Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Symantec 250-441 - Administration of Symantec Advanced Threat Protection 3.0

Symantec 250-441 Premium Access     Download Demo    
Page: 2 / 3
Total 96 questions

In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?

A.

The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.

B.

The Incident Response team is reviewing detections in the risk logs and assigning a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

C.

The Incident Response team completed their analysis of the threat and added it to a blacklist.

D.

The Incident Response team is analyzing the file to determine if it is a threat or a false positive.

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

Which step should the Incident Response team incorporate into their plan of action?

A.

Perform a healthcheck of ATP

B.

Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

C.

Use ATP to isolate non-SEP protected computers to a remediation VLAN

D.

Rejoin the endpoints back to the network after completing a final virus scan

What is the minimum amount of RAM required for a virtual deployment of the ATP Manager in a production environment?

A.

48 GB

B.

64 GB

C.

16 GB

D.

32GB

What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

A.

Reputation-based security

B.

Event correlation

C.

Network detection component

D.

Detonation/sandbox

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

A.

Capture

B.

Incursion

C.

Discovery

D.

Exfiltration

Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?

A.

Temporarily disconnects the local network from the Internet.

B.

Create an Access Control List at the router to deny traffic.

C.

Analyze traffic using wire shark protocol analyzer to identify the source of the infection.

D.

Create a DNS a sinkhole server to block malicious traffic.

E.

Isolate computers so they are NOT compromised by infested computers.

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

A.

Use the isolation command in ATP to move endpoint to quarantine network.

B.

Blacklist suspicious domain in the ATP manager.

C.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

D.

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

E.

traffic to the domain.

F.

Run a full system scan on all endpoints

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.

Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

A.

Report the users to their manager for unauthorized usage of company resources

B.

Blacklist the domains and IP associated with the malicious traffic

C.

Isolate the endpoints

D.

Blacklist the endpoints

E.

Find and blacklist the P2P client application

Which policies are required for the quarantine feature of ATP to work?

A.

Firewall Policy and Host Integrity Policy

B.

Quarantine Policy and Firewall Policy

C.

Host Integrity Policy and Quarantine Policy

D.

Quarantine and Intrusion Prevention Policy

Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)

A.

Analyze suspicious code with Cynic

B.

Email the files to Symantec Technical Support

C.

Double-click to open the files

D.

Diagnose the files as a threat based on the file names

E.

Submit the files to Security Response