New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Symantec 250-441 Administration of Symantec Advanced Threat Protection 3.0 Exam Practice Test

Demo: 14 questions
Total 96 questions

Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Question 1

An Incident Responder launches a search from ATP for a file hash. The search returns the results

immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and

does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

Options:

A.

The search runs and returns results in ATP and then displays them in SEPM.

B.

This is only an endpoint search.

C.

This is a database search; a command is NOT sent to SEPM for this type of search.

D.

The browser cached result from a previous search with the same criteria.

Question 2

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

Options:

A.

To have less raw data to analyze

B.

To evaluate the data, including information from other systems

C.

To access expanded historical data

D.

To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

E.

To determine the best cleanup method

Question 3

What is the role of Vantage within the Advanced Threat Protection (ATP) solution?

Options:

A.

Network detection component

B.

Event correlation

C.

Reputation-based security

D.

Detonation/sandbox

Question 4

Which threat is an example of an Advanced Persistent Threat (APT)?

Options:

A.

Koobface

B.

Brain

C.

Flamer

D.

Creeper

Question 5

Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?

Options:

A.

Temporarily disconnects the local network from the Internet.

B.

Create an Access Control List at the router to deny traffic.

C.

Analyze traffic using wire shark protocol analyzer to identify the source of the infection.

D.

Create a DNS a sinkhole server to block malicious traffic.

E.

Isolate computers so they are NOT compromised by infested computers.

Question 6

Which level of privilege corresponds to each ATP account type?

Match the correct account type to the corresponding privileges.

Options:

Question 7

How does an attacker use a zero-day vulnerability during the Incursion phase?

Options:

A.

To perform a SQL injection on an internal server

B.

To extract sensitive information from the target

C.

To perform network discovery on the target

D.

To deliver malicious code that breaches the target

Question 8

What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?

Options:

A.

SEP and Symantec Messaging Gateway

B.

SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)

C.

SEP and Symantec Email Security.cloud

D.

SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud

Question 9

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

Options:

A.

Add a Quarantine firewall policy for non-compliant and non-remediated computers.

B.

Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

C.

Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager

(SEPM).

D.

Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

E.

Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Question 10

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network

to deliver targeted malware?

Options:

A.

Incursion

B.

Discovery

C.

Capture

D.

Exfiltration

Question 11

While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

Options:

A.

Periodically log into the ATP manager and review only the Dashboard.

B.

Implement IT Analytics to create more flexible reporting.

C.

Dedicate an administrator to monitor new events as they flow into the ATP manager.

D.

Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

E.

Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

Question 12

Where can an Incident Responder view Cynic results in ATP?

Options:

A.

Events

B.

Dashboard

C.

File Details

D.

Incident Details

Question 13

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

Options:

A.

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

B.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

C.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

D.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Question 14

Which two non-Symantec methods for restricting traffic are available to the Incident Response team? (Choose two.)

Options:

A.

Temporarily disconnect the local network from the internet.

B.

Create an Access Control List at the router to deny traffic.

C.

Analyze traffic using Wireshark protocol analyzer to identify the source of the infection.

D.

Create a DNS sinkhole server to block malicious traffic.

E.

Isolate computers so they are NOT compromised by infected computers.

Demo: 14 questions
Total 96 questions