Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Symantec 250-441 - Administration of Symantec Advanced Threat Protection 3.0

Symantec 250-441 Premium Access     Download Demo    
Page: 1 / 3
Total 96 questions

Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details

page? (Choose two.)

A.

Affected Endpoints

B.

Dashboard

C.

Incident Graph

D.

Events View

E.

Actions Bar

Which action should an Incident Responder take to remediate false positives, according to Symantec best

practices?

A.

Blacklist

B.

Whitelist

C.

Delete file

D.

Submit file to Cynic

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A.

Capture

B.

Incursion

C.

Discovery

D.

Exfiltration

An organization is considering an ATP: Endpoint and Network deployment with multiple appliances.

Which form factor will be the most effective in terms of performance and costs?

A.

Virtual for management, physical for the network scanners and ATP: Endpoint

B.

Physical for management and ATP: Endpoint, virtual for the network scanners

C.

Virtual for management and ATP: Endpoint, physical for the network scanners

D.

Virtual for management, ATP: Endpoint, and the network scanners

Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?

A.

To have a copy of the file policy enforcement

B.

To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)

C.

To create custom IPS signatures

D.

To document and preserve any pieces of evidence associated with the incident

What is the role of Vantage within the Advanced Threat Protection (ATP) solution?

A.

Network detection component

B.

Event correlation

C.

Reputation-based security

D.

Detonation/sandbox

Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?

A.

ATP: Email

B.

ATP: Endpoint

C.

ATP: Network

D.

ATP: Roaming

What does a Quarantine Firewall policy enable an ATP Administrator to do?

A.

Isolate a computer while it is manually being remediated

B.

Submit files to a Central Quarantine server

C.

Filter all traffic leaving the network

D.

Intercept all traffic entering the network

What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?

A.

It allows for Microsoft Incident Responders to assist in remediation

B.

ATP can access the database using a log collector on the SEPM host

C.

It allows for Symantec Incident Responders to assist in remediation

D.

ATP can access the database without any special host system requirements

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

A.

Does the organization need to do a healthcheck in the environment?

B.

Are certain endpoints being repeatedly attacked?

C.

Is the organization being attacked by this external entity repeatedly?

D.

Do ports need to be blocked or opened on the firewall?

E.

Does a risk assessment need to happen in the environment?