Download Administration of Symantec Advanced Threat Protection 3.0.250-441.PassCertification.2018-11-16.42q.vcex

Vendor: Symantec
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Date: Nov 16, 2018
File Size: 24 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?
  1. To determine the best plan of action for cleaning up the infection
  2. To isolate infected computers on the network and remediate the threat
  3. To gather threat artifacts and review the malicious code in a sandbox environment
  4. To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident
Correct answer: D
Question 2
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)
  1. Database version
  2. Database IP address
  3. Database domain name
  4. Database hostname
  5. Database name
Correct answer: BD
Question 3
How does an attacker use a zero-day vulnerability during the Incursion phase?
  1. To perform a SQL injection on an internal server
  2. To extract sensitive information from the target
  3. To perform network discovery on the target
  4. To deliver malicious code that breaches the target
Correct answer: D
Explanation:
Reference: https://www.symantec.com/connect/blogs/guide-zero-day-exploits
Reference: https://www.symantec.com/connect/blogs/guide-zero-day-exploits
Question 4
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?
  1. It ensures that the Incident is resolved, and the responder can clean up the infection.
  2. It ensures that the Incident is resolved, and the responder can determine the best remediation method.
  3. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
  4. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.
Correct answer: C
Question 5
Which best practice does Symantec recommend with the Endpoint Detection and Response feature?
  1. Create a unique Cynic account to provide to ATP
  2. Create a unique Symantec Messaging Gateway account to provide to ATP
  3. Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP
  4. Create a unique Email Security.cloud portal account to provide to ATP
Correct answer: C
Question 6
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?
  1. Reputation-based security
  2. Event correlation
  3. Network detection component
  4. Detonation/sandbox
Correct answer: D
Explanation:
Reference: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-advanced-threat-protection-email-DS-21349610.pdf
Reference: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-advanced-threat-protection-email-DS-21349610.pdf
Question 7
Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?
  1. Reports
  2. Settings
  3. Action Manager
  4. Policies
Correct answer: D
Explanation:
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf?__gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (132)
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf?__gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (132)
Question 8
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?
  1. Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
  2. Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain
  3. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
  4. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain
Correct answer: C
Explanation:
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf?__gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (46)
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf?__gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (46)
Question 9
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?
  1. SEPM embedded database name
  2. SEPM embedded database type
  3. SEPM embedded database version
  4. SEPM embedded database password
Correct answer: D
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO125960.html
Reference: https://support.symantec.com/en_US/article.HOWTO125960.html
Question 10
An Incident Responder wants to run a database search that will list all client named starting with SYM. 
Which syntax should the responder use?
  1. hostname like “SYM”
  2. hostname “SYM”
  3. hostname “SYM*”
  4. hostname like “SYM*”
Correct answer: A
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO124805.html
Reference: https://support.symantec.com/en_US/article.HOWTO124805.html
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!