Summer Sale - Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia
  1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441
  5. Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

250-441 Sample Questions Answers

Questions 4

Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?

Options:

A.

To have a copy of the file policy enforcement

B.

To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)

C.

To create custom IPS signatures

D.

To document and preserve any pieces of evidence associated with the incident

Buy Now
Questions 5

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

Options:

A.

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

B.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

C.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

D.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Buy Now
Questions 6

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.

Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

Options:

A.

Report the users to their manager for unauthorized usage of company resources

B.

Blacklist the domains and IP associated with the malicious traffic

C.

Isolate the endpoints

D.

Blacklist the endpoints

E.

Find and blacklist the P2P client application

Buy Now
Questions 7

Which action should an Incident Responder take to remediate false positives, according to Symantec best

practices?

Options:

A.

Blacklist

B.

Whitelist

C.

Delete file

D.

Submit file to Cynic

Buy Now
Questions 8

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.

Which approach allows the customer to meet this need?

Options:

A.

Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic

B.

Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

C.

Use the ATP console to check whether the MD5 hash triggers a detection from Cynic

D.

Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic

Buy Now
Questions 9

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an

endpoint?

Options:

A.

System Lockdown

B.

Intrusion Prevention System

C.

Firewall

D.

SONAR

Buy Now
Questions 10

An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants

to use operators in the expression.

Which tokens accept one or more of the available operators when building an expression?

Options:

A.

All tokens

B.

Domainname, Filename, and Filehash

C.

Filename, Filehash, and Registry

D.

Domainname and Filename only

Buy Now
Questions 11

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)

web services?

Options:

A.

8446

B.

8081

C.

8014

D.

1433

Buy Now
Questions 12

What is the second stage of an Advanced Persistent Threat (APT) attack?

Options:

A.

Exfiltration

B.

Incursion

C.

Discovery

D.

Capture

Buy Now
Questions 13

Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?

Options:

A.

Recover

B.

Protect

C.

Respond

D.

Identify

Buy Now
Questions 14

How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?

Options:

A.

Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP

B.

Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain

C.

Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain

D.

Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain

Buy Now
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Apr 16, 2024
Questions: 96
$72  $159.99
$54  $119.99
$45  $99.99
buy now 250-441