1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441
  5. Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Pass the Symantec Symantec Certified Specialist 250-441 Questions and answers with CertsForce

 Symantec Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?

Options:
A.

Email Protect (antivirus and anti-spam)

B.

Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)

C.

Symantec Messaging Gateway

D.

Skeptic

Questions # 2:

Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?

Options:
A.

Temporarily disconnects the local network from the Internet.

B.

Create an Access Control List at the router to deny traffic.

C.

Analyze traffic using wire shark protocol analyzer to identify the source of the infection.

D.

Create a DNS a sinkhole server to block malicious traffic.

E.

Isolate computers so they are NOT compromised by infested computers.

Questions # 3:

What does a Quarantine Firewall policy enable an ATP Administrator to do?

Options:
A.

Isolate a computer while it is manually being remediated

B.

Submit files to a Central Quarantine server

C.

Filter all traffic leaving the network

D.

Intercept all traffic entering the network

Questions # 4:

Which best practice does Symantec recommend with the Endpoint Detection and Response feature?

Options:
A.

Create a unique Cynic account to provide to ATP

B.

Create a unique Symantec Messaging Gateway account to provide to ATP

C.

Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP

D.

Create a unique Email Security.cloud portal account to provide to ATP

Questions # 5:

Which level of privilege corresponds to each ATP account type?

Match the correct account type to the corresponding privileges.

Question # 5

Questions # 6:

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

Options:
A.

Exfiltration

B.

Incursion

C.

Capture

D.

Discovery

Questions # 7:

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network

to deliver targeted malware?

Options:
A.

Incursion

B.

Discovery

C.

Capture

D.

Exfiltration

Questions # 8:

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose

two.)

Options:
A.

Policies page

B.

Action Manager

C.

Syslog

D.

Incident Manager

E.

Indicators of compromise (IOC) search

Questions # 9:

How does an attacker use a zero-day vulnerability during the Incursion phase?

Options:
A.

To perform a SQL injection on an internal server

B.

To extract sensitive information from the target

C.

To perform network discovery on the target

D.

To deliver malicious code that breaches the target

Questions # 10:

Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?

Options:
A.

Search

B.

Action Manager

C.

Incident Manager

D.

Events

Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions