1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441
  5. Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Pass the Symantec Symantec Certified Specialist 250-441 Questions and answers with CertsForce

 Symantec Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

An ATP administrator is setting up an Endpoint Detection and Response connection.

Which type of authentication is allowed?

Options:
A.

Active Directory authentication

B.

SQL authentication

C.

LDAP authentication

D.

Symantec Endpoint Protection Manager (SEPM) authentication

Expert Solution
Questions # 12:

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

Options:
A.

Capture

B.

Incursion

C.

Discovery

D.

Exfiltration

Expert Solution
Questions # 13:

What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

Options:
A.

Reputation-based security

B.

Event correlation

C.

Network detection component

D.

Detonation/sandbox

Expert Solution
Questions # 14:

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

Options:
A.

Add a Quarantine firewall policy for non-compliant and non-remediated computers.

B.

Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

C.

Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager

(SEPM).

D.

Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

E.

Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Expert Solution
Questions # 15:

Which two ATP control points are able to report events that are detected using Vantage?

Enter the two control point names:

Expert Solution
Questions # 16:

What should an Incident Responder do to mitigate a false positive?

Options:
A.

Add to Whitelist

B.

Run an indicators of compromise (IOC) search

C.

Submit to VirusTotal

D.

Submit to Cynic

Expert Solution
Questions # 17:

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.

Which two objects in the STIX report will ATP search against? (Choose two.)

Options:
A.

SHA-256 hash

B.

MD5 hash

C.

MAC address

D.

SHA-1 hash

E.

Registry entry

Expert Solution
Questions # 18:

Which action should an Incident Responder take to remediate false positives, according to Symantec best

practices?

Options:
A.

Blacklist

B.

Whitelist

C.

Delete file

D.

Submit file to Cynic

Expert Solution
Questions # 19:

Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as “finding

incursions”?

Options:
A.

Protect

B.

Identify

C.

Respond

D.

Detect

Expert Solution
Questions # 20:

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

Options:
A.

Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

B.

Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

C.

Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

D.

Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions