Pre-Summer Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia
  1. Home
  2. Symantec
  3. Data Loss Prevention
  4. 250-587
  5. Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

250-587 Sample Questions Answers

Questions 4

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

Options:

A.

Block

B.

User Cancel

C.

Encrypt

D.

Notify

Buy Now
Questions 5

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

Options:

A.

Network Discover

B.

Endpoint Prevent

C.

Network Prevent for Email

D.

Endpoint Discover

E.

Information Centric Analytics

Buy Now
Questions 6

Which channel does Endpoint Prevent protect using Device Control?

Options:

A.

Bluetooth

B.

USB storage

C.

CD/DVD

D.

Network card

Buy Now
Questions 7

Which two (2) detection technology options run ONLY on detection servers and NOT on endpoint agents? (Choose two.)

Options:

A.

Indexed Document Matching (IDM)

B.

Vector Machine Learning (VML)

C.

Described Content Matching (DCM)

D.

Exact Data Matching (EDM)

E.

Form Recognition

Buy Now
Questions 8

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.

When does the DLP agent stop scanning?

Options:

A.

When the agent sends a report within the “Scan Idle Timeout” period

B.

When the endpoint computer is rebooted and the agent is started

C.

When the agent is unable to send a status report within the “Scan Idle Timeout” period

D.

When the agent sends a report immediately after the “Scan Idle Timeout” period

Buy Now
Questions 9

What is required on the Enforce server to communicate with the Symantec DLP database?

Options:

A.

Port 8082 should be opened

B.

CryptoMasterKey.properties file

C.

Symbolic links to .dbf files

D.

SQL*plus Client

Buy Now
Questions 10

A company needs to implement Data Owner Exception so that incidents when employees send or receive their own personal information.

What detection method should the company use?

Options:

A.

Indexed Document Matching (IDM)

B.

Vector Machine Learning (VML)

C.

Exact data matching (EDM)

D.

Described Content matching (DCM)

Buy Now
Questions 11

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.

To specify Wi-Fi SSID names

B.

To specify an IP address or range

C.

To specify the endpoint server

D.

To specify domain names

E.

To specify network card status (ON/OFF)

Buy Now
Questions 12

Why is it important for an administrator to utilize the grid scan feature?

Options:

A.

To distribute the scan workload across multiple network discover servers

B.

To distribute the scan workload across the cloud servers

C.

To distribute the scan workload across multiple endpoint servers

D.

To distribute the scan workload across multiple detection servers

Buy Now
Questions 13

Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?

Options:

A.

Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.

B.

Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.

C.

Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.

D.

Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.

Buy Now
Questions 14

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

Options:

A.

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.

Modify the agent config.db to include the file

C.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.

Modify the agent configuration and select the option “retain Original Files”

Buy Now
Questions 15

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.

What are the processes missing from the Server Detail page display?

Options:

A.

The Display Process Control setting on the Advanced Settings page is disabled.

B.

The Advanced Process Control setting on the System Settings page is deselected.

C.

The detection server Display Control Process option is disabled on the Server Detail page.

D.

The detection server PacketCapture process is displayed on the Server Overview page.

Buy Now
Questions 16

Which of the following actions can you implement ONLY as a Smart Response rule (and not as an automates response rule)?

Options:

A.

All: Limit Incident Data Retention

B.

Network Protect: SharePoint Release From Quarantine

C.

All: Set Attribute

D.

All: Add Note

Buy Now
Questions 17

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.

Which detection method should the organization use to meet this requirement?

Options:

A.

Exact data Matching (EDM)

B.

Indexed Document matching (IDM)

C.

Described Content Matching (DCM)

D.

Vector Machine Learning (VML)

Buy Now
Questions 18

Which two (2) detection technology options run on the DLP agent? (Choose two.)

Options:

A.

Indexed Document Matching (IDM)

B.

Directory Group Matching (DGM)

C.

Described Content Matching (DCM)

D.

Optical Character Recognition (OCR)

E.

Form Recognition

Buy Now
Questions 19

Which Network Prevent action has taken place when a Network incident snapshot indicates the message has been “Modified”?

Options:

A.

Modify content from the body of an email

B.

Add one or more SMTP headers to an email

C.

Obfuscate text in the body of an email

D.

Remove attachments from an email

Buy Now
Questions 20

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

A.

Install the Oracle database on one host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

C.

Install the Oracle database and a detection server on the same host, and install the Enforce server on a second host.

D.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Buy Now
Questions 21

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

Options:

A.

sysadmin\username

B.

sysadmin\username@domain

C.

domain\username

D.

username\sysadmin

Buy Now
Questions 22

What detection method utilizes Data Identifiers?

Options:

A.

Indexed Document matching (IDM)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Exact Data Matching (EDM)

Buy Now
Questions 23

Which two (2) detection servers are available as virtual appliances? (Choose two.)

Options:

A.

Network Prevent for Email

B.

Network Monitor

C.

Network Discover

D.

Network Prevent for Web

E.

Optical Character Recognition (OCR)

Buy Now
Questions 24

Which option is an accurate use case for Information Centric Encryption (ICE)?

Options:

A.

The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.

B.

The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.

C.

The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.

D.

The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Buy Now
Questions 25

Which detection method depends on “training sets”?

Options:

A.

Form Recognition

B.

Vector Machine Learning (VML)

C.

Index Document Matching (IDM)

D.

Exact Data Matching (IDM)

Buy Now
Questions 26

Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

Options:

A.

There is insufficient disk space on the Network Monitor server.

B.

The Network Monitor server’s certificate is corrupt or missing.

C.

The Network Monitor server’s license file has expired.

D.

The Enforce and Network Monitor servers are running different versions of DLP.

Buy Now
Questions 27

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

A.

Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

C.

Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

D.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Buy Now
Questions 28

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Options:

A.

The OCR engine must be installed on detection server other than the Enforce server.

B.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

C.

The OCR engine must be directly on the Enforce server.

D.

The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Buy Now
Questions 29

How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitored by Application File Access Control?

Options:

A.

Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

B.

Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.

C.

Add a “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.

D.

Add “custom_app.exe” as a filename exception to the Endpoint Prevent policy.

Buy Now
Questions 30

What are two (2) reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.

To specify the endpoint server

B.

To specify an IP address or range

C.

To specify network card status (ON/OFF)

D.

To specify domain names

E.

To specify Wi-Fi SSID names

Buy Now
Exam Code: 250-587
Exam Name: Symantec Data Loss Prevention 16.x Administration Technical Specialist
Last Update: May 16, 2026
Questions: 100
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now 250-587