CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Symantec 250-441 Dumps

Page: 1 / 4
Total 96 questions
Get 250-441 Full Access Download 250-441 PDF

Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Question 1

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.

Which approach allows the customer to meet this need?

Options:

A.

Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic

B.

Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

C.

Use the ATP console to check whether the MD5 hash triggers a detection from Cynic

D.

Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic

Question 2

Which access credentials does an ARP Administrator need to set up a deployment of ATP: Endpoint , Network and Email?

Options:

A.

Email security. Cloud credential for email correlation, credential for the Symantec Endpoint Protection Manager (SEPM) database, and System Administrator logging for the SEPM.

B.

Active Directory logging to the Symantec endpoint Protection Manager (SEPM) database and an Email Security. Cloud login with full access

C.

Symantec Endpoint protection Manager (SEPM) login and ATP: Email login with service permissions

D.

Credentials for the Symantec Endpoint protection Manager (SEPM) database, and an administrator loging or Symantec Messaging Gateway

Question 3

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

Options:

A.

Use the isolation command in ATP to move endpoint to quarantine network.

B.

Blacklist suspicious domain in the ATP manager.

C.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

D.

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

E.

traffic to the domain.

F.

Run a full system scan on all endpoints

Question 4

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

Options:

A.

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

B.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

C.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

D.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Question 5

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

Options:

A.

Capture

B.

Incursion

C.

Discovery

D.

Exfiltration

Question 6

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

Options:

A.

Does the organization need to do a healthcheck in the environment?

B.

Are certain endpoints being repeatedly attacked?

C.

Is the organization being attacked by this external entity repeatedly?

D.

Do ports need to be blocked or opened on the firewall?

E.

Does a risk assessment need to happen in the environment?

Question 7

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

Options:

A.

Discovery

B.

Capture

C.

Exfiltration

D.

Incursion

Question 8

What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?

Options:

A.

It allows for Microsoft Incident Responders to assist in remediation

B.

ATP can access the database using a log collector on the SEPM host

C.

It allows for Symantec Incident Responders to assist in remediation

D.

ATP can access the database without any special host system requirements

Question 9

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network

to deliver targeted malware?

Options:

A.

Incursion

B.

Discovery

C.

Capture

D.

Exfiltration

Question 10

An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the

responder sees the results for 90 endpoints.

What is a possible reason for the search only returning results for 90 of 100 endpoints?

Options:

A.

The search expired after one hour

B.

10 endpoints are offline

C.

The search returned 0 results on 10 endpoints

D.

10 endpoints restarted and cancelled the search

Question 11

Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email

detections?

Options:

A.

Email Security.cloud

B.

Web security.cloud

C.

Skeptic

D.

Symantec Messaging Gateway

Question 12

Which best practice does Symantec recommend with the Endpoint Detection and Response feature?

Options:

A.

Create a unique Cynic account to provide to ATP

B.

Create a unique Symantec Messaging Gateway account to provide to ATP

C.

Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP

D.

Create a unique Email Security.cloud portal account to provide to ATP

Question 13

How does an attacker use a zero-day vulnerability during the Incursion phase?

Options:

A.

To perform a SQL injection on an internal server

B.

To extract sensitive information from the target

C.

To perform network discovery on the target

D.

To deliver malicious code that breaches the target

Question 14

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

Options:

A.

The responder needs to analyze with Cynic

B.

The responder needs to isolate it from the network

C.

The responder needs to write firewall rules

D.

The responder needs to add the file to a whitelist

Page: 1 / 4
Total 96 questions
Get 250-441 Full Access Download 250-441 PDF