New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Symantec 250-580 Endpoint Security Complete - R2 Technical Specialist Exam Practice Test

Demo: 45 questions
Total 150 questions

Endpoint Security Complete - R2 Technical Specialist Questions and Answers

Question 1

What protection technology should an administrator enable to prevent double executable file names of ransomware variants like Cryptolocker from running?

Options:

A.

Download Insight

B.

Intrusion Prevention System

C.

SONAR

D.

Memory Exploit Mitigation

Question 2

What should an administrator utilize to identify devices on a Mac?

Options:

A.

UseDevViewerwhen the Device is connected.

B.

Use Devicelnfo when the Device is connected.

C.

UseDevice Managerwhen the Device is connected.

D.

UseGatherSymantecInfowhen the Device is connected.

Question 3

Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?

Options:

A.

Mismatched Port - Application Traffic

B.

Irregularities in Privileged User Account Activity

C.

Surges in Database Read Volume

D.

Geographical Irregularities

Question 4

Which client log shows that a client is downloading content from its designated source?

Options:

A.

Risk Log

B.

System Log

C.

SesmLu.log

D.

Log.LiveUpdate

Question 5

What does an Endpoint Activity Recorder (EAR) full dump consist of?

Options:

A.

All of the recorded events that occurred on an endpoint relating to a single file

B.

All of the recorded events that occurred on an endpoint relating to a single process

C.

All of the recorded events that occurred on an endpoint

D.

All of the recorded events that are in the SEDR database

Question 6

What happens when an administrator adds a file to the deny list?

Options:

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Question 7

Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

Options:

A.

Decreasing the number of content revisions to keep

B.

Lowering the client installation log entries

C.

Rebuilding database indexes

D.

Limiting the number of backups to keep

Question 8

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

Options:

A.

File Deletion

B.

Incident Manager

C.

Isolation

D.

Endpoint Activity Recorder

Question 9

Which security control performs a cloud lookup on files downloaded during the Initial Access phase?

Options:

A.

Exploit Protection

B.

Auto-Protect

C.

Intrusion Prevention

D.

Antimalware

Question 10

Which type of security threat continues to threaten endpoint security after a system reboot?

Options:

A.

file-less

B.

memory attack

C.

script

D.

Rootkit

Question 11

What feature is used to get a comprehensive picture of infected endpoint activity?

Options:

A.

Entity View

B.

Process View

C.

Full Dump

D.

Endpoint Dump

Question 12

What is the maximum number of SEPMs a single Management Platform is able to connect to?

Options:

A.

50

B.

10

C.

5,000

D.

500

Question 13

Which alert rule category includes events that are generated about the cloud console?

Options:

A.

Security

B.

System

C.

Diagnostic

D.

Application Activity

Question 14

Which type of file attribute is valid for creating a block list entry with Symantec Endpoint Detection and Response (SEDR)?

Options:

A.

SHA256

B.

Type

C.

Date Created

D.

Filename

Question 15

Which IPS signature type is primarily used to identify specific unwanted network traffic?

Options:

A.

Attack

B.

Audit

C.

Malcode

D.

Probe

Question 16

What is a feature of Cynic?

Options:

A.

Local Sandboxing

B.

Forwarding event data to Security Information and Event Management (SIEM)

C.

Cloud Sandboxing

D.

Customizable OS Images

Question 17

Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

Options:

A.

Insight

B.

SONAR

C.

Risk Tracer

D.

Intrusion Prevention

Question 18

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

Options:

A.

IPv6 Tunneling

B.

IPS

C.

Firewall

D.

VPN

Question 19

What Threat Defense for Active Directory feature disables a process's ability to spawn another process, overwrite a part of memory, run recon commands, or communicate to the network?

Options:

A.

Process Mitigation

B.

Process Protection

C.

Memory Analysis

D.

Threat Monitoring

Question 20

What Symantec Best Practice is recommended when setting up Active Directory integration with the Symantec Endpoint Protection Manager?

Options:

A.

Ensure there is more than one Active Directory Server listed in the Server Properties.

B.

Link the built-in Admin account to an Active Directory account.

C.

Import the existing AD structure to organize clients in user mode.

D.

Secure the management console by denying access to certain computers.

Question 21

Which other items may be deleted when deleting a malicious file from an endpoint?

Options:

A.

Registry entries that point to that file

B.

The incident related to the file

C.

SEP Policies related to that file

D.

Files and libraries that point to that file

Question 22

What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

Options:

A.

SEDR Cloud Console

B.

Synapse

C.

SEP Endpoints

D.

SEPM

Question 23

What must be entered before downloading a file from ICDm?

Options:

A.

Name

B.

Password

C.

Hash

D.

Date

Question 24

In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?

Options:

A.

Synapse, ECC, then Insight Proxy

B.

ECC, Synapse, then Insight Proxy

C.

Insight Proxy, Synapse, then ECC

D.

ECC, Insight Proxy, then Synapse

Question 25

What does the MITRE ATT&CK Matrix consist of?

Options:

A.

Problems and Solutions

B.

Attackers and Techniques

C.

Tactics and Techniques

D.

Entities and Tactics

Question 26

An administrator decides to migrate an SES Complete hybrid environment to a fully cloud-managed one. After cleaning up on-premise group structure and policies. What is the next recommended step for migration?

Options:

A.

Export unique policies from SEPM

B.

Enroll the SEPM in ICDm

C.

Migrate the agents from ICDm

DImport unique policies in ICDm

Question 27

When are events generated within SEDR?

Options:

A.

When an incident is selected

B.

When an activityoccurs

C.

When any event is opened

D.

When entities are viewed

Question 28

After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account.

Which action should the administrator take to correct the problem with minimal impact on the existing environment?

Options:

A.

Wait 15 minutes and attempt to log on again

B.

Restore the SEPM from a backup

C.

Run the Management Server and Configuration Wizard to reconfigure the server

D.

Reinstall the SEPM

Question 29

Which antimalware intensity level is defined by the following: "Blocks files that are most certainly bad or potentially bad files results in a comparable number of false positives and false negatives."

Options:

A.

Level 6

B.

Level 5

C.

Level 2

D.

Level 1

Question 30

Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

Options:

A.

Another scan is in progress.

B.

The detected file is in use.

C.

There are insufficient file permissions.

D.

The file is marked for deletion by Windows on restart.

E.

The file has good reputation.

Question 31

How are Insight results stored?

Options:

A.

Encrypted on the Symantec Endpoint Protection Manager

B.

Unencrypted on the Symantec Endpoint Protection Manager

C.

Encrypted on the Symantec Endpoint Protection client

D.

Unencrypted on the Symantec Endpoint Protection client

Question 32

Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.

Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

Options:

A.

Allow users to save credentials when logging on

B.

Delete clients that have not connected for specified time

C.

Lock account after the specified number of unsuccessful logon attempts

D.

Allow administrators to reset passwords

Question 33

An organization recently experienced an outbreak and is conducting a health check of the environment. What Protection Technology can the SEP team enable to control and monitor the behavior of applications?

Options:

A.

Host Integrity

B.

System Lockdown

C.

Application Control

D.

Behavior Monitoring (SONAR)

Question 34

On which platform is LiveShell available?

Options:

A.

Windows

B.

All

C.

Linux

D.

Mac

Question 35

How would an administrator specify which remote consoles and servers have access to the management server?

Options:

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Question 36

How does IPS check custom signatures?

Options:

A.

IPS checks for signatures listed in the table. When a detection matches an inbound or outbound traffic packet, the IPS engine continues checking for other signatures.

B.

IPS checks for signatures listed in the table. When a detection matches an inbound or outbound traffic packet, the IPS engine restarts checking for signatures.

C.

IPS checks for signatures listed in the table. When a detection matches an inbound or outbound traffic packet, the IPS engine stops checking other signatures.

D.

IPS checks for signatures listed in the table. When a detection matches an inbound or outbound traffic packet, the IPS engine logs the other signatures.

Question 37

Files are blocked by hash in the deny list policy. Which algorithm is supported, in addition to MD5?

Options:

A.

SHA2

B.

SHA256

C.

SHA256 "salted"

D.

MD5 "Salted"

Question 38

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?

Options:

A.

Quarantine

B.

Block

C.

Deny List

D.

Firewall

Question 39

What must be entered before downloading a file from ICDm?

Options:

A.

Name

B.

Password

C.

Hash

D.

Date

Question 40

Which EDR feature is used to search for real-time indicators of compromise?

Options:

A.

Domain search

B.

Endpoint search

C.

Cloud Database search

D.

Device Group search

Question 41

What is the purpose of a Threat Defense for Active Directory Deceptive Account?

Options:

A.

It prevents attackers from reading the contents of the Domain Admins Group.

B.

It assigns a fake NTLM password hash value for users with an assigned AdminCount attribute.

C.

It exposes attackers as they seek to gather credential information from workstation memory.

D.

It acts as a honeypot to expose attackers as they attempt to build their AD treasure map

Question 42

Which type of event does operation:1indicate in a SEDR database search?

Options:

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Question 43

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Question 44

Which Endpoint Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

Options:

A.

Device Discovery

B.

Endpoint Enrollment

C.

Discover and Deploy

D.

Discover Endpoints

Question 45

Which technology can prevent an unknown executable from being downloaded through a browser session?

Options:

A.

Intrusion Prevention

B.

Insight

C.

Application Control

D.

Advanced Machine Learning

Demo: 45 questions
Total 150 questions