Download Symantec Data Loss Prevention 16.x Administration Technical Specialist.250-587.DumpsBase.2026-07-02.20q.tqb

Vendor: Symantec
Exam Code: 250-587
Exam Name: Symantec Data Loss Prevention 16.x Administration Technical Specialist
Date: Jul 02, 2026
File Size: 101 KB

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Demo Questions

Question 1
A company needs to implement Data owner Exception so that incidents are avoided when employees send or receive their own personal information.
What detection method should the company use?
  1. Vector Machine Learning (VML)
  2. Described Content Matching (DCM)
  3. Indexed Document Matching (IDM)
  4. Exact Data Marching (EDM)
Correct answer: D
Question 2
A company needs to secure the content of all Mergers and Acquisitions Agreements. However, the standard text included in all company literature needs to be excluded.
How should the company ensure that this standard text is excluded from detection?
  1. Create a Whitelisted.txt file after creating the Vector Machine Learning (VML) profile
  2. Create a Whitelisted.txt file before creating the Exact Data Matching (EDM) profile
  3. Create a Whitelisted.txt file after creating the Exact Data Matching (EDM) profile
  4. Create a Whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
Correct answer: D
Question 3
Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)
  1. Network Discover
  2. Endpoint Prevent
  3. Network Prevent for Email
  4. Endpoint Discover
  5. Information Centric Analytics
Correct answer: A, C
Question 4
Refer to the exhibit.
What activity should occur during the baseline phase, according to the risk reduction model?
  1. Monitor incidents and tune the policy to reduce false positives
  2. Define and build the incident response team
  3. Establish business metrics and begin sending reports to business unit stakeholders
  4. Test policies to ensure that blocking actions minimize business process disruptions
Correct answer: A
Question 5
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitored by Application File Access Control?
  1. Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.
  2. Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
  3. Add a “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
  4. Add “custom_app.exe” as a filename exception to the Endpoint Prevent policy.
Correct answer: C
Question 6
How should a DLP administrator change a policy that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?
  1. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected
  2. Modify the agent configuration and select the option “Retain Original Files”
  3. Modify the agent config.db to include the file
  4. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
Correct answer: A
Question 7
What is one difference between Exact Data Matching (EDM) and Exact Match Data Identifiers (EMDI)?
  1. EDM requires an index and EMDI does not.
  2. EDM rules can be evaluated by the DLP Agent and EMDI rules cannot.
  3. EDM is its own detection rule type and EMDI is a Data Identifier validation check.
  4. EDM is better at detecting non-standard delimiters (in ID numbers) than EMD
Correct answer: C
Question 8
Which detection server is available from Symantec as a hardware appliance?
  1. Network Prevent for Email
  2. Network Prevent for Web
  3. Network Monitor
  4. Network Discover
Correct answer: B
Question 9
A customer needs to integrate information form DLP incidents into external Governance, Risk, and Compliance dashboards.
Which feature should a third-party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?
  1. Incident Reporting and Update API
  2. Export incidents using the CSV format
  3. A web incident extraction report
  4. Incident Data Views
Correct answer: A
Question 10
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.
What is the first action an administrator should take to enable data transfers to the approved endpoint devices?
  1. Disable and re-enable the Endpoint Prevent policy to activate the changes
  2. Double-check that the correct device ID or class has been entered for each device
  3. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”
  4. Verify Application File Access Control (AFAC) is configured to monitor the specific application
Correct answer: B
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!