Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Symantec 250-441 - Administration of Symantec Advanced Threat Protection 3.0

Symantec 250-441 Premium Access     Download Demo    
Page: 3 / 3
Total 96 questions

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

A.

Discovery

B.

Capture

C.

Exfiltration

D.

Incursion

Which endpoint detection method allows for information about triggered processes to be displayed in ATP?

A.

SONAR

B.

Insight

C.

System Lockdown

D.

Antivirus

An organization has five (5) shops with a few endpoints and a large warehouse where 98% of all computers are located. The shops are connected to the warehouse using leased lines and access internet through the warehouse network.

How should the organization deploy the network scanners to observe all inbound and outbound traffic based on Symantec best practices for Inline mode?

A.

Deploy a virtual network scanner at each shop

B.

Deploy a virtual network scanner at the warehouse and a virtual network scanner at each shop

C.

Deploy a physical network scanner at each shop

D.

Deploy a physical network scanner at the warehouse gateway

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

A.

Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

B.

Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

C.

Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

D.

Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose

two.)

A.

Database version

B.

Database IP address

C.

Database domain name

D.

Database hostname

E.

Database name

Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?

A.

Reports

B.

Settings

C.

Action Manager

D.

Policies

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an

incident for an After Actions Report?

A.

It ensures that the Incident is resolved, and the responder can clean up the infection.

B.

It ensures that the Incident is resolved, and the responder can determine the best remediation method.

C.

It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the

environment.

D.

It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

Which threat is an example of an Advanced Persistent Threat (APT)?

A.

Loyphish

B.

Aurora

C.

ZeroAccess

D.

Michelangelo