New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

250-580 Questions and Answers

Question # 6

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Full Access
Question # 7

Which default role has the most limited permission in the Integrated Cyber Defense Manager?

A.

Endpoint Console Domain Administrator

B.

Server Administrator

C.

Restricted Administrator

D.

Limited Administrator

Full Access
Question # 8

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Full Access
Question # 9

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

A.

Apache Web Server

B.

Tomcat

C.

SQL Server

D.

Group Update Provider (GUP)

Full Access
Question # 10

Which type of communication is blocked, when isolating the endpoint by clicking on the isolate button in SEDR?

A.

All non-SEP and non-SEDR network communications

B.

All network communications

C.

Only SEP and SEDR network communications

D.

Only Web and UNC network communications

Full Access
Question # 11

What is a feature of Cynic?

A.

Local Sandboxing

B.

Forwarding event data to Security Information and Event Management (SIEM)

C.

Cloud Sandboxing

D.

Customizable OS Images

Full Access
Question # 12

Which type of security threat continues to threaten endpoint security after a system reboot?

A.

file-less

B.

memory attack

C.

script

D.

Rootkit

Full Access
Question # 13

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

A.

LiveUpdate

B.

Firewall

C.

Network Intrusion Prevention

D.

Intensive Protection

Full Access
Question # 14

The Behavioral Heat Map indicates that a specific application and a specific behavior are never used together. What action can be safely set for the application behavior in a Behavioral Isolation policy?

A.

Deny

B.

Allow

C.

Delete

D.

Monitor

Full Access
Question # 15

What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

A.

SEDR Cloud Console

B.

Synapse

C.

SEP Endpoints

D.

SEPM

Full Access
Question # 16

What Symantec Best Practice is recommended when setting up Active Directory integration with the Symantec Endpoint Protection Manager?

A.

Ensure there is more than one Active Directory Server listed in the Server Properties.

B.

Link the built-in Admin account to an Active Directory account.

C.

Import the existing AD structure to organize clients in user mode.

D.

Secure the management console by denying access to certain computers.

Full Access
Question # 17

Which communication method is utilized within SES to achieve real-time management?

A.

Longpolling

B.

Standard polling

C.

Push Notification

D.

Heartbeat

Full Access
Question # 18

Which report template type should an administrator utilize to create a daily summary of network threats detected?

A.

Intrusion Prevention Report

B.

Blocked Threats Report

C.

Network Risk Report

D.

Access Violation Report

Full Access
Question # 19

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

A.

Change the LiveUpdate schedule

B.

Change the Administrator-defined scan schedule

C.

Disable Allow user-defined scans to run when the scan author is logged off

D.

Disable Run an Active Scan when new definitions arrive

Full Access
Question # 20

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

A.

An email with the SES_setup.zip file attached

B.

An email with a link to register on the ICDm user portal

C.

An email with a link to directly download the SES client

D.

An email with a link to a KB article explaining how to install the SES Agent

Full Access
Question # 21

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

A.

LiveUpdate

B.

Firewall

C.

Network Intrusion Prevention

D.

Intensive Protection

Full Access
Question # 22

Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

A.

Decreasing the number of content revisions to keep

B.

Lowering the client installation log entries

C.

Rebuilding database indexes

D.

Limiting the number of backups to keep

Full Access
Question # 23

Which technology can prevent an unknown executable from being downloaded through a browser session?

A.

Intrusion Prevention

B.

Insight

C.

Application Control

D.

Advanced Machine Learning

Full Access
Question # 24

What type of Threat Defense for Active Directory alarms are displayed after domain misconfigurations or hidden backdoors are detected?

A.

Computer Information Gathering

B.

Pass-The-Ticket

C.

Credential Theft

D.

Dark Corners

Full Access
Question # 25

What information is required to calculate storage requirements?

A.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

Full Access
Question # 26

Which Incident View widget shows the parent-child relationship of related security events?

A.

The Incident Summary Widget

B.

The Process Lineage Widget

C.

The Events Widget

D.

The Incident Graph Widget

Full Access
Question # 27

Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?

A.

Host(s), Network Interface, and Network Service

B.

Application, Host(s), and Network Service

C.

Action, Hosts(s), and Schedule

D.

Action, Application, and Schedule

Full Access
Question # 28

Which security control is complementary to IPS, providing a second layer of protection against network attacks?

A.

Host Integrity

B.

Network Protection

C.

Antimalware

D.

Firewall

Full Access
Question # 29

Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

A.

Another scan is in progress.

B.

The detected file is in use.

C.

There are insufficient file permissions.

D.

The file is marked for deletion by Windows on restart.

E.

The file has good reputation.

Full Access
Question # 30

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

A.

File Deletion

B.

Incident Manager

C.

Isolation

D.

Endpoint Activity Recorder

Full Access
Question # 31

Which two (2) criteria are used by Symantec Insight to evaluate binary executables? (Select two.)

A.

Sensitivity

B.

Prevalence

C.

Confidentiality

D.

Content

E.

Age

Full Access
Question # 32

Which option should an administrator utilize to temporarily or permanently block a file?

A.

Delete

B.

Hide

C.

Encrypt

D.

Deny List

Full Access
Question # 33

Which designation should an administrator assign to the computer configured to find unmanaged devices?

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Full Access
Question # 34

Which report template type should an administrator utilize to create a daily summary of network threats detected?

A.

Intrusion Prevention Report

B.

Blocked Threats Report

C.

Network Risk Report

D.

Access Violation Report

Full Access
Question # 35

Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

A.

Searching the EDR database and multiple data sources directly

B.

Viewing PowerShell processes

C.

Detecting Memory Exploits in conjunction with SEP

D.

Detonating suspicious files using cloud-based or on-premises sandboxing

Full Access
Question # 36

What is the maximum number of endpoints a single SEDR Manager can support?

A.

200,000

B.

25,000

C.

100,000

D.

50,000

Full Access
Question # 37

Which of the following is a benefit of choosing a hybrid SES Complete architecture?

A.

The ability to use the cloud EDR functionality

B.

The ability to manage legacy clients running an embedded OS

C.

The ability to manage Active Directory group structure without Azure

D.

The ability to use Adaptive Protection features

Full Access
Question # 38

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

A.

10

B.

20

C.

30

D.

60

Full Access
Question # 39

After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account.

Which action should the administrator take to correct the problem with minimal impact on the existing environment?

A.

Wait 15 minutes and attempt to log on again

B.

Restore the SEPM from a backup

C.

Run the Management Server and Configuration Wizard to reconfigure the server

D.

Reinstall the SEPM

Full Access
Question # 40

A file has been identified as malicious.

Which feature of SEDR allows an administrator to manually block a specific file hash?

A.

Playbooks

B.

Quarantine

C.

Allow List

D.

Block List

Full Access
Question # 41

Which rule types should be at the bottom of the list when an administrator adds device control rules?

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Full Access
Question # 42

A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system.

In which feature set order must the threat pass through to successfully infect the system?

A.

Download Insight, Firewall, IPS

B.

Firewall, IPS, Download Insight

C.

IPS, Firewall, Download Insight

D.

Download Insight, IPS, Firewall

Full Access
Question # 43

Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

A.

Insight

B.

SONAR

C.

Risk Tracer

D.

Intrusion Prevention

Full Access
Question # 44

Which security control performs a cloud lookup on files downloaded during the Initial Access phase?

A.

Exploit Protection

B.

Auto-Protect

C.

Intrusion Prevention

D.

Antimalware

Full Access
Question # 45

How would an administrator specify which remote consoles and servers have access to the management server?

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Full Access