Labour Day Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Administration of Symantec Endpoint Protection 14 Question and Answers

Administration of Symantec Endpoint Protection 14

Last Update Apr 26, 2024
Total Questions : 135

We are offering FREE 250-428 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-428 free exam questions and then go for complete pool of Administration of Symantec Endpoint Protection 14 test questions that will help you more.

250-428 pdf

250-428 PDF

$35  $99.99
 Add to Cart
250-428 Engine

250-428 Testing Engine

$42  $119.99
 Add to Cart
250-428 PDF + Engine

250-428 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

A company uses a remote administration tool that is detected and quarantined by Symantec Endpoint Protection (SEP).

Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

Options:

A.  

Create a Tamper Protect exception for the tool

B.  

Create a SONAR exception for the tool

C.  

Create an Application to Monitor exception for the tool

D.  

Create a Known Risk exception for the tool

Discussion 0
Questions 2

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk.

Which two factors should the administrator consider? (Select two.)

Options:

A.  

The deleted file may still be in the Recycle Bin.

B.  

IT Analytics may keep a copy of the file for investigation.

C.  

False positives may delete legitimate files.

D.  

Insight may back up the file before sending it to Symantec.

E.  

A copy of the threat may still be in the quarantine.

Discussion 0
Questions 3

Which option is a characteristic of a Symantec Endpoint Protection (SEP) domain?

Options:

A.  

Every administrator from one domain can view data in other domains.

B.  

Each domain has its own management server and database.

C.  

Data for each domain is stored in its own separate SEP database.

D.  

Domains share the same management server and database.

Discussion 0
Questions 4

Which client log shows that a client is downloading content from its designated source?

Options:

A.  

Log.LiveUpdate

B.  

System Log

C.  

Risk Log

D.  

SesmLu.log

Discussion 0
Questions 5

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

Options:

A.  

Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

B.  

Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line

C.  

Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.

D.  

Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.

Discussion 0
Questions 6

An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.

How should the administrator architect this organization?

Options:

A.  

Set up 3 domains

B.  

Set up 3 sites

C.  

Set up 3 groups

D.  

Set up 3 locations

Discussion 0
Questions 7

An administrator is recovering from a Symantec Endpoint Manager (SEPM) site failure.

Which file should the administrator use during an install of SEPM to recover the lost environment according to Symantec Disaster Recovery Best Practice documentation?

Options:

A.  

Original installation log

B.  

Sylink.xml file from the SEPM

C.  

Settings.properties file

D.  

Recovery_timestamp file

Discussion 0
Questions 8

A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A Symantec Endpoint Protection administrator has set a one hour damper period for that notification condition.

How many notifications does the administrator receive after 30 computers are infected in two hours?

Options:

A.  

1

B.  

2

C.  

6

D.  

15

Discussion 0
Questions 9

A company needs to forward log data from Data Center A to Data Center B during off peak hours only.

How should the company architect its Symantec Endpoint Protection environment?

Options:

A.  

Set up two sites and schedule replication between them during off peak hours

B.  

Set up a single site and configure the clients to send their logs to the Manager during off peak hours

C.  

Set up a Group Update Provider (GUP) at Data Center A and configure it to send logs during off peak hours

D.  

Set up a LiveUpdate Server at Data Center A and configure it to send logs during off peak hours

Discussion 0
Questions 10

Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?

Options:

A.  

The SIC server allocates additional memory for the whitelist as needed.

B.  

The SIC server will start writing the cache to disk.

C.  

The SIC server will remove the least recently used items based on the prune size.

D.  

The SIC server will remove items with the fewest number of votes.

Discussion 0
Questions 11

Which Symantec Endpoint Protection defense mechanism provides protection against threats that propagate from system to system through the use of autorun.inf files?

Options:

A.  

Host Integrity

B.  

SONAR

C.  

Application and Device Control

D.  

Emulator

Discussion 0
Questions 12

What two (2) steps should an administrator take to troubleshoot firewall with the Symantec Endpoint Protection client (Select two.)

Options:

A.  

Disable the Symantec Endpoint Protection client and reproduce the issue.

B.  

Add an "Allow AH" traffic rule to the assigned firewall policy and reproduce the issue.

C.  

Create an exclusion in the Exceptions policy and reproduce the issue.

D.  

Withdraw the assigned firewall policy and reproduce the issue.

E.  

Enable TSE debug on the Symantec Endpoint Protect client and reproduce the issue.

Discussion 0
Questions 13

What is a valid Symantec Endpoint Protection (SEP) single site design?

Options:

A.  

Multiple MySQL databases

B.  

One Microsoft SQL Server database

C.  

One Microsoft SQL Express database

D.  

Multiple embedded databases

Discussion 0
Questions 14

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Options:

A.  

Infected and At Risk Computers report

B.  

Risk log

C.  

Notifications

D.  

Computer Status report

Discussion 0
Questions 15

Why does Power Eraser need Internet access?

Options:

A.  

Validate root certificates on all portable executables (PXE) files

B.  

Leverage Symantec Insight

C.  

Ensure the Power Eraser tool is the latest release

D.  

Look up CVE vulnerabilities

Discussion 0
Questions 16

An administrator receives a browser certificate warning when accessing the Symantec Endpoint Protection Manager (SEPM) Web console.

Where can the administrator obtain the certificate?

Options:

A.  

SEPM console Licenses section

B.  

Admin > Servers > Configure SecureID Authentication

C.  

SEPM console Admin Tasks

D.  

SEPM Web Access

Discussion 0
Questions 17

Which object in the Symantec Endpoint Protection Manager console describes the most granular level to which a policy can be assigned?

Options:

A.  

Group

B.  

Computer

C.  

User

D.  

Client

Discussion 0
Questions 18

A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SET Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process.

What is the most likely reason?

Options:

A.  

The server is in the IPS policy excluded hosts list.

B.  

The block rule is below the blue line.

C.  

Peer-to-peer authentication is allowing the traffic.

D.  

The server has an IPS exception for that traffic.

Discussion 0
Questions 19

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.

What is the quickest way an administrator can restore the environment to its original state?

Options:

A.  

Install a new SEPM into the existing site

B.  

Reinstall the entire SEPM environment

C.  

Clone the still functioning SEPM and change the server.properties file

D.  

Build a new site and configure replication with the still functioning SEPM

Discussion 0
Questions 20

Which setting can an administrator configure in the LiveUpdate policy?

Options:

A.  

Linux Settings

B.  

Frequency to download content

C.  

Specific content revision to download from a Group Update Provider (GUP)

D.  

Specific content policies to download

Discussion 0
250-428 Questions Answers | 250-428 Test Prep | Administration of Symantec Endpoint Protection 14 Questions PDF | 250-428 Online Exam | 250-428 Practice Test | 250-428 PDF | 250-428 Test Questions | 250-428 Study Material | 250-428 Exam Preparation | 250-428 Valid Dumps | 250-428 Real Questions | Endpoint Protection 14 250-428 Exam Questions