Administration of Symantec Advanced Threat Protection 3.0
Last Update Apr 27, 2024
Total Questions : 96
We are offering FREE 250-441 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-441 free exam questions and then go for complete pool of Administration of Symantec Advanced Threat Protection 3.0 test questions that will help you more.
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an
incident for an After Actions Report?
What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
What is the role of Synapse within the Advanced Threat Protection (ATP) solution?
An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants
to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?
An Incident responder added a files NDS hash to the blacklist.
Which component of SEP enforces the blacklist?
An organization has five (5) shops with a few endpoints and a large warehouse where 98% of all computers are located. The shops are connected to the warehouse using leased lines and access internet through the warehouse network.
How should the organization deploy the network scanners to observe all inbound and outbound traffic based on Symantec best practices for Inline mode?
Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)
Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?
Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)
web services?
Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?
Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
An Incident Responder observers and incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?
How should the Incident responder proceed?
An ATP Administrator set up ATP: Network in TAP mode and has placed URLs on the blacklist.
What will happen when a user attempts to access one of the blacklisted URLs?