Cloud Security 1.0 v6.0

Page:    1 / 7   
Exam contains 91 questions

Which virtualization integration solution provides the ability to schedule automated scans for reporting on virtual image platform states as well as perform vulnerability scans of critical virtual assets?

  • A. Symantec Control Compliance Suite and VMware vCenter
  • B. Symantec Managed Security Services and VMware vShield Edge
  • C. Symantec Critical Systems Protection and VMware vSphere
  • D. Symantec Security Information Manager and VMware vShield Log Collector


Answer : A

Which two features are most useful for efficiently protecting virtual endpoints in a cloud environment when deploying Symantec Endpoint Protection? (Select two.)

  • A. virtual client tagging
  • B. virtual image exception
  • C. management platform firewall
  • D. virtual gateway
  • E. image encryption


Answer : A,B

A company's operations staff is concerned about managing public cloud assets. Their primary concern is being notified in the Network Operation Center of key operating system events. Which Symantec agent can be deployed to cloud assets for this purpose?

  • A. Data Loss Prevention
  • B. Endpoint Protection
  • C. Control Compliance Suite
  • D. Critical Systems Protection


Answer : D

A company wants to ensure that assets in an IaaS hybrid deployment are protected from malware attacks. Symantec Endpoint Protection has been selected to protect the public assets. The Symantec Endpoint Protection Management servers will remain in the private cloud, but there is concern about network performance for content distribution. Which
Symantec Endpoint Protection resource can be placed in the public cloud to alleviate performance concerns?

  • A. Shared Insight Cache
  • B. Replication server
  • C. Notification server
  • D. Group Update Providers


Answer : D

Which technology should an IT professional use to reduce the effective attack surface of a cloud-based server?

  • A. Symantec Control Compliance Suite
  • B. Symantec Data Loss Prevention
  • C. Symantec Validation and Identify Protection
  • D. Symantec Critical Systems Protection


Answer : D

A company is considering several different cloud deployment models. The company needs the ability to rapidly provision computing capabilities and services (such as server time, network storage, and access) without requiring human interaction. How is this cloud service characteristic categorized?

  • A. broad network access
  • B. measured service
  • C. resource pooling
  • D. on-demand self-service


Answer : D

A customer is considering moving to an on-premise private cloud deployment from a physical infrastructure. Which business goal will be achieved by moving to this type of deployment?

  • A. transferred risk to the service provider
  • B. lowupfrontcost
  • C. increased network performance
  • D. sustained infrastructure control


Answer : D

A company has deployed its web infrastructure in a public cloud and its email infrastructure in a private cloud. The company needs to deploy hosted data loss prevention detection servers to monitor web and email traffic. What is the certificate requirement for hosted data loss prevention detection servers?

  • A. A unique certificate is needed for each hosted detection server in the public cloud only.
  • B. A unique certificate is needed for each hosted detection server in the private cloud only.
  • C. A unique certificate is needed for each hosted detection server in both public and private clouds.
  • D. A unique certificate is needed for only one hosted detection server in both public and private clouds.


Answer : C

A file server is placed in a hosted network to allow files to be exchanged between employees located on or off the corporate network. All files placed on the file server must be encrypted to ensure confidentiality, and the PGP Desktop has been installed on all client systems to help facilitate the encryption requirement. Which encryption step must be taken in this situation?

  • A. encrypt the file server with PGP Whole Disk Encryption
  • B. configure the file server's network shares as PGP Virtual Disks
  • C. create a PGP Netshare with a membership of Everyone
  • D. use the PGP command line to access the file server


Answer : C

An enterprise deploys PGP in a Virtual Desktop Infrastructure (VDI) to protect data from wrongful exposure as a result of VM theft. Which two cryptographic functions of PGP
Desktop address these concerns? (Select two.)

  • A. registry encryption
  • B. dynamic-link library encryption
  • C. hard disk encryption
  • D. data loss protection
  • E. secure file deletion


Answer : C,E

A Symantec O 3 administrator needs to define a policy that allows sales employees to access sales SaaS applications but prevents them from accessing accounting SaaS applications. User identities must be verified with the company LDAP server. Which O 3 component can be used to author this policy?

  • A. Intelligence Center
  • B. ID-link client
  • C. Gateway
  • D. IWA connector


Answer : A

An enterprise is managing their employee and partner user identities in separate directories. They distribute and manage corporate laptop and mobile devices for all of their employees. For the federated company HR cloud portal, they want to restrict access to PC- based systems only and require two-factor authentication. Which SAML application configuration will an IT professional implement in O 3 to effectively control access to this cloud application?

  • A. LDAP authentication and an access policy based on identity attributes stored in the employee directory and the type of device used for access
  • B. VIP authentication and an access policy based on identity attributes stored in the partner directory and the type of device used for access
  • C. LDAP authentication and an access policy based on the end-user location in the respective user store and the type of device used for access
  • D. VIP authentication and an access policy based on the end-user location in the respective user store and the type of device used for access


Answer : D

A company is examining its cloud information security and access control policies. After a cloud security assessment, the company decides to use a cloud service access broker. It will act as an integrated policy decision point and policy enforcement point. Which component of Symantec O 3 can support this requirement?

  • A. Intelligence Center
  • B. ID-link client
  • C. Gateway
  • D. IWA connector


Answer : C

An organization plans to deploy O 3 to protect both sensitive internal and public cloud web applications. What is the correct policy-authoring workflow the IT professional has to design in order to control access to these applications?

  • A. define at Symantec hosted O Intelligence Center, then publish to a Symantec hosted O Gateway
  • B. define at Symantec hosted O Intelligence Center, then publish to a customer hosted O Gateway
  • C. define at customer hosted O Intelligence Center, then publish to a customer hosted O Gateway
  • D. define at customer hosted O Intelligence Center, then publish to a Symantec hosted O Gateway


Answer : B

An enterprise customer is planning to host Symantec O 3 Gateway on premise. The company wants user passwords visible only to their identity provider. Which user store will provide this functionality?

  • A. Enterprise LDAP
  • B. HR RDBMS
  • C. OpenID
  • D. Corporate AD


Answer : C

Page:    1 / 7   
Exam contains 91 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.