Pre-Summer Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Symantec Data Loss Prevention 16.x Administration Technical Specialist Question and Answers

Symantec Data Loss Prevention 16.x Administration Technical Specialist

Last Update May 30, 2026
Total Questions : 100

We are offering FREE 250-587 Symantec exam questions. All you do is to just go and sign up. Give your details, prepare 250-587 free exam questions and then go for complete pool of Symantec Data Loss Prevention 16.x Administration Technical Specialist test questions that will help you more.

250-587 pdf

250-587 PDF

$36.75  $104.99
 Add to Cart
250-587 Engine

250-587 Testing Engine

$43.75  $124.99
 Add to Cart
250-587 PDF + Engine

250-587 PDF + Testing Engine

$57.75  $164.99
 Add to Cart
Questions 1

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

Options:

A.  

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.  

Modify the agent config.db to include the file

C.  

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.  

Modify the agent configuration and select the option “retain Original Files”

Discussion 0
Questions 2

Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

Options:

A.  

An absence of a trained incident response team

B.  

A disgruntled employee for a job with a competitor

C.  

Merger and Acquisition activities

D.  

Lack of training and awareness

E.  

Broken business processes

Discussion 0
Questions 3

What is Application Detection Configuration?

Options:

A.  

The Cloud Detection Service (CDS) process that tells Enforce a policy has been violated

B.  

The Data Loss Prevention (DLP) policy which has been pushed into Cloud Detection Service (CDC) for files in transit to or residing in Cloud apps

C.  

The terminology describing the Data Loss Prevention (DLP) process within the CloudSOC administration portal

D.  

the setting configured within the user interface (UI) that determines whether CloudSOC should send a file to Cloud Detection Service (CDS) for analysis.

Discussion 0
Questions 4

What detection server type requires a minimum of two physical network interface cards?

Options:

A.  

Network Prevent for Web

B.  

Network Prevent for Email

C.  

Network Monitor

D.  

Cloud Detection Service (CDS)

Discussion 0
Questions 5

How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?

Options:

A.  

Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.

B.  

Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.

C.  

Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.

D.  

Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

Discussion 0
Questions 6

What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

Options:

A.  

Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller

B.  

Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller

C.  

Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.

D.  

Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Discussion 0
Questions 7

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.

What are the processes missing from the Server Detail page display?

Options:

A.  

The detection server Display Control Process option is disabled on the Server Detail page.

B.  

The Display Process Control setting on the Advanced Settings page is disabled.

C.  

The detection server PacketCapture process is displayed on the Server Overview page.

D.  

The Advanced Process Control setting on the System Settings page is deselected.

Discussion 0
Questions 8

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

Options:

A.  

sysadmin\username

B.  

sysadmin\username@domain

C.  

domain\username

D.  

username\sysadmin

Discussion 0
Questions 9

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

Options:

A.  

Custom attributes

B.  

Status attributes

C.  

Sender attributes

D.  

User attributes

Discussion 0
Questions 10

Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

Options:

A.  

Endpoint Discover: Quarantine File

B.  

All: Send Email Notification

C.  

Endpoint Prevent: User Cancel

D.  

Endpoint Prevent: Block

E.  

Network Protect: Quarantine File

Discussion 0
Questions 11

Refer to the exhibit. Which type of Endpoint response rule is shown?

Options:

A.  

Endpoint Prevent: User Notification

B.  

Endpoint Prevent: Block

C.  

Endpoint Prevent: Notify

D.  

Endpoint Prevent: User Cancel

Discussion 0
Questions 12

Which service encrypts the message when using a Modify SMTP Message response rule?

Options:

A.  

Network Monitor server

B.  

SMTP Prevent

C.  

Enforce server

D.  

Encryption Gateway

Discussion 0
Questions 13

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

Options:

A.  

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.  

Double-check that the correct device ID or class has been entered for each device

C.  

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.  

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Discussion 0
Questions 14

Which two components can perform a file system scan of a workstation? (Choose two.)

Options:

A.  

Endpoint Server

B.  

DLP Agent

C.  

Network Prevent for Web Server

D.  

Discover Server

E.  

Enforce Server

Discussion 0
Questions 15

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.

When does the DLP agent stop scanning?

Options:

A.  

When the agent sends a report within the “Scan Idle Timeout” period

B.  

When the endpoint computer is rebooted and the agent is started

C.  

When the agent is unable to send a status report within the “Scan Idle Timeout” period

D.  

When the agent sends a report immediately after the “Scan Idle Timeout” period

Discussion 0
Questions 16

A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger than 1MB are turning to .BAD files.

What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

Options:

A.  

A corrupted policy was deployed.

B.  

The Enforce server’s hard drive is out of space.

C.  

A detection server has excessive filereader restarts.

D.  

Tablespace is almost full.

Discussion 0
Questions 17

How should a DLP administrator change a policy that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

Options:

A.  

Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected

B.  

Modify the agent configuration and select the option “Retain Original Files”

C.  

Modify the agent config.db to include the file

D.  

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

Discussion 0
Questions 18

Which two (2) technologies should an organization utilize for integration with the Network Prevent products? (Choose two.)

Options:

A.  

Mail Transfer Agent

B.  

Network Tap

C.  

Proxy Server

D.  

Network Firewall

E.  

Encryption Appliance

Discussion 0
Questions 19

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Options:

A.  

The OCR engine must be installed on detection server other than the Enforce server.

B.  

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

C.  

The OCR engine must be directly on the Enforce server.

D.  

The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Discussion 0
Questions 20

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

A.  

Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

B.  

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

C.  

Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

D.  

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Discussion 0
Questions 21

What detection technology supports partial contents matching?

Options:

A.  

Optical Character Recognition (OCR)

B.  

Exact Data Matching (EDM)

C.  

Indexed Document Matching (IDM)

D.  

Described Content Matching (DCM)

Discussion 0
Questions 22

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.  

To specify Wi-Fi SSID names

B.  

To specify an IP address or range

C.  

To specify the endpoint server

D.  

To specify domain names

E.  

To specify network card status (ON/OFF)

Discussion 0
Questions 23

Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

Options:

A.  

Exchange

B.  

File System

C.  

Lotus Notes

D.  

SharePoint

Discussion 0
Questions 24

Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?

Options:

A.  

Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.

B.  

Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.

C.  

Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.

D.  

Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.

Discussion 0
Questions 25

Which statement accurately describes where Optical Character Recognition (OCR) On-Premises DLP Core components must be installed?

Options:

A.  

The OCR engine must be installed directly on the Enforce server.

B.  

The OCR engine must be installed on one or more detection servers.

C.  

The OCR server software must by installed on one or more dedicated (non-detection) Windows servers.

D.  

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

Discussion 0
Questions 26

Which two (2) detection servers are available as virtual appliances? (Choose two.)

Options:

A.  

Network Prevent for Email

B.  

Network Monitor

C.  

Network Discover

D.  

Network Prevent for Web

E.  

Optical Character Recognition (OCR)

Discussion 0
Questions 27

Which type of detector integrates with Symantec CloudSOC?

Options:

A.  

Cloud Detection Service for REST

B.  

Cloud Detection Service for ICAP

C.  

Cloud Detection Service for SMTP

D.  

Cloud Prevent detector

Discussion 0
Questions 28

Which two detection technology options ONLY run on a detection server? (Choose two.)

Options:

A.  

Form Recognition

B.  

Indexed Document matching (IDM)

C.  

Described Content Matching (DCM)

D.  

Exact data matching (EDM)

E.  

vector Machine Learning (VML)

Discussion 0
Questions 29

Which of the following actions can you implement ONLY as a Smart Response rule (and not as an automates response rule)?

Options:

A.  

All: Limit Incident Data Retention

B.  

Network Protect: SharePoint Release From Quarantine

C.  

All: Set Attribute

D.  

All: Add Note

Discussion 0
Questions 30

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

Options:

A.  

The new agent configuration was saved but not applied to any endpoint groups.

B.  

The new agent configuration was copied and modified from the default agent configuration.

C.  

The default agent configuration must be disabled before the new configuration can take effect.

D.  

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Discussion 0