Which antimalware intensity level is defined by the following: "Blocks files that are most certainly bad or potentially bad files results in a comparable number of false positives and false negatives."

Which two (2) scan range options are available to an administrator for locating unmanaged endpoints? (Select two)

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

What is the purpose of a Threat Defense for Active Directory Deceptive Account?

What account type must the AD Gateway Service Account be assigned to the AD Gateway device for AD Synchronization to function correctly?

Which term or expression is utilized when adversaries leverage existing tools in the environment?

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

An organization recently experienced an outbreak and is conducting a health check of the environment. What Protection Technology can the SEP team enable to control and monitor the behavior of applications?

Which two (2) security controls are utilized by an administrator to mitigate threats associated with the Discovery phase? (Select two)

Which SES feature helps administrators apply policies based on specific endpoint profiles?

Which of the following is a benefit of choosing a hybrid SES Complete architecture?

What type of condition must be included in a custom incident rule in order for it to be valid?

A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system.

In which feature set order must the threat pass through to successfully infect the system?

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

On which platform is LiveShell available?

What must be entered before downloading a file from ICDm?

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Which EDR feature is used to search for real-time indicators of compromise?

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

Which Incident View widget shows the parent-child relationship of related security events?

What does the MITRE ATT&CK Matrix consist of?

Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

What is the function of Symantec Insight?

What are the two (2) locations where an Incident Responder should gather data for an After Actions Report in SEDR? (Select two)

Which option should an administrator utilize to temporarily or permanently block a file?

What should an administrator utilize to identify devices on a Mac?

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Which two (2) criteria are used by Symantec Insight to evaluate binary executables? (Select two.)

Using a hybrid environment, if a SEPM-managed endpoint cannot connect to the SEPM, how quickly can an administrator receive a security alert if the endpoint is using a public hot-spot?

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?

Which technology can prevent an unknown executable from being downloaded through a browser session?

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

What type of Threat Defense for Active Directory alarms are displayed after domain misconfigurations or hidden backdoors are detected?

Which SES advanced feature detects malware by consulting a training model composed of known good and known bad files?

What protection technology should an administrator enable to prevent double executable file names of ransomware variants like Cryptolocker from running?

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.

Which action should the administrator take to ensure that the desired setting is in place for the client?

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

What must be entered before downloading a file from ICDm?

What permissions does the Security Analyst Role have?

After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account.

Which action should the administrator take to correct the problem with minimal impact on the existing environment?

Which Discover and Deploy process requires the LocalAccountTokenFilterPolicy value to be added to the Windows registry of endpoints, before the process begins?