1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441
  5. Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Pass the Symantec Symantec Certified Specialist 250-441 Questions and answers with CertsForce

 Symantec Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated.

Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?

Options:
A.

Intrusion Prevention

B.

Firewall

C.

SONAR

D.

Application and Device Control

Expert Solution
Questions # 22:

What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?

Options:
A.

It allows for Microsoft Incident Responders to assist in remediation

B.

ATP can access the database using a log collector on the SEPM host

C.

It allows for Symantec Incident Responders to assist in remediation

D.

ATP can access the database without any special host system requirements

Expert Solution
Questions # 23:

What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?

Options:
A.

SEP and Symantec Messaging Gateway

B.

SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)

C.

SEP and Symantec Email Security.cloud

D.

SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud

Expert Solution
Questions # 24:

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose

two.)

Options:
A.

Database version

B.

Database IP address

C.

Database domain name

D.

Database hostname

E.

Database name

Expert Solution
Questions # 25:

An ATP administrator is setting up correlation with Email Security cloud.

What is the minimum Email Security cloud account privilege required?

Options:
A.

Standard User Role -Port

B.

Standard User Role - Service

C.

Standard User Role - Support

D.

Standard User Role - Full Access

Expert Solution
Questions # 26:

Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?

Options:
A.

To have a copy of the file policy enforcement

B.

To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)

C.

To create custom IPS signatures

D.

To document and preserve any pieces of evidence associated with the incident

Expert Solution
Questions # 27:

What is the second stage of an Advanced Persistent Threat (APT) attack?

Options:
A.

Exfiltration

B.

Incursion

C.

Discovery

D.

Capture

Expert Solution
Questions # 28:

In which scenario should an Incident Responder manually submit a file to the Cynic portal?

Options:
A.

There is a file on a USB that an Incident Responder wants to analyze in a sandbox.

B.

An Incident Responder is unable to remember the password to the .zip archive.

C.

The file has generated multiple incidents in the ATP manager and an Incident Responder wants to blacklist the file.

D.

The file is a legitimate application and an Incident Responder wants to report it to Symantec as a false

positive.

Expert Solution
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions