Labour Day Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Administration of Symantec Advanced Threat Protection 3.0 Question and Answers

Administration of Symantec Advanced Threat Protection 3.0

Last Update Apr 27, 2024
Total Questions : 96

We are offering FREE 250-441 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-441 free exam questions and then go for complete pool of Administration of Symantec Advanced Threat Protection 3.0 test questions that will help you more.

250-441 pdf

250-441 PDF

$35  $99.99
 Add to Cart
250-441 Engine

250-441 Testing Engine

$42  $119.99
 Add to Cart
250-441 PDF + Engine

250-441 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an

incident for an After Actions Report?

Options:

A.  

It ensures that the Incident is resolved, and the responder can clean up the infection.

B.  

It ensures that the Incident is resolved, and the responder can determine the best remediation method.

C.  

It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the

environment.

D.  

It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

Discussion 0
Questions 2

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

Options:

A.  

Add a Quarantine firewall policy for non-compliant and non-remediated computers.

B.  

Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

C.  

Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager

(SEPM).

D.  

Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

E.  

Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Discussion 0
Questions 3

What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

Options:

A.  

Reputation-based security

B.  

Event correlation

C.  

Network detection component

D.  

Detonation/sandbox

Discussion 0
Questions 4

An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants

to use operators in the expression.

Which tokens accept one or more of the available operators when building an expression?

Options:

A.  

All tokens

B.  

Domainname, Filename, and Filehash

C.  

Filename, Filehash, and Registry

D.  

Domainname and Filename only

Discussion 0
Questions 5

An Incident responder added a files NDS hash to the blacklist.

Which component of SEP enforces the blacklist?

Options:

A.  

Bloodhound

B.  

System Lockdown

C.  

Intrusion Prevention

D.  

SONAR

Discussion 0
Questions 6

An organization has five (5) shops with a few endpoints and a large warehouse where 98% of all computers are located. The shops are connected to the warehouse using leased lines and access internet through the warehouse network.

How should the organization deploy the network scanners to observe all inbound and outbound traffic based on Symantec best practices for Inline mode?

Options:

A.  

Deploy a virtual network scanner at each shop

B.  

Deploy a virtual network scanner at the warehouse and a virtual network scanner at each shop

C.  

Deploy a physical network scanner at each shop

D.  

Deploy a physical network scanner at the warehouse gateway

Discussion 0
Questions 7

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

Options:

A.  

Close any open shares

B.  

Identify the threat and understand how it spreads

C.  

Create subnets or VLANs and configure the network devices to restrict traffic

D.  

Set executables on network drives as read only

E.  

Identify affected clients

Discussion 0
Questions 8

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

Options:

A.  

Capture

B.  

Incursion

C.  

Discovery

D.  

Exfiltration

Discussion 0
Questions 9

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)

web services?

Options:

A.  

8446

B.  

8081

C.  

8014

D.  

1433

Discussion 0
Questions 10

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

Options:

A.  

Discovery

B.  

Capture

C.  

Exfiltration

D.  

Incursion

Discussion 0
Questions 11

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

Options:

A.  

Capture

B.  

Incursion

C.  

Discovery

D.  

Exfiltration

Discussion 0
Questions 12

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

Options:

A.  

Rejoin healthy endpoints back to the network

B.  

Blacklist any suspicious files found in the environment

C.  

Submit any suspicious files to Cynic

D.  

Isolate infected endpoints to a quarantine network

E.  

Delete threat artifacts from the environment

Discussion 0
Questions 13

An Incident Responder observers and incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?

How should the Incident responder proceed?

Options:

A.  

Whitelist the domain and close the incident as a false positive

B.  

Identify the pieces of malware and blacklist them, then notify the supplier

C.  

Blacklist the domain and IP of the attacking site

D.  

Notify the supplier and block the site on the external firewall

Discussion 0
Questions 14

An ATP Administrator set up ATP: Network in TAP mode and has placed URLs on the blacklist.

What will happen when a user attempts to access one of the blacklisted URLs?

Options:

A.  

Access to the website is blocked by the network scanner but an event is NOT generated

B.  

Access to the website is blocked by the network scanner and a network event is generated

C.  

Access to the website is allowed by the network scanner but blocked by ATP: Endpoint and an endpoint event is generated

D.  

Access to the website is allowed by the network scanner but a network event is generated

Discussion 0
250-441 Questions Answers | 250-441 Test Prep | Administration of Symantec Advanced Threat Protection 3.0 Questions PDF | 250-441 Online Exam | 250-441 Practice Test | 250-441 PDF | 250-441 Test Questions | 250-441 Study Material | 250-441 Exam Preparation | 250-441 Valid Dumps | 250-441 Real Questions | Symantec Certified Specialist 250-441 Exam Questions