Latest Symantec 250-587 Dumps PDF Questions Answers 2025

Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

Question 1

A software company wants to protect its source code, including new source code created between scheduled indexing runs.

Which detection method should the company use to meet this requirement?

Options:

Exact Data Matching (EDM)

Described Content Matching (DCM)

Indexed Document Matching (IDM)

Vector Machine Learning (VML)

Buy Now

Question 2

Which two (2) detection servers are available as virtual appliances? (Choose two.)

Options:

Network Prevent for Email

Network Monitor

Network Discover

Network Prevent for Web

Optical Character Recognition (OCR)

Question 3

Where in the Enforce management console can a DLP administrator change the “UI.NO_SCAN.int” setting to disable the “Inspecting data” pop-up?

Options:

Advanced Server Settings from the Endpoint Server Configuration

Advanced Monitoring from the Agent Configuration

Advanced Agent Settings from the Agent Configuration

Application Monitoring from the Agent Configuration

Question 4

A DLP administrator needs to remove an agent its associated events from an Endpoint server.

Which Agent Task should the administrator perform to disable the agent’s visibility in the Enforce management console?

Options:

Delete action from the Agent health dashboard

Delete action from the Agent List page

Disable action from Symantec Management Console

Change endpoint Server action from the Agent Overview page

Question 5

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

Options:

Endpoint Prevent

Cloud Service for Email

Network Prevent for Email

Network Discover

Cloud Detection Service

Question 6

Which detection method depends on “training sets”?

Options:

Form Recognition

Vector Machine Learning (VML)

Index Document Matching (IDM)

Exact Data Matching (IDM)

Question 7

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Options:

The OCR engine must be installed on detection server other than the Enforce server.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

The OCR engine must be directly on the Enforce server.

The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Question 8

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.

What are the processes missing from the Server Detail page display?

Options:

The Display Process Control setting on the Advanced Settings page is disabled.

The Advanced Process Control setting on the System Settings page is deselected.

The detection server Display Control Process option is disabled on the Server Detail page.

The detection server PacketCapture process is displayed on the Server Overview page.

Question 9

What is one difference between Exact Data Matching (EDM) and Exact Match Data Identifiers (EMDI)?

Options:

EDM requires an index and EMDI does not.

EDM rules can be evaluated by the DLP Agent and EMDI rules cannot.

EDM is its own detection rule type and EMDI is a Data Identifier validation check.

EDM is better at detecting non-standard delimiters (in ID numbers) than EMDI.

Question 10

Why would an administrator set the Similarity Threshold to zero when testing and tuning a Vector Machine Learning (VML) profile?

Options:

To capture the matches to the Negative set

To capture the matches to the Positive set

To see the entire range of potential matches

To see the false negatives only

Question 11

A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers.

What should the administrator do to make the Network Discover option available?

Options:

Restart the Symantec DLP Controller service

Apply a new software license file from the Enforce console

Install a new Network Discover detection server

Restart the Vontu Monitor Service

Question 12

What are three features that are available for Network Discover File System High-Speed Discover (FS-HSD) scans but are NOT available for Network Discover (regular or legacy) File System scans?

Options:

Support for SMB v3, Symantec DLP REST APIs, and Internal Pause-Resume

Support for SMB v3, Symantec DLP REST APIs, and incremental scans

Symantec DLP REST APIs, incremental scans, and scan scheduling

Incremental scans, scan scheduling, and incident replication scan status

Question 13

Which two Network Discover/Cloud Storage targets apply Information Centric Encryption as policy response rules?

Options:

Microsoft Exchange

Windows File System

SQL Databases

Microsoft SharePoint

Network File System (NFS)

Question 14

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Question 15

Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

Options:

Network Discover

Cloud Service for Email

Endpoint Prevent

Network Protect

Question 16

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.

How should the administrator bring the detection servers to a running state in the Enforce management console?

Options:

Restart the Vontu Update Service on the Enforce server

Ensure the Vontu Monitor Controller service is running in the Enforce server

Delete all of the .BAD files in the Incidents folder on the Enforce server

Restart the Vontu Monitor Service on all the affected detection servers

Question 17

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

Options:

Network Discover

Endpoint Prevent

Network Prevent for Email

Endpoint Discover

Information Centric Analytics

Question 18

What detection server is used for Network Discover, Network Protect, and Cloud Storage?

Options:

Network Protect Storage Discover

Network Discover/Cloud Storage Discover

Network Prevent/Cloud Detection Service

Network Protect/Cloud Detection Service

Question 19

Where should an administrator set the debug levels for an Endpoint Agent?

Options:

Setting the log level within the Agent List

Advanced configuration within the Agent settings

Setting the log level within the Agent Overview

Advanced server settings within the Endpoint server

Question 20

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

Install the Oracle database on one host, and install the Enforce server and a detection server on a second host.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Install the Oracle database and a detection server on the same host, and install the Enforce server on a second host.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Question 21

Which two technologies should an organization utilize for integration with the Network Prevent products? (choose two.)

Options:

Network Tap

Network Firewall

Proxy Server

Mail Transfer Agent

Encryption Appliance

Question 22

What are the processes missing from the Server Detail page display?

Options:

The detection server Display Control Process option is disabled on the Server Detail page.

The Display Process Control setting on the Advanced Settings page is disabled.

The detection server PacketCapture process is displayed on the Server Overview page.

The Advanced Process Control setting on the System Settings page is deselected.

Question 23

A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger than 1MB are turning to .BAD files.

What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

Options:

A corrupted policy was deployed.

The Enforce server’s hard drive is out of space.

A detection server has excessive filereader restarts.

Tablespace is almost full.

Question 24

Which action is available for use in both Smart Response and Automated Response rules?

Options:

Log to a Syslog Server

Limit incident data retention

Modify SMTP message

Block email message

Question 25

Which network Prevent action takes place when the network Incident list shows the message is “Modified”?

Options:

Remove attachments from an email

Obfuscate text in the body of an email

Add one or more SMTP headers to an email

Modify content from the body of an email

Question 26

How do Cloud Detection Service and the Enforce server communicate with each other?

Options:

Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 8100.

Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 443.

Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 1443.

Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 443.

Question 27

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.

Which detection method should the organization use to meet this requirement?

Options:

Exact data Matching (EDM)

Indexed Document matching (IDM)

Described Content Matching (DCM)

Vector Machine Learning (VML)

Question 28

A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported.

What should the administrator do to allow incidents to be generated against this file?

Options:

Change the “Ignore requests Smaller Than” value to 1

Add the filename to the Inspect Content Type field

Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”

Uncheck trial mode under the ICAP tab

Question 29

Which statement accurately describes where Optical Character Recognition (OCR) On-Premises DLP Core components must be installed?

Options:

The OCR engine must be installed directly on the Enforce server.

The OCR engine must be installed on one or more detection servers.

The OCR server software must by installed on one or more dedicated (non-detection) Windows servers.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

Question 30

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team.

Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

Options:

select database version from < database name > ;

select * from db$version;

select * from v$version;

select db$ver from < database name > ;

Exam Detail

Vendor: Symantec

Certification: Data Loss Prevention

Exam Code: 250-587

Exam Name: Symantec Data Loss Prevention 16.x Administration Technical Specialist

Last Update: May 10, 2026

250-587 Question Answers

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Symantec 250-587 Dumps Questions Answers

Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce