2B0-102Enterasys Security Systems Engineer-Defense.Version 1.0

QUESTION NO: 1Which of the following Dragon Agents sends notifications when the sensors detect an event thatmatch a rule?A. Real Time ConsoleB. MD5 SumC. Alarm ToolD. DatabaseAnswer: CQUESTION NO: 2Which of the following techniques is not a viable way for a Device Support Module (DSM) toreceive event data?A. OPSECB. SSHC. SYSLOGD. SNMP V3 InformAnswer: BQUESTION NO: 3Dynamic Collection controlsA. The number of packets to analyzeB. The number of times to execute the signature in a flowC. The number of follow on packets to capture for forensicsD. The number of bytes to search for a matchAnswer: CQUESTION NO: 4Network policies and signatures are associated with the?A. Managed nodeB. Network sensorC. Virtual sensorD. AgentAnswer: CQUESTION NO: 5Traffic direction refers to traffic flows in relation to the

A. ServerB. Protected networkC. ClientD. DMZAnswer: BQUESTION NO: 6The virtual sensor name?A. Must match the license nameB. Is included in all events reported by the virtual sensorC. Must include the node nameD. Applies only to the device viewAnswer: BQUESTION NO: 7In a signature the service direction refers toA. PortsB. NetworksC. VLANSD. ProtocolsAnswer: AQUESTION NO: 8When using the Report Wizard within the Dragon Security Command Console all but one of thefollowing formats can be chosen for output?A. HTMLB. DOCC. RTFD. PDFAnswer: BQUESTION NO: 9The net-config-client.xml file is associated with?A. The Enterprise Management Server (EMS)B. Managed node clientC. Enterprise Management Server (EMS) Management ClientD. Reporting server

Answer: BQUESTION NO: 10The license key file for Dragon Security Command Console must be?A. pulled automatically from the Dragon EMS Server in the /usr/dragon/policymgr/keys directoryB. manually copied to each of the remote Behavioral Flow Sensors before flows are collectedC. must be carefully entered into the license field of the Dragon Administration Console becauseit is tied to the hostname of the server and may have an extra carriage return at the end of thefileD. None of the aboveAnswer: DQUESTION NO: 11In a standalone deployment the system will have?A. A net-config-client.xml fileB. A net-config-server.xml fileC. A net-config-server.xml and a net-con fig-client.xml fileD. A net-config-server.xml, a net-con fig-client.xml and a net-config-reports.xml fileAnswer: CQUESTION NO: 12Narrowing the timeframe displayed in any Network Surveillance graph can be accomplished by?A. selecting an alternative value of time (measured in minutes) within the Select Time fieldpositioned just below the right hand side of each network graphB. altering the time displayed in the WEB Browsers URL field for the particular network graphbeing displayedC. placing the mouse cursor on the lower portion of the network graph at the center of a newwindow in time and then performing a single left clickD. Both A and CAnswer: DQUESTION NO: 13Which of the following is NOT a possible response to a rule match within the Custom Rule Editor?A. Set the severity, credibility, and relevance of the event to a desired valueB. Save the event as a building blockC. Ensure the detected event is part of an offenseD. Dispatch a new event

Answer: BQUESTION NO: 14The host sensor nameA. Must match the license keyB. Is for display purposes onlyC. Is included in events generated by the sensorD. Must include the managed node nameAnswer: CQUESTION NO: 15Dpmmwctl controls what?A. Remote sensor processesB. The connections that make up the configuration channelC. The connections that make up the Event channelD. Database updatesAnswer: BQUESTION NO: 16Virtual sensor names?A. Are included in events they generateB. Must match the sensor keyC. Must include the device nameD. Require separate keysAnswer: AQUESTION NO: 17A Bare Bones Event Flow Processor (EFP) has?A. Only event channelsB. Event channels and agentsC. Only Agents and SensorsD. Event channels and sensorsAnswer: AQUESTION NO: 18A networks sensor can have ______ virtual sensors?

A. 1B. 2C. 3D. 4Answer: DQUESTION NO: 19The Windows host sensor keyA. Is added to the /usr/keys directoryB. Is pushed from the Enterprise Management Server (EMS) when the managed node isdeployedC. Is installed manually on the Windows systemD. Is pushed from the Enterprise Management Server (EMS) when the sensor is deployedAnswer: CQUESTION NO: 20Signature OSA. Applies signature to network traffic originating from the specified OSB. Is used for writing Host signaturesC. Applies signature to network traffic destined for from the specified OSD. Applies signature to network traffic between hosts running the specified OSAnswer: BQUESTION NO: 21Dragonctl is used to?A. Start, stop and monitor the dragon processes on the remote nodeB. Write log filesC. Monitor the Ring BufferD. Maintain configuration channel connectionsAnswer: AQUESTION NO: 22Connection type Outbound in the net-config-client.xml file indicates?A. The server will initiate configuration channel connectionsB. The client will initiate configuration channel connectionsC. The server will initiate event channel connectionsD. The client will initiate event channel connections

Answer: BQUESTION NO: 23The Custom Rule Editor?A. is accessed from the Offense Manager TabB. is accessed from the Configuration appletC. is run as a separate programD. is accessed from the Events TabAnswer: AQUESTION NO: 24In an Event Flow Processor (EFP) the producer?A. Writes events top memoryB. Takes events off the Ring BufferC. Puts events on the Ring BufferD. Passes events to AgentsAnswer: CQUESTION NO: 25One usage for the Building Blocks within the Custom Rule Editor is to?A. provide the core rules that are used to correlate events into offensesB. provide the algorithms to normalize events from 3 rd party devicesC. provide a place to perform basic tuning of the SIM or Offense ManagerD. None of the aboveAnswer: CQUESTION NO: 26Custom Signature libraries can containA. Copies of master signatures and librariesB. Customized signaturesC. Copies of master signatures and libraries, customized signatures and customized policiesD. Copies of master signatures and libraries and customized signaturesAnswer: DQUESTION NO: 27Pivoting to Applications against a particular Network Surveillance graph?

A. can only occur at the top level or hierarchyB. is a useful way of re-displaying the same traffic in a Network view by applicationC. only functions with respect to client applicationsD. Both A and CAnswer: BQUESTION NO: 28Configuration of the SNMP Settings within the Dragon Administration Console?A. allows for SNMP V3 Informs to be sent to NetSight ASMB. allows for SNMP V3 Informs to be sent to Dragon EMS Server and NetSight ASMC. must be configured before the Offense Manager can receive events from 3rd party devicessuch as a PIX FirewallD. can be combined with the settings for OPSEC on the Checkpoint firewall to secure the eventchannel between the firewall and the Dragon Security Command ConsoleAnswer: AQUESTION NO: 29Alarm Tool filters can filter traffic based on: time (after / before ), Direction, events, IP source orDestination, protocol andA. Threat subnetB. PolicyC. SensorD. VLANAnswer: CQUESTION NO: 30External flows can be collected from infrastructure devices and forwarded to Dragon SecurityCommand Console by all but one of the following protocols?A. NetflowB. sFlowC. xfflowD. J-FlowAnswer: CQUESTION NO: 31The default minimum magnitude for displaying offenses in the Offense Manager is?A. 1B. 2

C. 3D. 4Answer: CQUESTION NO: 32The magnitude for each offense is calculated by?A. the relevance, credibility, and severity of the underlying eventsB. the normalization and prioritization process of the correlated eventsC. the vulnerability assessment for the target IP (victim) stored in the Asset ProfileD. the combined weighted value of the annotations assigned to the offenseAnswer: AQUESTION NO: 33Virtual Sensors ____________A. Must each use the same Network PolicyB. Must each use the same Signature LibraryC. Must each use the same Network policy but each one can use different Signature LibrariesD. Each one can use different Network policies and Signature LibrariesAnswer: DQUESTION NO: 34The attack category is for events thatA. Attempt to discover weaknessesB. Map the structure of the networkC. Have the potential to compromise the integrity of an end system.D. Deny access to resourcesAnswer: CQUESTION NO: 35Successful configuration and integration of Nessus with Dragon SecurityCommand Console most often involves setting of the Disable Pixmaps option to true because?A. the Nessus client has numerous plug-ins and not all of them are compatible with the DragonSecurity Command ConsoleB. enabling the Pixmaps option allows Nessus to scan multiple network maps simultaneouslyC. pixmap functionality is not a supporedt VA scanning technique with Dragon Security CommandConsole.D. the Nessus installation was installed with support for the Graphical User Interface(GUI)

Answer: DQUESTION NO: 36When a notification rule is created a __________ can be associated with it.A. SensorB. UserC. Time PeriodD. ScoreAnswer: CQUESTION NO: 37The event feed from Dragon signature based IDS is forwarded to the Dragon Security CommandConsole using the following component?A. Event ChannelB. Real-time ConsoleC. Network SensorD. Alarm ToolAnswer: DQUESTION NO: 38The Enable follow on signature check boxA. Enables dynamic packet collectionB. Enables combination signaturesC. Enables macro signaturesD. Applies signature to dynamically collected trafficAnswer: DQUESTION NO: 39Before the host Sensor can be deployed AIt must be associated with a virtual sensorA. It must be associated with a host policyB. Its key must be added to the /usr/dragon/bin directoryC. Its address must be added to /etc/hostsAnswer: AQUESTION NO: 40MD5 checksums are

A. Stored in a protected directory on the hostB. Appended to the protected fileC. Passed up the event channel to the MD5 AgentD. Stored in the /usr/dragon/bin directory on the Enterprise Management Server (EMS)Answer: CQUESTION NO: 41Thresholds can be set toA. Reduce false positivesB. Turn alarming on and offC. Limit the number of events seen by Alarm ToolD. Limit the number of sensors sending eventsAnswer: AQUESTION NO: 42The default event channel port is?A. 9111B. 9112C. 9113D. 9114Answer: BQUESTION NO: 43Virtual Sensors can segregate traffic by?A. IP Address, VLAN, PortB. IP Address, VLAN, Port, ProtocolC. IP Address, VLAN, Port, Protocol, ApplicationD. IP Address, VLAN, Port, ApplicationAnswer: BQUESTION NO: 44Right-clicking on an IP address within a Data Mine provides a menu with all but the followingoption?A. Nessus ScanB. DNS LookupC. Asset ProfileD. Port Scan

Answer: AQUESTION NO: 45Master Network LibrariesA. Cannot be directly associated with sensorsB. Cannot be directly associated with virtual sensorsC. Can be directly associated with virtual sensorsD. Can be modifiedAnswer: C