dumpspedia logo
An Incident Responder discovers an incident where all systems are infected with a file that has the same name and different hash. As a result, the organism view has multiple entries for the malicious file.
What is causing this issue?
Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)
web services?
What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?
A network control point discovered a botnet phone-home attempt in the network stream.
Which detection method identified the event?
Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.
What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?
Which final steps should an Incident Responder take before using ATP to rejoin a remediated endpoint to the network, according to Symantec best practices?
Which action should an Incident Responder take to remediate false positives, according to Symantec best
practices?
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
What is the role of Vantage within the Advanced Threat Protection (ATP) solution?
During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.
Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?
Which access credentials does an ARP Administrator need to set up a deployment of ATP: Endpoint , Network and Email?
Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP
manager.
Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)
An Incident Responder wants to use a STIX file to run an indicate of components (IOC) search.
Which format must the administrator use for the file?
ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?
How can an Incident Responder generate events for a site that was identified as malicious but has NOT
triggered any events or incidents in ATP?
A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to
implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.
Why does the company need more than one ATP manager?
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an
incident for an After Actions Report?
An ATP administrator is setting up correlation with Email Security cloud.
What is the minimum Email Security cloud account privilege required?
Which endpoint detection method allows for information about triggered processes to be displayed in ATP?
What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?
An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the
responder sees the results for 90 endpoints.
What is a possible reason for the search only returning results for 90 of 100 endpoints?
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?
TESTED 20 May 2024
