Symantec Data Loss Prevention 16.x Administration Technical Specialist
Last Update Jul 17, 2026
Total Questions : 108
We are offering FREE 250-587 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-587 free exam questions and then go for complete pool of Symantec Data Loss Prevention 16.x Administration Technical Specialist test questions that will help you more.
What is the first step an administrator should take to improve the performance of Network Monitor when network traffic exceeds 1 Gbps?
What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?
A compliance officer needs to understand how the company is complying with its data security policies over time.
Which report should be compliance officer generate to obtain the compliance information?
A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team.
Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?
Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?
A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.
What is one possible reason that the agent fails to receive the new configuration?
Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)
A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.
What is one possible reason that the agent fails to receive the new configuration?
Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password.
What should the administrator do to work around the password problem?
Where do you configure the list of Endpoint Servers (or load balancers) to which a DLP Agent can report?
What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?
What detection server is used for Network Discover, Network Protect, and Cloud Storage?
Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?
A divisional executive requests a report of all incidents generated by a particular region, summarized by department.
What does the DLP administrator need to configure to generate this report?
Which two (2) technologies should an organization utilize for integration with the Network Prevent products? (Choose two.)
A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.
How should the administrator bring the detection servers to a running state in the Enforce management console?
An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”
How should the administrator log in to the Enforce console with the “sysadmin” role?
Which action is available for use in both Smart Response and Automated Response rules?
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?
What are two (2) reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)
Refer to the exhibit.
What activity should occur during the baseline phase, according to the risk reduction model?
Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)
Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?
Which of the following would have to be a custom attribute (and not an out-of -the-box system attribute) in incident snapshots?
What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)