New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441 - Administration of Symantec Advanced Threat Protection 3.0

Symantec 250-441 Administration of Symantec Advanced Threat Protection 3.0 Exam Practice Test

Page: 1 / 9
Total 90 questions
Get 250-441 Full Access Download 250-441 PDF

Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Question 1

An Incident Responder launches a search from ATP for a file hash. The search returns the results

immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and

does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

Options:

A.

The search runs and returns results in ATP and then displays them in SEPM.

B.

This is only an endpoint search.

C.

This is a database search; a command is NOT sent to SEPM for this type of search.

D.

The browser cached result from a previous search with the same criteria.

Question 2

Which endpoint detection method allows for information about triggered processes to be displayed in ATP?

Options:

A.

SONAR

B.

Insight

C.

System Lockdown

D.

Antivirus

Question 3

What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?

Options:

A.

SEP and Symantec Messaging Gateway

B.

SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)

C.

SEP and Symantec Email Security.cloud

D.

SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud

Question 4

What is the main constraint an ATP Administrator should consider when choosing a network scanner model?

Options:

A.

Throughput

B.

Bandwidth

C.

Link speed

D.

Number of users

Question 5

An ATP administrator is setting up correlation with Email Security cloud.

What is the minimum Email Security cloud account privilege required?

Options:

A.

Standard User Role -Port

B.

Standard User Role - Service

C.

Standard User Role - Support

D.

Standard User Role - Full Access

Question 6

An Incident responder added a files NDS hash to the blacklist.

Which component of SEP enforces the blacklist?

Options:

A.

Bloodhound

B.

System Lockdown

C.

Intrusion Prevention

D.

SONAR

Question 7

A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:

Network to scan internet traffic at both sites.

Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?

Options:

A.

Site A 8840 x4 – Site B 8880 x2

B.

Site A 8880 x2 – Site B 8840 x1

C.

Site A 8880 x1 – Site B 8840 x6

D.

Site A 8880 x1 – Site B 8880 x2

Question 8

What should an Incident Responder do to mitigate a false positive?

Options:

A.

Add to Whitelist

B.

Run an indicators of compromise (IOC) search

C.

Submit to VirusTotal

D.

Submit to Cynic

Question 9

Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?

Options:

A.

Recover

B.

Protect

C.

Respond

D.

Identify

Question 10

Which threat is an example of an Advanced Persistent Threat (APT)?

Options:

A.

Loyphish

B.

Aurora

C.

ZeroAccess

D.

Michelangelo

Question 11

Which policies are required for the quarantine feature of ATP to work?

Options:

A.

Firewall Policy and Host Integrity Policy

B.

Quarantine Policy and Firewall Policy

C.

Host Integrity Policy and Quarantine Policy

D.

Quarantine and Intrusion Prevention Policy

Question 12

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

Options:

A.

To have less raw data to analyze

B.

To evaluate the data, including information from other systems

C.

To access expanded historical data

D.

To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

E.

To determine the best cleanup method

Question 13

While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

Options:

A.

Periodically log into the ATP manager and review only the Dashboard.

B.

Implement IT Analytics to create more flexible reporting.

C.

Dedicate an administrator to monitor new events as they flow into the ATP manager.

D.

Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

E.

Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

Question 14

Which detection method identifies a file as malware after SEP has queried the file's reputation?

Options:

A.

Skeptic

B.

Vantage

C.

insight

D.

Cynic

Load More 250-441 Questions 
Page: 1 / 9
Total 90 questions
Get 250-441 Full Access Download 250-441 PDF