Deep Security Agents will delete any files that have been in the folder for more than 60 days.

Files will no longer be able to be quarantined. Any new files due to be quarantined will be deleted instead.

Deep Security Agents will delete the oldest files in this folder until 20% of the allocated space is available.

Buy Now

Questions 17

Multi-tenancy is enabled in Deep Security and new tenants are created. Where does the new tenant data get stored when using SQL Server as the Deep Security database?

Options:

The new tenant data is added to the existing SQL Server database.

An additional table is created for each new tenant in the existing database in the SQL Server database to store its data.

An additional database is created in SQL Server for each new tenant to store its data.

An additional user is created for each new tenant in the SQL Server database to store its data.

Buy Now

Questions 18

When viewing the details for a policy, as displayed in the exhibit, you notice that the Application Control Protection Module is not available. In this example, why would this Protection Modules not be available?

Deep-Security-Professional Question 18

Options:

The Application Control Protection Module has been disabled at the Base Policy level and is not displayed in the details for child policies.

The Application Control Protection Module is only supported on Linux computers, the policy details displayed are for Windows computers only.

An Activation Code for the Application Control Protection Module has not been pro-vided. Unlicensed Protection Modules will not be displayed.

The Application Control Protection Modules has not been enabled for this tenant.

Buy Now

Questions 19

New servers are added to the Computers list in Deep Security Manager Web config by running a Discover operation. What behavior can you expect for newly discovered computers?

Options:

Any servers discovered in the selected Active Directory branch hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range hosting a Deep Security Agent will be added to the Computers list.

Any servers within the IP address range that are hosting Deep Security Agents will be added to the Computers list and will be automatically activated.

Any servers within the IP address range will be added to the Computers list, regardless of whether they are hosting a Deep Security Agent or not.

Buy Now

Answer:

Explanation:

Explanation

When you perform a Discover operation using an IP address range, Deep Security Manager scans the specified range and adds any computers that are running a Deep Security Agent to the Computers list. It does not add machines that do not have an agent installed. Discovery does not perform automatic activation unless specifically configured through a different workflow. Active Directory discovery will also only add computers that are hosting an agent.

[Reference:, Trend Micro Deep Security Administrator’s Guide, Computer Discovery SectionQUESTION NO: 16, Your VMware environment is configured without using NSX. How can Deep Security provide protection to the virtual images hosted on your ESXi servers?, A. Without NSX, a Deep Security Agent must be installed on each virtual machine hosted on the ESXi server., B. Without NSX, you will be unable to use Deep Security to protect your virtual machines., C. You can install a Deep Security Virtual Appliance on the ESXi server. This will provide agentless support for Anti-Malware, Intrusion Prevention, Integrity Monitoring, Firewall and Web Reputation., D. Without NSX, you can only enable Anti-Malware and Integrity Monitoring protection on the virtual machines. NSX is required to support Intrusion Prevention, Firewall and Web Reputation, Answer: A, Explanation, In a VMware environment without NSX, agent-based protection is required. This means that the Deep Security Agent must be installed individually on each VM to provide protection. Agentless protection via the Virtual Appliance is only available in environments integrated with NSX., , Reference:, Trend Micro Deep Security Administrator’s Guide, VMware Integration and Agent Deployment SectionQUESTION NO: 17, Which Deep Security Protection Modules can be used to provide runtime protection for the Kubernetes and Docker platforms? Select all that apply., A. Intrusion Prevention, B. Log Inspection, C. Integrity Monitoring, D. Anti-Malware, Answer: A, C D, , Explanation, Deep Security supports runtime protection for container environments (such as Kubernetes and Docker) using the following modules:, , Intrusion Prevention protects container network traffic and blocks exploits., , Integrity Monitoring monitors for unauthorized or unexpected changes in files and configuration., , Anti-Malware scans for malware within containers and images., , Log Inspection is not currently available as a runtime protection feature for containers., , Reference:, Trend Micro Deep Security Administrator’s Guide, Container Security and Runtime Protection Section, ]

Questions 20

Which of the following VMware components is not required to enable agentless protection using Deep Security.

Options:

VMware NSX

VMware ESXi

VMware vRealize

VMware vCenter

Buy Now

Questions 21

In the policy displayed in the exhibit, the state of the Web Reputation Protection Module is set to "Inherited (On)", while the state for the other Protection Module is set to "On". Why is the Web Reputation Protection Module displayed differently than the other Protection Modules.

Deep-Security-Professional Question 21

Options:

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on specifically in this child policy.

The state for a Protection Module is always displayed as "Inherited (On)" until the module components are installed on the Deep Security Agent.

In this example, the state for the Web Reputation Protection Module is inherited from the parent policy, while the other Protection Modules were turned on at the computer level.

In this example, the state for the Web Reputation Protection Module is listed as "In-herited (On)" as it was inherited from the default setting in the Base Policy.

Buy Now

Exam Code: Deep-Security-Professional

Exam Name: Trend Micro Certified Professional for Deep Security Exam

Last Update: May 18, 2026

Questions: 73

PDF + Testing Engine

$64.99 ~~$185.69~~

Testing Engine

$49.99 ~~$142.83~~

PDF (Q&A)

$54.99 ~~$157.11~~