Pre-Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Symantec 250-587 - Symantec Data Loss Prevention 16.x Administration Technical Specialist

Symantec 250-587 Premium Access     Download Demo    
Page: 2 / 3
Total 100 questions

What detection method utilizes Data Identifiers?

A.

Indexed Document matching (IDM)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Exact Data Matching (EDM)

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

A.

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.

Modify the agent config.db to include the file

C.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.

Modify the agent configuration and select the option “retain Original Files”

Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

A.

An absence of a trained incident response team

B.

A disgruntled employee for a job with a competitor

C.

Merger and Acquisition activities

D.

Lack of training and awareness

E.

Broken business processes

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

A.

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.

Double-check that the correct device ID or class has been entered for each device

C.

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password.

What should the administrator do to work around the password problem?

A.

Apply a new global agent uninstall password in the Enforce management console.

B.

Manually delete all the Endpoint agent files from the test computer and install a new agent package.

C.

Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server

D.

Use the UninstallPwdGenerator to create an UninstallPasswordKey.

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.

When does the DLP agent stop scanning?

A.

When the agent sends a report within the “Scan Idle Timeout” period

B.

When the endpoint computer is rebooted and the agent is started

C.

When the agent is unable to send a status report within the “Scan Idle Timeout” period

D.

When the agent sends a report immediately after the “Scan Idle Timeout” period

What detection technology supports partial contents matching?

A.

Indexed Document Matching (IDM)

B.

Described Content Matching (DCM)

C.

Exact Data Matching (DCM)

D.

Optical Character Recognition (OCR)

Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

A.

Network Discover

B.

Cloud Service for Email

C.

Endpoint Prevent

D.

Network Protect

What detection technology supports partial row matching?

A.

Vector Machine Learning (VML)

B.

Indexed Document Matching (IDM)

C.

described Content Matching (EDM)

D.

Exact data Matching (EDM)

Which network Prevent action takes place when the network Incident list shows the message is “Modified”?

A.

Remove attachments from an email

B.

Obfuscate text in the body of an email

C.

Add one or more SMTP headers to an email

D.

Modify content from the body of an email