Summer Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Symantec Data Loss Prevention 16.x Administration Technical Specialist Question and Answers

Symantec Data Loss Prevention 16.x Administration Technical Specialist

Last Update Jul 17, 2026
Total Questions : 108

We are offering FREE 250-587 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-587 free exam questions and then go for complete pool of Symantec Data Loss Prevention 16.x Administration Technical Specialist test questions that will help you more.

250-587 pdf

250-587 PDF

$36.75  $104.99
250-587 Engine

250-587 Testing Engine

$43.75  $124.99
250-587 PDF + Engine

250-587 PDF + Testing Engine

$57.75  $164.99
Questions 1

What detection technology supports partial row matching?

Options:

A.  

Vector Machine Learning (VML)

B.  

Indexed Document Matching (IDM)

C.  

described Content Matching (EDM)

D.  

Exact data Matching (EDM)

Discussion 0
Questions 2

What is the first step an administrator should take to improve the performance of Network Monitor when network traffic exceeds 1 Gbps?

Options:

A.  

Increase system memory (RAM) for existing Network Prevent servers.

B.  

Add more Network Prevent servers to the Symantec DLP environment.

C.  

Filter out all network traffic that is unreadable to Network Monitor.

D.  

Install network taps and connect them to existing Network Monitor servers.

Discussion 0
Questions 3

What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

Options:

A.  

Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller

B.  

Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller

C.  

Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.

D.  

Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Discussion 0
Questions 4

Which detection server is available from Symantec as a hardware appliance?

Options:

A.  

Network Prevent for Email

B.  

Network Discover

C.  

Network Monitor

D.  

Network Prevent for Web

Discussion 0
Questions 5

A compliance officer needs to understand how the company is complying with its data security policies over time.

Which report should be compliance officer generate to obtain the compliance information?

Options:

A.  

Policy report, filtered on date and summarized by policy

B.  

Policy Trend report, summarized by policy, then quarter

C.  

Policy report, filtered on quarter and summarized by policy

D.  

Policy Trend report, summarized by policy, then severity

Discussion 0
Questions 6

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team.

Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

Options:

A.  

select database version from < database name > ;

B.  

select * from db$version;

C.  

select * from v$version;

D.  

select db$ver from < database name > ;

Discussion 0
Questions 7

Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

Options:

A.  

Exchange

B.  

File System

C.  

Lotus Notes

D.  

SharePoint

Discussion 0
Questions 8

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

Options:

A.  

The new agent configuration was saved but not applied to any endpoint groups.

B.  

The new agent configuration was copied and modified from the default agent configuration.

C.  

The default agent configuration must be disabled before the new configuration can take effect.

D.  

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Discussion 0
Questions 9

Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.  

Allow the content to be posted

B.  

Remove the content through FlexResponse

C.  

Block the content before posting

D.  

Encrypt the content before posting

E.  

Redirect the content to an alternative destination

Discussion 0
Questions 10

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

Options:

A.  

The default agent configuration must be disabled before the new configuration can be assigned.

B.  

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

C.  

The new agent configuration was saved but not applied to any endpoint groups.

D.  

The new agent configuration was copied and modified from the default agent configuration.

Discussion 0
Questions 11

What detection technology supports partial contents matching?

Options:

A.  

Optical Character Recognition (OCR)

B.  

Exact Data Matching (EDM)

C.  

Indexed Document Matching (IDM)

D.  

Described Content Matching (DCM)

Discussion 0
Questions 12

Where should an administrator set the debug levels for an Endpoint Agent?

Options:

A.  

Setting the log level within the Agent List

B.  

Advanced configuration within the Agent settings

C.  

Setting the log level within the Agent Overview

D.  

Advanced server settings within the Endpoint server

Discussion 0
Questions 13

Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

Options:

A.  

Endpoint Discover: Quarantine File

B.  

All: Send Email Notification

C.  

Endpoint Prevent: User Cancel

D.  

Endpoint Prevent: Block

E.  

Network Protect: Quarantine File

Discussion 0
Questions 14

Which channel does Endpoint Prevent protect using Device Control?

Options:

A.  

Bluetooth

B.  

USB storage

C.  

CD/DVD

D.  

Network card

Discussion 0
Questions 15

Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

Options:

A.  

There is insufficient disk space on the Network Monitor server.

B.  

The Network Monitor server’s certificate is corrupt or missing.

C.  

The Network Monitor server’s license file has expired.

D.  

The Enforce and Network Monitor servers are running different versions of DLP.

Discussion 0
Questions 16

A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password.

What should the administrator do to work around the password problem?

Options:

A.  

Apply a new global agent uninstall password in the Enforce management console.

B.  

Manually delete all the Endpoint agent files from the test computer and install a new agent package.

C.  

Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server

D.  

Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Discussion 0
Questions 17

Where do you configure the list of Endpoint Servers (or load balancers) to which a DLP Agent can report?

Options:

A.  

In the Agent Package

B.  

In the Agent Configuration

C.  

In the Agent Group

D.  

In the Agent Overview

Discussion 0
Questions 18

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Options:

A.  

Smart response on the Incident page

B.  

Automated Response on the Incident Snapshot page

C.  

Smart response on an Incident List report

D.  

Automated response on an Incident List report

Discussion 0
Questions 19

What detection server is used for Network Discover, Network Protect, and Cloud Storage?

Options:

A.  

Network Protect Storage Discover

B.  

Network Discover/Cloud Storage Discover

C.  

Network Prevent/Cloud Detection Service

D.  

Network Protect/Cloud Detection Service

Discussion 0
Questions 20

Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?

Options:

A.  

Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.

B.  

Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.

C.  

Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.

D.  

Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.

Discussion 0
Questions 21

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

Options:

A.  

Custom attributes

B.  

Status attributes

C.  

Sender attributes

D.  

User attributes

Discussion 0
Questions 22

Which two (2) technologies should an organization utilize for integration with the Network Prevent products? (Choose two.)

Options:

A.  

Mail Transfer Agent

B.  

Network Tap

C.  

Proxy Server

D.  

Network Firewall

E.  

Encryption Appliance

Discussion 0
Questions 23

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.

How should the administrator bring the detection servers to a running state in the Enforce management console?

Options:

A.  

Restart the Vontu Update Service on the Enforce server

B.  

Ensure the Vontu Monitor Controller service is running in the Enforce server

C.  

Delete all of the .BAD files in the Incidents folder on the Enforce server

D.  

Restart the Vontu Monitor Service on all the affected detection servers

Discussion 0
Questions 24

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

Options:

A.  

sysadmin\username

B.  

sysadmin\username@domain

C.  

domain\username

D.  

username\sysadmin

Discussion 0
Questions 25

Which action is available for use in both Smart Response and Automated Response rules?

Options:

A.  

Log to a Syslog Server

B.  

Limit incident data retention

C.  

Modify SMTP message

D.  

Block email message

Discussion 0
Questions 26

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

Options:

A.  

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.  

Modify the agent config.db to include the file

C.  

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.  

Modify the agent configuration and select the option “retain Original Files”

Discussion 0
Questions 27

What are two (2) reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.  

To specify the endpoint server

B.  

To specify an IP address or range

C.  

To specify network card status (ON/OFF)

D.  

To specify domain names

E.  

To specify Wi-Fi SSID names

Discussion 0
Questions 28

Refer to the exhibit.

What activity should occur during the baseline phase, according to the risk reduction model?

Options:

A.  

Define and build the incident response team

B.  

Monitor incidents and tune the policy to reduce false positives

C.  

Establish business metrics and begin sending reports to business unit stakeholders

D.  

Test policies to ensure that blocking actions minimize business process disruptions

Discussion 0
Questions 29

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

Options:

A.  

Endpoint Prevent

B.  

Cloud Service for Email

C.  

Network Prevent for Email

D.  

Network Discover

E.  

Cloud Detection Service

Discussion 0
Questions 30

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Options:

A.  

The OCR engine must be installed on detection server other than the Enforce server.

B.  

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

C.  

The OCR engine must be directly on the Enforce server.

D.  

The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Discussion 0
Questions 31

Which of the following would have to be a custom attribute (and not an out-of -the-box system attribute) in incident snapshots?

Options:

A.  

Network Prevent Action

B.  

Endpoint Location

C.  

Employee Phone Number

D.  

See Before

Discussion 0
Questions 32

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.  

To specify Wi-Fi SSID names

B.  

To specify an IP address or range

C.  

To specify the endpoint server

D.  

To specify domain names

E.  

To specify network card status (ON/OFF)

Discussion 0