Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

A.

Email the App Control Admin

B.

Request an Override

C.

Install the application

D.

Wait for the Application Drift process to complete

Full Access
Question # 5

Which term or expression is utilized when adversaries leverage existing tools in the environment?

A.

opportunistic attack

B.

file-less attack

C.

script kiddies

D.

living off the land

Full Access
Question # 6

An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

A.

Email the App Control Admin

B.

Request an Override

C.

Install the application

D.

Wait for the Application Drift process to complete

Full Access
Question # 7

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

A.

IPv6 Tunneling

B.

IPS

C.

Firewall

D.

VPN

Full Access
Question # 8

An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.

Which action should the administrator take to ensure that the desired setting is in place for the client?

A.

Restart the client system

B.

Run a command on the computer to Update Content

C.

Enable the padlock next to the setting in the policy

D.

Withdraw the Virus and Spyware Protection policy

Full Access
Question # 9

Which Discover and Deploy process requires the LocalAccountTokenFilterPolicy value to be added to the Windows registry of endpoints, before the process begins?

A.

Push Enrollment

B.

Auto Discovery

C.

Push Discovery

D.

Device Enrollment

Full Access
Question # 10

Which option should an administrator utilize to temporarily or permanently block a file?

A.

Delete

B.

Hide

C.

Encrypt

D.

Deny List

Full Access
Question # 11

How would an administrator specify which remote consoles and servers have access to the management server?

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Full Access
Question # 12

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

A.

Risk log

B.

Computer Status report

C.

Notifications

D.

Infected and At-Risk Computers report

Full Access
Question # 13

What must be entered before downloading a file from ICDm?

A.

Name

B.

Password

C.

Hash

D.

Date

Full Access
Question # 14

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

A.

Change the custom signature order

B.

Create a Custom Intrusion Prevention Signature library

C.

Define signature variables

D.

Enable signature logging

Full Access
Question # 15

Which technology can prevent an unknown executable from being downloaded through a browser session?

A.

Intrusion Prevention

B.

Insight

C.

Application Control

D.

Advanced Machine Learning

Full Access
Question # 16

Which type of event does operation:1indicate in a SEDR database search?

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Full Access
Question # 17

What Threat Defense for Active Directory feature disables a process's ability to spawn another process, overwrite a part of memory, run recon commands, or communicate to the network?

A.

Process Mitigation

B.

Process Protection

C.

Memory Analysis

D.

Threat Monitoring

Full Access
Question # 18

Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?

A.

Host(s), Network Interface, and Network Service

B.

Application, Host(s), and Network Service

C.

Action, Hosts(s), and Schedule

D.

Action, Application, and Schedule

Full Access
Question # 19

Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

A.

Another scan is in progress.

B.

The detected file is in use.

C.

There are insufficient file permissions.

D.

The file is marked for deletion by Windows on restart.

E.

The file has good reputation.

Full Access
Question # 20

An organization recently experienced an outbreak and is conducting a health check of the environment. What Protection Technology can the SEP team enable to control and monitor the behavior of applications?

A.

Host Integrity

B.

System Lockdown

C.

Application Control

D.

Behavior Monitoring (SONAR)

Full Access
Question # 21

What should an administrator utilize to identify devices on a Mac?

A.

UseDevViewerwhen the Device is connected.

B.

Use Devicelnfo when the Device is connected.

C.

UseDevice Managerwhen the Device is connected.

D.

UseGatherSymantecInfowhen the Device is connected.

Full Access
Question # 22

Which rule types should be at the bottom of the list when an administrator adds device control rules?

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Full Access
Question # 23

What is the result of disjointed telemetry collection methods used within an organization?

A.

Investigators lack granular visibility

B.

Back of orchestration across controls

C.

False positives are seen

D.

Attacks continue to spread during investigation

Full Access
Question # 24

Which two (2) criteria are used by Symantec Insight to evaluate binary executables? (Select two.)

A.

Sensitivity

B.

Prevalence

C.

Confidentiality

D.

Content

E.

Age

Full Access
Question # 25

Using a hybrid environment, if a SEPM-managed endpoint cannot connect to the SEPM, how quickly can an administrator receive a security alert if the endpoint is using a public hot-spot?

A.

After a VPN is activated with Network Integrity

B.

When the client connects to SEPM

C.

At the next heartbeat

D.

Immediately

Full Access
Question # 26

What is the maximum number of SEPMs a single Management Platform is able to connect to?

A.

50

B.

10

C.

5,000

D.

500

Full Access
Question # 27

Files are blocked by hash in the deny list policy. Which algorithm is supported, in addition to MD5?

A.

SHA2

B.

SHA256

C.

SHA256 "salted"

D.

MD5 "Salted"

Full Access
Question # 28

Which type of security threat is used by attackers to exploit vulnerable applications?

A.

Lateral Movement

B.

Privilege Escalation

C.

Credential Access

D.

Command and Control

Full Access
Question # 29

What does a ranged query return or exclude?

A.

Data matching the exact field names and their values

B.

Data matching a regular expression

C.

Data falling between two specified values of a given field

D.

Data based on specific values for a given field

Full Access
Question # 30

What happens when an administrator adds a file to the deny list?

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Full Access
Question # 31

Which Endpoint Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

A.

Device Discovery

B.

Endpoint Enrollment

C.

Discover and Deploy

D.

Discover Endpoints

Full Access
Question # 32

A file has been identified as malicious.

Which feature of SEDR allows an administrator to manually block a specific file hash?

A.

Playbooks

B.

Quarantine

C.

Allow List

D.

Block List

Full Access
Question # 33

Which type of communication is blocked, when isolating the endpoint by clicking on the isolate button in SEDR?

A.

All non-SEP and non-SEDR network communications

B.

All network communications

C.

Only SEP and SEDR network communications

D.

Only Web and UNC network communications

Full Access
Question # 34

What happens when an administrator adds a file to the deny list?

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Full Access
Question # 35

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

A.

Add a Single Risk Event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

B.

Add a Client security alert notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

C.

Add a System event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

D.

Add a New risk detected notification and specify "Left Alone" for the action taken. Choose to log the notification and send an emailto the system administrators.

Full Access
Question # 36

Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

A.

Searching the EDR database and multiple data sources directly

B.

Viewing PowerShell processes

C.

Detecting Memory Exploits in conjunction with SEP

D.

Detonating suspicious files using cloud-based or on-premises sandboxing

Full Access
Question # 37

What feature is used to get a comprehensive picture of infected endpoint activity?

A.

Entity View

B.

Process View

C.

Full Dump

D.

Endpoint Dump

Full Access
Question # 38

Which alert rule category includes events that are generated about the cloud console?

A.

Security

B.

System

C.

Diagnostic

D.

Application Activity

Full Access
Question # 39

What permissions does the Security Analyst Role have?

A.

Trigger dumps, get & quarantine files, enroll new sites

B.

Search endpoints, trigger dumps, get & quarantine files

C.

Trigger dumps, get & quarantine files, create device groups

D.

Search endpoints, trigger dumps, create policies

Full Access
Question # 40

An organization is considering a single site for their Symantec Endpoint Protection environment. What are two (2) reasons that the organization should consider? (Select two)

A.

Organizational merger

B.

Sufficient WAN bandwidth

C.

Delay-free, centralized reporting

D.

24x7 admin availability

E.

E.Legal constraints

Full Access
Question # 41

Which security control is complementary to IPS, providing a second layer of protection against network attacks?

A.

Host Integrity

B.

Network Protection

C.

Antimalware

D.

Firewall

Full Access
Question # 42

How are Insight results stored?

A.

Encrypted on the Symantec Endpoint Protection Manager

B.

Unencrypted on the Symantec Endpoint Protection Manager

C.

Encrypted on the Symantec Endpoint Protection client

D.

Unencrypted on the Symantec Endpoint Protection client

Full Access
Question # 43

Which rule types should be at the bottom of the list when an administrator adds device control rules?

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Full Access
Question # 44

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Full Access
Question # 45

Which type of security threat continues to threaten endpoint security after a system reboot?

A.

file-less

B.

memory attack

C.

script

D.

Rootkit

Full Access