New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Symantec 250-580 Dumps Questions Answers

Page: 1 / 11
Total 150 questions

Endpoint Security Complete - R2 Technical Specialist Questions and Answers

Question 1

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

Options:

A.

Apache Web Server

B.

Tomcat

C.

SQL Server

D.

Group Update Provider (GUP)

Buy Now
Question 2

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

Options:

A.

Change the custom signature order

B.

Create a Custom Intrusion Prevention Signature library

C.

Define signature variables

D.

Enable signature logging

Question 3

Which security threat stage seeks to gather valuable data and upload it to a compromised system?

Options:

A.

Exfiltration

B.

Impact

C.

Lateral Movement

D.

Command and Control

Question 4

What account type must the AD Gateway Service Account be assigned to the AD Gateway device for AD Synchronization to function correctly?

Options:

A.

Local Standard

B.

Local Administrator

C.

Domain Administrator

D.

Domain User

Question 5

Which rule types should be at the bottom of the list when an administrator adds device control rules?

Options:

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Question 6

On which platform is LiveShell available?

Options:

A.

Windows

B.

All

C.

Linux

D.

Mac

Question 7

When are events generated within SEDR?

Options:

A.

When an incident is selected

B.

When an activityoccurs

C.

When any event is opened

D.

When entities are viewed

Question 8

What prevention technique does Threat Defense for Active Directory use to expose attackers?

Options:

A.

Process Monitoring

B.

Obfuscation

C.

Honeypot Traps

D.

Packet Tracing

Question 9

Which option should an administrator utilize to temporarily or permanently block a file?

Options:

A.

Delete

B.

Hide

C.

Encrypt

D.

Deny List

Question 10

How would an administrator specify which remote consoles and servers have access to the management server?

Options:

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Question 11

What type of policy provides a second layer of defense, after the Symantec firewall?

Options:

A.

Virus and Spyware

B.

Host Integrity

C.

Intrusion Prevention

D.

System Lockdown

Question 12

Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

Options:

A.

Decreasing the number of content revisions to keep

B.

Lowering the client installation log entries

C.

Rebuilding database indexes

D.

Limiting the number of backups to keep

Question 13

If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?

Options:

A.

Navigate to ICDm > Enrollment and disable the setting

B.

Unenroll the SEPM > Disable the setting > Re-enroll the SEPM

C.

Revoke policies from ICDm

D.

Revoke policies from SEPM

Question 14

What must be entered before downloading a file from ICDm?

Options:

A.

Name

B.

Password

C.

Hash

D.

Date

Question 15

When can an administrator add a new replication partner?

Options:

A.

Immediately following the first LiveUpdate session of the new site

B.

During a Symantec Endpoint Protection Manager upgrade

C.

During the initial installation of the new site

D.

Immediately following a successful Active Directory sync

Question 16

Which other items may be deleted when deleting a malicious file from an endpoint?

Options:

A.

Registry entries that point to that file

B.

The incident related to the file

C.

SEP Policies related to that file

D.

Files and libraries that point to that file

Question 17

What is a feature of Cynic?

Options:

A.

Local Sandboxing

B.

Forwarding event data to Security Information and Event Management (SIEM)

C.

Cloud Sandboxing

D.

Customizable OS Images

Question 18

Which technology can prevent an unknown executable from being downloaded through a browser session?

Options:

A.

Intrusion Prevention

B.

Insight

C.

Application Control

D.

Advanced Machine Learning

Question 19

Which technique randomizes the memory address map with Memory Exploit Mitigation?

Options:

A.

ForceDEP

B.

SEHOP

C.

ASLR

D.

ROPHEAP

Question 20

What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

Options:

A.

SEDR Cloud Console

B.

Synapse

C.

SEP Endpoints

D.

SEPM

Question 21

How are Insight results stored?

Options:

A.

Encrypted on the Symantec Endpoint Protection Manager

B.

Unencrypted on the Symantec Endpoint Protection Manager

C.

Encrypted on the Symantec Endpoint Protection client

D.

Unencrypted on the Symantec Endpoint Protection client

Question 22

What type of Threat Defense for Active Directory alarms are displayed after domain misconfigurations or hidden backdoors are detected?

Options:

A.

Computer Information Gathering

B.

Pass-The-Ticket

C.

Credential Theft

D.

Dark Corners

Question 23

A file has been identified as malicious.

Which feature of SEDR allows an administrator to manually block a specific file hash?

Options:

A.

Playbooks

B.

Quarantine

C.

Allow List

D.

Block List

Question 24

What EDR feature provides endpoint activity recorder data for a file hash?

Options:

A.

Process Dump

B.

Entity Dump

C.

Hash Dump

D.

Full Dump

Question 25

Which communication method is utilized within SES to achieve real-time management?

Options:

A.

Longpolling

B.

Standard polling

C.

Push Notification

D.

Heartbeat

Question 26

What information is required to calculate retention rate?

Options:

A.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

Question 27

In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?

Options:

A.

Synapse, ECC, then Insight Proxy

B.

ECC, Synapse, then Insight Proxy

C.

Insight Proxy, Synapse, then ECC

D.

ECC, Insight Proxy, then Synapse

Question 28

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

Options:

A.

LiveUpdate

B.

Firewall

C.

Network Intrusion Prevention

D.

Intensive Protection

Question 29

What feature is used to get a comprehensive picture of infected endpoint activity?

Options:

A.

Entity View

B.

Process View

C.

Full Dump

D.

Endpoint Dump

Question 30

How would an administrator specify which remote consoles and servers have access to the management server?

Options:

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Question 31

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

Options:

A.

An email with the SES_setup.zip file attached

B.

An email with a link to register on the ICDm user portal

C.

An email with a link to directly download the SES client

D.

An email with a link to a KB article explaining how to install the SES Agent

Question 32

An organization would like to use a content distribution method that centrally controls content types and versions. Almost all of their endpoints are running Windows.

What type of content distribution method should be used?

Options:

A.

Management Server

B.

Group Update Provider

C.

Internal LiveUpdate Server

D.

External LiveUpdate Server

Question 33

What is the result of disjointed telemetry collection methods used within an organization?

Options:

A.

Investigators lack granular visibility

B.

Back of orchestration across controls

C.

False positives are seen

D.

Attacks continue to spread during investigation

Question 34

Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?

Options:

A.

Intrusion Prevention

B.

SONAR

C.

Application and Device Control

D.

Tamper Protection

Question 35

Which report template type should an administrator utilize to create a daily summary of network threats detected?

Options:

A.

Intrusion Prevention Report

B.

Blocked Threats Report

C.

Network Risk Report

D.

Access Violation Report

Question 36

Which security control performs a cloud lookup on files downloaded during the Initial Access phase?

Options:

A.

Exploit Protection

B.

Auto-Protect

C.

Intrusion Prevention

D.

Antimalware

Question 37

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Question 38

What priority would an incident that may have an impact on business be considered?

Options:

A.

Low

B.

Critical

C.

High

D.

Medium

Question 39

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?

Options:

A.

Enable port scan detection

B.

Automatically block an attacker's IP address

C.

Block all traffic until the firewall starts and after the firewall stops

D.

Enable denial of service detection

Question 40

What is the timeout for the file deletion command in SEDR?

Options:

A.

2 Days

B.

7 Days

C.

72 Hours

D.

5 Days

Question 41

What information is required to calculate storage requirements?

Options:

A.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

Question 42

What does a medium-priority incident indicate?

Options:

A.

The incident may have an impact on the business

B.

The incident can result in a business outage

C.

The incident does not affect critical business operation

D.

The incident can safely be ignored

Question 43

An administrator decides to migrate an SES Complete hybrid environment to a fully cloud-managed one. After cleaning up on-premise group structure and policies. What is the next recommended step for migration?

Options:

A.

Export unique policies from SEPM

B.

Enroll the SEPM in ICDm

C.

Migrate the agents from ICDm

DImport unique policies in ICDm

Question 44

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

Options:

A.

LiveUpdate

B.

Firewall

C.

Network Intrusion Prevention

D.

Intensive Protection

Question 45

What information is required to calculate storage requirements?

Options:

A.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

Page: 1 / 11
Total 150 questions