Latest Symantec 250-441 Dumps PDF Questions Answers 2024

Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Question 1

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.

Which approach allows the customer to meet this need?

Options:

Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic

Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

Use the ATP console to check whether the MD5 hash triggers a detection from Cynic

Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic

Buy Now

Question 2

Which access credentials does an ARP Administrator need to set up a deployment of ATP: Endpoint , Network and Email?

Options:

Email security. Cloud credential for email correlation, credential for the Symantec Endpoint Protection Manager (SEPM) database, and System Administrator logging for the SEPM.

Active Directory logging to the Symantec endpoint Protection Manager (SEPM) database and an Email Security. Cloud login with full access

Symantec Endpoint protection Manager (SEPM) login and ATP: Email login with service permissions

Credentials for the Symantec Endpoint protection Manager (SEPM) database, and an administrator loging or Symantec Messaging Gateway

Question 3

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

Options:

Use the isolation command in ATP to move endpoint to quarantine network.

Blacklist suspicious domain in the ATP manager.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

traffic to the domain.

Run a full system scan on all endpoints

Question 4

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

Options:

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Question 5

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

Options:

Capture

Incursion

Discovery

Exfiltration

Question 6

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

Options:

Does the organization need to do a healthcheck in the environment?

Are certain endpoints being repeatedly attacked?

Is the organization being attacked by this external entity repeatedly?

Do ports need to be blocked or opened on the firewall?

Does a risk assessment need to happen in the environment?

Question 7

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

Options:

Discovery

Capture

Exfiltration

Incursion

Question 8

What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?

Options:

It allows for Microsoft Incident Responders to assist in remediation

ATP can access the database using a log collector on the SEPM host

It allows for Symantec Incident Responders to assist in remediation

ATP can access the database without any special host system requirements

Question 9

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network

to deliver targeted malware?

Options:

Incursion

Discovery

Capture

Exfiltration

Question 10

An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the

responder sees the results for 90 endpoints.

What is a possible reason for the search only returning results for 90 of 100 endpoints?

Options:

The search expired after one hour

10 endpoints are offline

The search returned 0 results on 10 endpoints

10 endpoints restarted and cancelled the search

Question 11

Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email

detections?

Options:

Email Security.cloud

Web security.cloud

Skeptic

Symantec Messaging Gateway

Question 12

Which best practice does Symantec recommend with the Endpoint Detection and Response feature?

Options:

Create a unique Cynic account to provide to ATP

Create a unique Symantec Messaging Gateway account to provide to ATP

Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP

Create a unique Email Security.cloud portal account to provide to ATP

Question 13

How does an attacker use a zero-day vulnerability during the Incursion phase?

Options:

To perform a SQL injection on an internal server

To extract sensitive information from the target

To perform network discovery on the target

To deliver malicious code that breaches the target

Question 14

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

Options:

The responder needs to analyze with Cynic

The responder needs to isolate it from the network

The responder needs to write firewall rules

The responder needs to add the file to a whitelist

Exam Detail

Vendor: Symantec

Certification: Symantec Certified Specialist

Exam Code: 250-441

Exam Name: Administration of Symantec Advanced Threat Protection 3.0

Last Update: Nov 23, 2024

250-441 Question Answers

Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Symantec 250-441 Dumps Questions Answers

Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce