250-441基礎問題集 資格取得

弊社のIT業で経験豊富な専門家たちが正確で、合理的なSymantec 250-441基礎問題集認証問題集を作り上げました。 弊社の勉強の商品を選んで、多くの時間とエネルギーを節約こともできます。 あなたの全部な需要を満たすためにいつも頑張ります。きみはSymantecの250-441基礎問題集認定テストに合格するためにたくさんのルートを選択肢があります。 Symantecの250-441基礎問題集認定試験の合格証明書はあなたの仕事の上で更に一歩の昇進で生活条件が向上することが助けられます。

Symantec Certified Specialist 250-441 きっと君に失望させないと信じています。

Symantec Certified Specialist 250-441基礎問題集 - Administration of Symantec Advanced Threat Protection 3.0 それは受験者にとって重要な情報です。 我々は受験生の皆様により高いスピードを持っているかつ効率的なサービスを提供することにずっと力を尽くしていますから、あなたが貴重な時間を節約することに助けを差し上げます。NewValidDumps Symantecの250-441 関連資格知識試験問題集はあなたに問題と解答に含まれている大量なテストガイドを提供しています。

NewValidDumpsはきみのIT夢に向かって力になりますよ。NewValidDumpsは多種なIT認証試験を受ける方を正確な資料を提供者でございます。弊社の無料なサンプルを遠慮なくダウンロードしてください。

Symantec 250-441基礎問題集 - それは正確性が高くて、カバー率も広いです。

IT業界で仕事している皆さんはIT認定試験の資格の重要性をよく知っていているでしょう。IT認定試験には多くの種類があります。現在最も人気がある試験もいろいろあります。例えば250-441基礎問題集認定試験などです。その中の試験、どちらを受験しましたか。もし一つの認証資格を持っていないなら、IT認定試験を申し込んで試験の資格を取得する必要があります。試験を受ける予定があれば、急いでNewValidDumpsへ来て必要な情報を見つけましょう。NewValidDumpsはあなたが250-441基礎問題集認定試験に合格する保障ですから。

我々はあなたに提供するのは最新で一番全面的なSymantecの250-441基礎問題集問題集で、最も安全な購入保障で、最もタイムリーなSymantecの250-441基礎問題集試験のソフトウェアの更新です。無料デモはあなたに安心で購入して、購入した後1年間の無料Symantecの250-441基礎問題集試験の更新はあなたに安心で試験を準備することができます、あなたは確実に購入を休ませることができます私たちのソフトウェアを試してみてください。

250-441 PDF DEMO:

QUESTION NO: 1
Answer:
Question #:4
An ATP administrator is setting up an Endpoint Detection and Response connection.
Which type of authentication is allowed?
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
A.
Active Directory authentication
SQL authentication
LDAP authentication
Symantec Endpoint Protection Manager (SEPM) authentication
Answer: A
Question #:5
What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?
It allows for Microsoft Incident Responders to assist in remediation
ATP can access the database using a log collector on the SEPM host
It allows for Symantec Incident Responders to assist in remediation
ATP can access the database without any special host system requirements
Answer: D
Question #:6
What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?
ATP will continue to block previously blacklisted addresses but NOT new ones.
ATP does NOT block access to blacklisted addresses unless block mode is enabled.
ATP will clear the existing blacklists.
ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.
Answer: B
Question #:7
Where can an Incident Responder view Cynic results in ATP?
Events
B.
C.
D.
A.
B.
C.
D.
Dashboard
File Details
Incident Details
Answer: D
Question #:8
Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?
System Lockdown
Intrusion Prevention System
Firewall
SONAR
Answer: A
Question #:9
Refer to the exhibit. An Incident Responder wants to see what was detected on a specific day by the IPS engine.
Which item must the responder choose from the drop-down menu?
A.
B.
C.
D.
A.
B.
Insight
Cynic
Vantage
Blacklist
Answer: A
Question #:10
An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all connections are properly secured.
Which connections should the administrator secure with signed SSL certificates?
ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
Web access to the GUI
ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
ATP and Email Security.cloud
Web access to the GUI
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
D.
ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and the Symantec Endpoint Protection Manager (SEPM)
Web access to the GUI
Answer: C
Question #:11
Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details page? (Choose two.)
Affected Endpoints
Dashboard
Incident Graph
Events View
Actions Bar
Answer: C E
Question #:12
What does a Quarantine Firewall policy enable an ATP Administrator to do?
Isolate a computer while it is manually being remediated
Submit files to a Central Quarantine server
Filter all traffic leaving the network
Intercept all traffic entering the network
Answer: A
Question #:13
An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used
A.
B.
C.
D.
E.
A.
B.
C.
D.
A.
over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)
Report the users to their manager for unauthorized usage of company resources
Blacklist the domains and IP associated with the malicious traffic
Isolate the endpoints
Blacklist the endpoints
Find and blacklist the P2P client application
Answer: C E
Question #:14
Which final steps should an Incident Responder take before using ATP to rejoin a remediated endpoint to the network, according to Symantec best practices?
Run an additional antivirus scan with the latest definitions. If the scan comes back as clean, rejoin the computer to the production network.
Run Windows Update to patch the system with the latest service pack. Once the system is up-to-date, rejoin the computer to the production network.
Use SymDiag to run a Threat Scan Analysis on the machine. Once the analysis comes back as clean, rejoin the computer to the production network.
Upgrade the client to the latest version of SEP. Once the client is upgraded, rejoin the computer to the production network.
Answer: D
Question #:15
An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.
In which scenario should the Incident Responder copy a suspicious file to the ATP file store?
A.
B.
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
D.
The responder needs to analyze with Cynic
The responder needs to isolate it from the network
The responder needs to write firewall rules
The responder needs to add the file to a whitelist
Answer: A
Question #:16
Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?
(Choose two.)
Administrator
Controller
User
Incident Responder
Root
Answer: A B
Question #:17
An Incident Responder observers and incident with multiple malware downloads from a malicious domain.
The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?
How should the Incident responder proceed?
Whitelist the domain and close the incident as a false positive
Identify the pieces of malware and blacklist them, then notify the supplier
Blacklist the domain and IP of the attacking site
Notify the supplier and block the site on the external firewall
Answer: D
A.
B.
C.
D.
E.
F.
A.
B.
C.
D.
Question #:18
During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.
Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?
Use the isolation command in ATP to move endpoint to quarantine network.
Blacklist suspicious domain in the ATP manager.
Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager
(SEPM.)
Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks
traffic to the domain.
Run a full system scan on all endpoints
Answer: A B
Question #:19
How can an Incident Responder generate events for a site that was identified as malicious but has NOT triggered any events or incidents in ATP?
Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection
Manager
(SEPM).
Run an indicators of compromise (IOC) search in ATP manager.
Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.
Add the site to a blacklist in ATP manager.
Answer: D
Question #:20
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?
Throughput
Bandwidth
Link speed
Number of users
Answer: B
Question #:21
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?
Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain
Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain
Answer: C
Question #:22
An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?
All tokens
Domainname, Filename, and Filehash
Filename, Filehash, and Registry
Domainname and Filename only
Answer: C
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
Question #:23
A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:
Network to scan internet traffic at both sites.
Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?
Site A 8840 x4 – Site B 8880 x2
Site A 8880 x2 – Site B 8840 x1
Site A 8880 x1 – Site B 8840 x6
Site A 8880 x1 – Site B 8880 x2
Answer: D
Question #:24
What is the minimum amount of RAM required for a virtual deployment of the ATP Manager in a production environment?
48 GB
64 GB
16 GB
32GB
Answer: A
Question #:25
An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?
Isolate the endpoint with a Quarantine Firewall policy
Blacklist the IRC channel IP
Blacklist the endpoint IP
D. Isolate the endpoint with an application control policy
Answer: C
Question #:26
Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.
Answer:
A.
B.
C.
D.
E.
A.
B.
C.
D.
Question #:27
Which two non-Symantec methods for restricting traffic are available to the Incident Response team? (Choose two.)
Temporarily disconnect the local network from the internet.
Create an Access Control List at the router to deny traffic.
Analyze traffic using Wireshark protocol analyzer to identify the source of the infection.
Create a DNS sinkhole server to block malicious traffic.
Isolate computers so they are NOT compromised by infected computers.
Answer: C D
Question #:28
An organization is considering an ATP: Endpoint and Network deployment with multiple appliances.
Which form factor will be the most effective in terms of performance and costs?
Virtual for management, physical for the network scanners and ATP: Endpoint
Physical for management and ATP: Endpoint, virtual for the network scanners
Virtual for management and ATP: Endpoint, physical for the network scanners
Virtual for management, ATP: Endpoint, and the network scanners
Answer: B
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Question #:29
What should an Incident Responder do to mitigate a false positive?
Add to Whitelist
Run an indicators of compromise (IOC) search
Submit to VirusTotal
Submit to Cynic
Answer: B
Question #:30
Which threat is an example of an Advanced Persistent Threat (APT)?
ILOVEYOU
Conficker
MyDoom
GhostNet
Answer: D
Question #:31
Which detection method identifies a file as malware after SEP has queried the file's reputation?
Skeptic
Vantage
insight
Cynic
Answer: C
Question #:32
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
An Incident Responder wants to run a database search that will list all client named starting with SYM.
Which syntax should the responder use?
hostname like “SYM”
hostname “SYM”
hostname “SYM*”
hostname like “SYM*”
Answer: A
Question #:33
An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the responder sees the results for 90 endpoints.
What is a possible reason for the search only returning results for 90 of 100 endpoints?
The search expired after one hour
10 endpoints are offline
The search returned 0 results on 10 endpoints
10 endpoints restarted and cancelled the search
Answer: C
Question #:34
During a recent virus outbreak, an Incident Responder found that the Incident Response team was successful in identifying malicious domains that were communicating with the infected endpoints.
Which two options should the Incident Responder select to prevent endpoints from communicating with malicious domains? (Select two.)
Use the isolate command in ATP to move all endpoints to a quarantine network.
Blacklist suspicious domains in the ATP manager.
Deploy a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection
Manager (SEPM).
D.
E.
A.
B.
C.
D.
A.
B.
C.
D.
A.
Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.
Run a full system scan on all endpoints.
Answer: D E
Question #:35
An Incident Responder wants to use a STIX file to run an indicate of components (IOC) search.
Which format must the administrator use for the file?
.csv
.xml
.mht
.html
Answer: B
Question #:36
Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?
Capture
Incursion
Discovery
Exfiltration
Answer: B
Question #:37
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log
Collector?
SEPM embedded database name
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
E.
A.
SEPM embedded database type
SEPM embedded database version
SEPM embedded database password
Answer: D
Question #:38
Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?
ATP: Email
ATP: Endpoint
ATP: Network
ATP: Roaming
Answer: B
Question #:39
Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)
Analyze suspicious code with Cynic
Email the files to Symantec Technical Support
Double-click to open the files
Diagnose the files as a threat based on the file names
Submit the files to Security Response
Answer: A C
Question #:40
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?
Email Security.cloud
B.
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
D.
Web security.cloud
Skeptic
Symantec Messaging Gateway
Answer: A
Question #:41
An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the
After Actions Report.
What are two reasons the responder should analyze the information using Syslog? (Choose two.)
To have less raw data to analyze
To evaluate the data, including information from other systems
To access expanded historical data
To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
To determine the best cleanup method
Answer: B E
Question #:42
Which policies are required for the quarantine feature of ATP to work?
Firewall Policy and Host Integrity Policy
Quarantine Policy and Firewall Policy
Host Integrity Policy and Quarantine Policy
Quarantine and Intrusion Prevention Policy
Answer: C
Question #:43
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
In which scenario should an Incident Responder manually submit a file to the Cynic portal?
There is a file on a USB that an Incident Responder wants to analyze in a sandbox.
An Incident Responder is unable to remember the password to the .zip archive.
The file has generated multiple incidents in the ATP manager and an Incident Responder wants to blacklist the file.
The file is a legitimate application and an Incident Responder wants to report it to Symantec as a false positive.
Answer: D
Question #:44
Which threat is an example of an Advanced Persistent Threat (APT)?
Zeus
Melissa
Duqu
Code Red
Answer: C
Question #:45
Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
To have a copy of the file policy enforcement
To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection
Manager (SEPM)
To create custom IPS signatures
To document and preserve any pieces of evidence associated with the incident
Answer: B
A.
B.
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
D.
Question #:46
Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?
8446
8081
8014
1433
Answer: B
Question #:47
Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)
Configure a SIEM feed from the portal to the ATP environment
Configure email reports on convictions
Submit false positive and false negative files
Query hashes
Submit hashes to Insight
Answer: D E
Question #:48
While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.
What are two examples of how an organization can improve log monitoring to help detect future breaches?
(Choose two.)
Periodically log into the ATP manager and review only the Dashboard.
Implement IT Analytics to create more flexible reporting.
Dedicate an administrator to monitor new events as they flow into the ATP manager.
Set email notifications in the ATP manager to message the Security team when a new incident is
D.
E.
A.
B.
C.
D.
A.
B.
C.
D.
A.
occurring.
Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.
Answer: D E
Question #:49
An Incident Responder discovers an incident where all systems are infected with a file that has the same name and different hash. As a result, the organism view has multiple entries for the malicious file.
What is causing this issue?
This is a polymorphic threat
This is a DDoS attack
The file has multiple hashes
The file is trying to phone home
Answer: A
Question #:50
What is the role of Synapse within the Advanced Threat Protection (ATP) solution?
Reputation-based security
Event correlation
Network detection component
Detonation/sandbox
Answer: B
Question #:51
An ATP Administrator set up ATP: Network in TAP mode and has placed URLs on the blacklist.
What will happen when a user attempts to access one of the blacklisted URLs?
Access to the website is blocked by the network scanner but an event is NOT generated
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Access to the website is blocked by the network scanner and a network event is generated
Access to the website is allowed by the network scanner but blocked by ATP: Endpoint and an endpoint event is generated
Access to the website is allowed by the network scanner but a network event is generated
Answer: D
Question #:52
How does an attacker use a zero-day vulnerability during the Incursion phase?
To perform a SQL injection on an internal server
To extract sensitive information from the target
To perform network discovery on the target
To deliver malicious code that breaches the target
Answer: D
Question #:53
Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network to deliver targeted malware?
Incursion
Discovery
Capture
Exfiltration
Answer: A
Question #:54
Which two ATP control points are able to report events that are detected using Vantage?
Enter the two control point names:
A.
B.
C.
D.
E.
A.
B.
C.
D.
A.
B.
C.
D.
ATP: network; ATP: Endpoint
Question #:55
Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?
Temporarily disconnects the local network from the Internet.
Create an Access Control List at the router to deny traffic.
Analyze traffic using wire shark protocol analyzer to identify the source of the infection.
Create a DNS a sinkhole server to block malicious traffic.
Isolate computers so they are NOT compromised by infested computers.
Answer: A E
Question #:56
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?
Reputation-based security
Event correlation
Network detection component
Detonation/sandbox
Answer: D
Question #:57
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?
It ensures that the Incident is resolved, and the responder can clean up the infection.
It ensures that the Incident is resolved, and the responder can determine the best remediation method.
It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.
A.
B.
C.
D.
E.
A.
B.
C.
D.
A.
Answer: C
Question #:58
An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager.
Which two entity relationship examples should the responder look for and document from the Incident Graph?
(Choose two.)
An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.
A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.
A network share is repeatedly accessed during and after an infection indicating a more targeted attack.
A malicious file that was repeatedly downloaded by a Trojan or downloader that infected multiple endpoints.
An external website that was the source of many malicious files.
Answer: D E
Question #:59
Which threat is an example of an Advanced Persistent Threat (APT)?
Koobface
Brain
Flamer
Creeper
Answer: C
Question #:60
Which threat is an example of an Advanced Persistent Threat (APT)?
Loyphish
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Aurora
ZeroAccess
Michelangelo
Answer: B
Question #:61
Which access credentials does an ARP Administrator need to set up a deployment of ATP: Endpoint ,
Network and Email?
Email security. Cloud credential for email correlation, credential for the Symantec Endpoint Protection
Manager (SEPM) database, and System Administrator logging for the SEPM.
Active Directory logging to the Symantec endpoint Protection Manager (SEPM) database and an Email
Security. Cloud login with full access
Symantec Endpoint protection Manager (SEPM) login and ATP: Email login with service permissions
Credentials for the Symantec Endpoint protection Manager (SEPM) database, and an administrator loging or Symantec Messaging Gateway
Answer: A
Question #:62
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?
The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.
Answer: D
A.
B.
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
D.
Question #:63
Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as “finding incursions”?
Protect
Identify
Respond
Detect
Answer: B
Question #:64
In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose two.)
Policies page
Action Manager
Syslog
Incident Manager
Indicators of compromise (IOC) search
Answer: C D
Question #:65
Which endpoint detection method allows for information about triggered processes to be displayed in ATP?
SONAR
Insight
System Lockdown
Antivirus
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Answer: B
Question #:66
Which best practice does Symantec recommend with the Endpoint Detection and Response feature?
Create a unique Cynic account to provide to ATP
Create a unique Symantec Messaging Gateway account to provide to ATP
Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP
Create a unique Email Security.cloud portal account to provide to ATP
Answer: C
Question #:67
Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?
Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection
Manager (SEPM) database, and a System Administrator login for the SEPM
Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email
Security.cloud login with full access
Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions
Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway
Answer: C
Question #:68
Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?
Email Protect (antivirus and anti-spam)
Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)
Symantec Messaging Gateway
Skeptic
A.
B.
C.
D.
E.
A.
B.
C.
D.
A.
B.
C.
D.
Answer: A
Question #:69
Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)
Does the organization need to do a healthcheck in the environment?
Are certain endpoints being repeatedly attacked?
Is the organization being attacked by this external entity repeatedly?
Do ports need to be blocked or opened on the firewall?
Does a risk assessment need to happen in the environment?
Answer: B E
Question #:70
Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk
Assessment or Risk Management Strategy?
Recover
Protect
Respond
Identify
Answer: D
Question #:71
An Incident responder added a files NDS hash to the blacklist.
Which component of SEP enforces the blacklist?
Bloodhound
System Lockdown
Intrusion Prevention
D.
A.
B.
C.
D.
A.
B.
C.
D.
SONAR
Answer: B
Question #:72
An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?
Database search filename “msscrt.pdf”
Database search msscrt.pdf
Endpoint search filename like msscrt.pdf
Endpoint search filename =“msscrt.pdf”
Answer: A
Question #:73
ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is
NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?
Perform a healthcheck of ATP
Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
Use ATP to isolate non-SEP protected computers to a remediation VLAN
Rejoin the endpoints back to the network after completing a final virus scan
Answer: C
Question #:74
A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.
Which approach allows the customer to meet this need?
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic
Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic
Use the ATP console to check whether the MD5 hash triggers a detection from Cynic
Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic
Answer: C
Question #:75
An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command.
How is it possible that the search returned results?
The search runs and returns results in ATP and then displays them in SEPM.
This is only an endpoint search.
This is a database search; a command is NOT sent to SEPM for this type of search.
The browser cached result from a previous search with the same criteria.
Answer: A
Question #:76
Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?
Reports
Settings
Action Manager
Policies
Answer: D
A.
B.
C.
D.
E.
A.
B.
C.
D.
E.
A.
B.
C.
D.
Question #:77
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
Rejoin healthy endpoints back to the network
Blacklist any suspicious files found in the environment
Submit any suspicious files to Cynic
Isolate infected endpoints to a quarantine network
Delete threat artifacts from the environment
Answer: B E
Question #:78
An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.
Which two objects in the STIX report will ATP search against? (Choose two.)
SHA-256 hash
MD5 hash
MAC address
SHA-1 hash
Registry entry
Answer: A B
Question #:79
What is the role of Vantage within the Advanced Threat Protection (ATP) solution?
Network detection component
Event correlation
Reputation-based security
Detonation/sandbox
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
Answer: A
Question #:80
A network control point discovered a botnet phone-home attempt in the network stream.
Which detection method identified the event?
Vantage
Insight
Antivirus
Cynic
Answer: C
Question #:81
What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?
SEP and Symantec Messaging Gateway
SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)
SEP and Symantec Email Security.cloud
SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud
Answer: C
Question #:82
An organization has five (5) shops with a few endpoints and a large warehouse where 98% of all computers are located. The shops are connected to the warehouse using leased lines and access internet through the warehouse network.
How should the organization deploy the network scanners to observe all inbound and outbound traffic based on Symantec best practices for Inline mode?
Deploy a virtual network scanner at each shop
Deploy a virtual network scanner at the warehouse and a virtual network scanner at each shop
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
Deploy a physical network scanner at each shop
Deploy a physical network scanner at the warehouse gateway
Answer: D
Question #:83
Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?
Capture
Incursion
Discovery
Exfiltration
Answer: D
Question #:84
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?
To determine the best plan of action for cleaning up the infection
To isolate infected computers on the network and remediate the threat
To gather threat artifacts and review the malicious code in a sandbox environment
To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident
Answer: D
Question #:85
What is the second stage of an Advanced Persistent Threat (APT) attack?
Exfiltration
Incursion
Discovery
D.
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
Capture
Answer: B
Question #:86
Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?
Discovery
Capture
Exfiltration
Incursion
Answer: A
Question #:87
Which SEP technologies are used by ATP to enforce the blacklisting of files?
Application and Device Control
SONAR and Bloodhound
System Lockdown and Download Insight
Intrusion Prevention and Browser Intrusion Prevention
Answer: C
Question #:88
Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?
Search
Action Manager
Incident Manager
D.
A.
B.
C.
D.
A.
B.
C.
D.
E.
A.
B.
C.
Events
Answer: B
Question #:89
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?
Exfiltration
Incursion
Capture
Discovery
Answer: B
Question #:90
What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
Add a Quarantine firewall policy for non-compliant and non-remediated computers.
Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager
(SEPM).
Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.
Answer: A D
Question #:91
Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)
Close any open shares
Identify the threat and understand how it spreads
Create subnets or VLANs and configure the network devices to restrict traffic
D.
E.
A.
B.
C.
D.
A.
B.
C.
D.
E.
Set executables on network drives as read only
Identify affected clients
Answer: A E
Question #:92
In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?
The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.
The Incident Response team is reviewing detections in the risk logs and assigning a High-Security
Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).
The Incident Response team completed their analysis of the threat and added it to a blacklist.
The Incident Response team is analyzing the file to determine if it is a threat or a false positive.
Answer: C
Question #:93
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)
Database version
Database IP address
Database domain name
Database hostname
Database name
Answer: B D
Question #:94
Which action should an Incident Responder take to remediate false positives, according to Symantec best
A.
B.
C.
D.
A.
B.
C.
D.
A.
B.
C.
D.
practices?
Blacklist
Whitelist
Delete file
Submit file to Cynic
Answer: B
Question #:95
An ATP administrator is setting up correlation with Email Security cloud.
What is the minimum Email Security cloud account privilege required?
Standard User Role -Port
Standard User Role - Service
Standard User Role - Support
Standard User Role - Full Access
Answer: B
Question #:96
An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated.
Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?
Intrusion Prevention
Firewall
SONAR
Application and Device Control
Answer: B

Huawei H19-105_V1.0 - IT認定試験を受験するのは一つの良い方法です。 SymantecのHP HPE7-A05試験に失敗しても、我々はあなたの経済損失を減少するために全額で返金します。 Peoplecert ITIL-4-Specialist-High-velocity-IT - もし不合格になったら、私たちは全額返金することを保証します。 Esri EUNS20-001 - 社会と経済の発展につれて、多くの人はIT技術を勉強します。 NewValidDumpsのSymantecのUiPath UiPath-SAIv1試験トレーニング資料は欠くことができない学習教材です。

Updated: May 28, 2022

250-441基礎問題集 - 250-441受験資料更新版 & Administration Of Symantec Advanced Threat Protection 3.0

PDF問題と解答

試験コード:250-441
試験名称:Administration of Symantec Advanced Threat Protection 3.0
最近更新時間:2024-10-31
問題と解答:全 96
Symantec 250-441 関連日本語版問題集

  ダウンロード


 

模擬試験

試験コード:250-441
試験名称:Administration of Symantec Advanced Threat Protection 3.0
最近更新時間:2024-10-31
問題と解答:全 96
Symantec 250-441 的中率

  ダウンロード


 

オンライン版

試験コード:250-441
試験名称:Administration of Symantec Advanced Threat Protection 3.0
最近更新時間:2024-10-31
問題と解答:全 96
Symantec 250-441 日本語復習赤本

  ダウンロード


 

250-441 受験料過去問