Symantec PracticeTest 250-428 v2019-08-17 by Maddison 73q

250-428.
73q
Number: 250-428
Passing Score: 800
Time Limit: 120 min
250-428
https://www.gratisexam.com/
Administration of Symantec Endpoint Protection 14
Exam A
QUESTION 1
Which setting can an administrator configure in the LiveUpdate policy?
A. Linux Settings
B. Frequency to download content.
C. Specific content revision to download from a Group Update Provider (GUP)
D. Specific content policies to download
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
References: https://support.symantec.com/en_US/article.TECH104435.html
QUESTION 2
A Symantec Endpoint Protection Manager (SEPM) administrator notices performance issues with the SEPM server. The Client tab becomes unresponsive in the
SEPM console and .DAT files accumulate in the “agentinfo” folder.
Which tool should the administrator use to gather log files to submit to Symantec Technical Support?
A. collectLog.cmd
B. LogExport.exe
C. smc.exe
D. ExportLog.vbs
Correct Answer: A
Section: (none)
Explanation
QUESTION 3
Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)
A. Application Learning should be deployed on a small group of systems in the enterprise.

B. Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.
C. Application Learning is dependent on Insight.
D. Application Learning requires a file fingerprint list to be created in advance.
E. Application Learning can generate increased false positives.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 4
Which task should an administrator perform to troubleshoot operation of the Symantec Endpoint Protection embedded database?
A. Verify the sqlserver.exe service is running on port 1433

B. Verify that dbsrv11.exe is listening on port 2638
C. Check the database transaction logs in X:\Program Files\Microsoft SQL Server
D. Check whether the MSSQLSERVER service is running
Correct Answer: B
Section: (none)
Explanation
QUESTION 5
An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to
remediate the threat.
Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?
A. Infected and At Risk Computers report

B. Risk log
C. Notifications
D. Computer Status report
Correct Answer: B
Section: (none)
Explanation
QUESTION 6
An administrator reports that the Home, Monitors, and Report pages are absent in the Symantec Endpoint Protection Management console when the administrator
logs on.
Which action should the administrator perform to correct the problem?
A. Grant the Administrator Full Access to Root group of the organization

B. Configure proxy settings for each server in the site
C. Configure External Logging to Enable Transmission of Logs to a Syslog Server
D. Grant View Reports permission to the administrator
Correct Answer: D
Section: (none)
Explanation
QUESTION 7
An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the
files, the infection continues to display in the logs.
Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)
A. Stop Service Automatically

B. Stop and Reload AutoProtect
C. Terminate Processes Automatically
D. Risk Tracer
E. Early Launch Anti-Malware Driver
Correct Answer: AC
Section: (none)
Explanation
QUESTION 8
A company deploys Symantec Endpoint Protection (SEP) to50 virtual machines running on a single ESXi host.
Which configuration change can the administrator make to minimize sudden IOPS impact on the ESXi server while each SEP endpoint communicates with the
Symantec Endpoint Protection Manager?
A. Reduce number of content revisions to keep

B. Increase download randomization window
C. Reduce the heartbeat interval
D. Increase Download Insight sensitivity level
Correct Answer: B
Section: (none)
Explanation
QUESTION 9
An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.
What is the likely problem?
A. The Symantec Endpoint Protection Manager is installed on a Domain Controller
B. The client computers already have exclusions for the applications.
C. The Learn applications that run on the client computers setting is disabled.
D. The clients are in a trusted Symantec Endpoint Protection domain.
Correct Answer: C
Section: (none)
Explanation
QUESTION 10
An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to
minimize the amount of traffic from content passing through the firewall.
Which source must the administrator avoid using?
A. Group Update Provider (GUP)

B. LiveUpdate Administrator (LUA)
C. Symantec Endpoint Protection Manager
D. Shared Insight Cache (SIC)
Correct Answer: B
Section: (none)
Explanation
QUESTION 11
DRAG DROP
Match the following list of ports used by Symantec Endpoint Protection (SEP) to the defining characteristics by clicking and dragging the port on the left to the
corresponding description on the right.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation:
References: https://support.symantec.com/en_US/article.HOWTO81103.html
QUESTION 12
The security status on the console home page is failing to alert a Symantec Endpoint Protection (SEP) administrator when virus definitions are out of date.
How should the SEP administrator enable the Security Status alert?
A. Change the Notifications setting to “Show all notifications”
B. Raise the Security Status thresholds
C. Change the Action Summary display to “By number of computers”
D. Lower the Security Status thresholds
Correct Answer: D
Section: (none)
Explanation
QUESTION 13
A company receives a high number of reports from users that files being downloaded from internal web servers are blocked. The Symantec Endpoint Protection
administrator verifies that the Automatically trust any file downloaded from an intranet website option is enabled.
Which configuration can cause Insight to block the files being downloaded from the internal web servers?
A. Virus and Spyware definitions are out of date.

B. Local intranet zone is configured incorrectly on the Mac clients browser settings.
C. Intrusion prevention is disabled.
D. Local intranet zone is configured incorrectly on the Windows clients browser settings.
Correct Answer: D
Section: (none)
Explanation
QUESTION 14
An administrator is using the SylinkDrop tool to update a Symantec Endpoint Protection client install on a system. The client fails to migrate to the new Symantec
Endpoint Protection Manager (SEPM), which is defined correctly in the Sylink.xml file that was exported from the SEPM.
Which settings must be provided with SylinkDrop to ensure the successful migration to a new Symantec Endpoint Protection environment with additional Group
Level Security Settings?
A. –s “silent”
B. –t “Tamper Protect”
C. –p “password”
D. –r “reboot”
Correct Answer: C
Section: (none)
Explanation
QUESTION 15
Which protection engine should an administrator enable in order to drop malicious vulnerability scans against a client system?
A. SONAR
B. Intrusion Prevention
C. Application and Device Control
D. Tamper Protection
Correct Answer: B
Section: (none)
Explanation
QUESTION 16
Which two settings does an administrator enable to use the Risk Tracer Feature in the Virus and Spyware Protection policy? (Select two.)
A. Firewall Policy
B. Application and Device Control Policy
C. Application Learning
D. Tamper Protection
E. IPS active response
Correct Answer: AE
Section: (none)
Explanation
QUESTION 17
Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?
A. Rebuilding database indexes

B. Lowering the client installation log entries
C. Limiting the number of backups to keep
D. Decreasing the number of content revisions to keep
Correct Answer: A
Section: (none)
Explanation
QUESTION 18
Which two criteria should an administrator use when defining Location Awareness for the Symantec Endpoint Protection (SEP) client? (Select two.)
A. SEP domain
B. WINS server
C. Network Speed
D. NIC description
E. geographic location
Correct Answer: BD
Section: (none)
Explanation
QUESTION 19
An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.
Which component log should the administrator check to determine whether the communication between the two sites is working correctly?
A. Tomcat
B. Apache Web Server
C. Group Update Provider (GUP)
D. SQL Server
Correct Answer: A
Section: (none)
Explanation
QUESTION 20
What is a function of Symantec Insight?
A. Provides reputation ratings for binary executables.

B. Enhances the capability of Group Update Providers (GUP)
C. Provides reputation ratings for structured data
D. Increases the efficiency and effectiveness of LiveUpdate
Correct Answer: A
Section: (none)
Explanation
QUESTION 21
Which two options are available when configuring DNS change detections for SONAR? (Select two.)
A. Log
B. Quarantine
C. Block
D. Active Response
E. Trace
Correct Answer: AC
Section: (none)
Explanation
QUESTION 22
A company has 10,000 Symantec Endpoint Protection (SEP) clients deployed using two Symantec Endpoint Protection Managers (SEPMs).
Which configuration is recommended to ensure that each SEPM is able to effectively handle the communications load with the SEP clients?
A. Pull mode
B. Push mode
C. Server control mode
D. Client control mode
Correct Answer: A
Section: (none)
Explanation
QUESTION 23
An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The
administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data
centers is allowed 20 hours a day.
How should the administrator architect this organization?
A. Set up 3 domains
B. Set up 3 sites
C. Set up 3 groups
D. Set up 3 locations
Correct Answer: A
Section: (none)
Explanation
QUESTION 24
A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers
that the reports happen about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?
A. Disable Allow user-defined scans to run when the scan author is logged off
B. Change the LiveUpdate schedule
C. Disable Run an Active Scan when new definitions arrive
D. Change the Administrator-defined scan schedule
Correct Answer: C
Section: (none)
Explanation
QUESTION 25
Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?
A. Define signature variables

B. Enable signature logging
C. Change the custom signature order
D. Create a Custom Intrusion Prevention Signature library
Correct Answer: D
Section: (none)
Explanation
QUESTION 26
Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade according to best practices?
A. CollectLog.cmd
B. DBValidator.bat
C. LogExport.cmd
D. Upgrade.exe
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.
Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?
A. Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line
B. Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line
C. Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.
D. Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.
Correct Answer: A
Section: (none)
Explanation
QUESTION 28
Which action does SONAR take before convicting a process?
A. Checks the reputation of the process.
B. Restarts the system.
C. Quarantines the process.
D. Blocks suspicious behavior.
Correct Answer: A
Section: (none)
Explanation
QUESTION 29
An administrator is re-adding an existing Replication Partner to the local Symantec Endpoint Protection Manager site.
Which two parameters are required to re-establish this replication partnership? (Select two.)
A. Remote site Encryption Password

B. Remote server IP Address and port
C. Remote SQL database account credentials
D. Remote server Administrator credentials
E. Remote site Domain ID
Correct Answer: BD
Section: (none)
Explanation
QUESTION 30
A company uses a remote administration tool that is detected as Hacktool.KeyLoggPro and quarantined by Symantec Endpoint Protection (SEP).
Which step can an administrator perform to continue using the remote administration tool without detection by SEP?
A. Create a Tamper Protect exception for the tool

B. Create a SONAR exception for the tool
C. Create an Application to Monitor exception for the tool
D. Create a Known Risk exception for the tool
Correct Answer: D
Section: (none)
Explanation
QUESTION 31
A Symantec Endpoint Protection (SEP) administrator performed a disaster recovery without a database backup.
In which file should the SEP administrator add “scm.agent.groupcreation=true” to enable the automatic creation of client groups?
A. conf.properties
B. httpd.conf
C. settings.conf
D. catalina.out
Correct Answer: A
Section: (none)
Explanation
QUESTION 32
Why does Power Eraser need Internet access?
A. Validate root certificates on all portable executables (PXE) files

B. Leverage Symantec Insight
C. Ensure the Power Eraser tool is the latest release
D. Look up CVE vulnerabilities
Correct Answer: B
Section: (none)
Explanation
QUESTION 33
Why is Notepad unable to save the changes to the file in the image below?
A. SONAR High Risk detection is set to Block

B. SONAR is set to block host file modifications.
C. Tamper Protection is preventing Notepad from modifying the host file.
D. System Lockdown is enabled.
Correct Answer: B
Section: (none)
Explanation
QUESTION 34
Which package type should an administrator use to reduce a SEP environment’s footprint when considering that new SEP 14 clients will be installed on point of sale
terminals?
A. Default Standard Client

B. Default Embedded or VDI client
C. Default dark network client
D. Custom Standard client
Correct Answer: B
Section: (none)
Explanation
QUESTION 35
Which two criteria are used by Symantec Insight to evaluate binary executables? (Select two.)
A. Age
B. Prevalence
C. Sensitivity
D. Confidentiality
E. Content
Correct Answer: AB
Section: (none)
Explanation
QUESTION 36
What happens when the license expires in Symantec Endpoint Protection 14 Enterprise Edition?
A. Group Update Providers (GUP) stop
B. Symantec Insight is disabled
C. Content updates continue
D. LiveUpdate stops
Correct Answer: C
Section: (none)
Explanation
QUESTION 37
The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive delta content packages instead of full content
packages?
A. 10
B. 30
C. 20
D. 60
Correct Answer: B
Section: (none)
Explanation
References:
https://support.symantec.com/en_US/article.TECH94916.html
https://support.symantec.com/en_US/article.TECH131528.html
QUESTION 38
Which feature reduces the impact of Auto-Protect on a virtual client guest operating system?
A. Network Shared Insight Cache

B. Scan Randomization
C. Virtual Shared Insight Cache
D. Virtual Image Exception
Correct Answer: D
Section: (none)
Explanation
QUESTION 39
Which settings can impact the Files trusted count?
A. System Lockdown Whitelist in the Application and Device Control Policy

B. File Cache settings in the Virus and Spyware Protection policy
C. Insight settings in the Virus and Spyware Protection policy
D. SONAR settings in the Virus and Spyware Protection policy
Correct Answer: C
Section: (none)
Explanation
QUESTION 40
Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.
What is the quickest way an administrator can restore the environment to its original state?
A. Install a new SEPM into the existing site

B. Reinstall the entire SEPM environment
C. Clone the still functioning SEPM and change the server.properties file
D. Build a new site and configure replication with the still functioning SEPM
Correct Answer: A
Section: (none)
Explanation
QUESTION 41
A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread evenly across two sites. The administrator needs to direct replication
activity to SEPM3 server in Site 1 and SEPM4 in Site 2.
Which two actions should the administrator take to direct replication activity to SEPM3 and SEPM4? (Select two.)
A. Install the SQL Server databases on SEPM3 and SEPM4

B. Ensure SEPM3 and SEPM4 are in the same time zone
C. Ensure SEPM3 and SEPM4 are defined as remote servers in the replication partner configuration
D. Install SEPM3 and SEPM4 after the other SEPMs
E. Ensure SEPM3 and SEPM4 are defined as the top priority server in in the Site Settings
Correct Answer: CE
Section: (none)
Explanation
QUESTION 42
An administrator needs to increase the access speed for client files that are stored on a file server.
Which configuration should the administrator review to address the read speed from the server?
A. Enable Network Cache in the client’s Virus and Spyware Protection policy
B. Add the applicable server to a trusted host group
C. Enable download randomization in the client group’s communication settings
D. Create a Firewall allow rule for the server’s IP address.
Correct Answer: A
Section: (none)
Explanation
QUESTION 43
Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?
A. Host Integrity Policy

B. Exceptions Policy
C. Virus and Spyware Protection Policy
D. Application and Device Control Policy
Correct Answer: C
Section: (none)
Explanation
References: https://www.symantec.com/connect/articles/sep-121-virtualization
QUESTION 44
An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment. What will the tool do when it is run on each system?
A. run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions

B. disable Tamper Protect and deploys a Sylink.xml
C. add a new Extended File Attribute value to all existing files
D. remove unique Hardware IDs and GUIDs from the system
Correct Answer: D
Section: (none)
Explanation
QUESTION 45
Where in the Symantec Endpoint Protection (SEP) management console will a SEP administrator find the option to allow all users to enable and disable the client
firewall?
A. Settings in Intrusion Prevention Policy

B. Overview in Firewall Policy
C. Client User Interface Control Settings
D. System Lockdown in Group Policy
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.symantec.com/connect/forums/disable-protection-endpoint-protection-manager
QUESTION 46
A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices
that at least one of the files is allowed to execute.
What is the likely cause of the problem?
A. The application has been upgraded.

B. The Application and Device Control policy is in the test mode.
C. A file exception has been added to the Exceptions policy.
D. The Application and Device Control policy is allowing the file to execute.
Correct Answer: A
Section: (none)
Explanation
QUESTION 47
In addition to performance improvements, which two benefits does Insight provide? (Select two)
A. Reputation scoring for documents.

B. False positive migration.
C. Zero-day threat detection.
D. Blocks malicious websites.
E. Protects against malicious java scripts.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 48
Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?
A. The SIC server allocates additional memory for the whitelist as needed.
B. The SIC server will remove items with the fewest number of votes.
C. The SIC server will remove the least recently used items based on the prune size.
D. The SIC server will start writing the cache to disk.
Correct Answer: C
Section: (none)
Explanation
QUESTION 49
In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk?
Which two factors should the administrator consider? (Select two.)
A. The deleted file may still be in the Recycle Bin.

B. IT Analytics may keep a copy of the file for investigation.
C. False positives may delete legitimate files.
D. Insights may back up the file before sending it to Symantec.
E. A copy of the threat may still be in the quarantine.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 50
A financial company enforces a security policy that prevents banking system workstations from connecting to the Internet.
Which Symantec Endpoint Protection technology is ineffective on this company’s workstations?
A. Insight
B. Network Threat Protection
C. Browser Intrusion Prevention
D. Intrusion Prevention
Correct Answer: A
Section: (none)
Explanation
QUESTION 51
Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using
the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget the log off the terminal, which would easily
allow the others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.
Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?
A. Allow administrators to reset the passwords

B. Delete clients that have not connected for specified time
C. Allow users to save credentials when logging on
D. Lock account after the specified number of unsuccessful logon attempts
Correct Answer: C
Section: (none)
Explanation
QUESTION 52
A system running Symantec Protection is assigned to a group with client user interface control settings set to mixed mode with Auto-Protect options set to Client.
The user on the system is unable to turn off Auto-Protect.
What is likely cause of this problem?
A. Application and Device Control is configured.

B. System Lockdown is enabled.
C. Tamper protection is enabled.
D. The padlock on the enable Auto-Protect option is locked.
Correct Answer: D
Section: (none)
Explanation
QUESTION 53
Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?
A. Intrusion Prevention
B. Insight
C. Risk Tracer
D. SONAR
Correct Answer: A
Section: (none)
Explanation
QUESTION 54
Which two criteria could be used to define Location Awareness for the Symantec Endpoint Protection (SEP) client? (Choose two.)
A. geographic location
B. NIC description
C. SEP domain
D. Network Speed
E. WINS server
Correct Answer: BE
Section: (none)
Explanation
Reference: https://support.symantec.com/us/en/article.tech97369.html
QUESTION 55
An administrator wants to have the SEPM run a batch file as the result of a notification.
What directory does a batch file need to be in for the batch file to run?
A. \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
B. \Program Files\Symantec\Symantec Endpoint Protection Manager\data
C. \Program Files\Symantec\Symantec Endpoint Protection Manager\bin
D. \Program Files\Symantec\Symantec Endpoint Protection Manager\bin64
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.symantec.com/connect/forums/batch-files-under-notification-conditions
QUESTION 56
What type of exceptions could an administrator create from the Symantec Endpoint Protection Manager for a Linux client? (Choose two.)
A. Trusted Web Domain

B. Security Risk Exceptions - File
C. Security Risk Exceptions - Extension
D. Known Risks
E. Security Risk Exceptions - Folder
Correct Answer: CE
Section: (none)
Explanation
Reference: https://support.symantec.com/us/en/article.HOWTO80873.html#v120515448
QUESTION 57
How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?
A. Add a System event notification and specify “Left Alone” for the action taken. Choose to log the notification and send an e-mail to the system administrators
B. Add a Single Risk Event notification and specify “Left Alone” for the action taken. Choose to log the notification and send an e-mail to the system administrators
C. Add a New risk detected notification and specify “Left Alone” for the action taken. Choose to log the notification and send an e-mail to the system administrators
D. Add a Client security alert notification and specify “Left Alone” for the action taken. Choose to log the notification and send an e-mail to the system
administrators
Correct Answer: A
Section: (none)
Explanation
QUESTION 58
An organization needs to add a collection of DNS host names to permit in the firewall policy.
How should the SEP Administrator add these DNS host names as a single rule in the firewall policy?
A. Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Source/Destination
B. Create a Host Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Source/Destination
C. Create a Host Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Local/Remote
D. Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Local/Remote
Correct Answer: A
Section: (none)
Explanation
QUESTION 59
An organization identified a threat in their environment and needs to limit the spread of the threat.
How should the SEP Administrator block the threat using Application and Device Control?
A. Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on specific arguments
B. Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on the file fingerprint
C. Gather the MD5 hash of the file and create an Application Content Rule that uses regular expression matching
D. Gather the process name of the file and create an Application Content Rule that blocks the file based on the device id type
Correct Answer: D
Section: (none)
Explanation
QUESTION 60
What are two methods the SEP Administrator can use for gathering a fingerprint list? (Choose two.)
A. GatherSymantecInfo
B. DevViewer
C. Checksum
D. DeviceInf
E. Get File Fingerprint list command
Correct Answer: CE
Section: (none)
Explanation
Reference: https://www.symantec.com/connect/articles/how-collect-and-add-fingerprint-any-app-or-location-sep-manager-graphical
QUESTION 61
What Symantec Endpoint Protection component facilitates distributing content clients that have a poor connection to the Symantec Endpoint Protection Manager
(SEPM)?
A. Group Update Provider

B. SEPM Replication
C. LiveUpdate Administrator
D. Shared Insight Cache Server
Correct Answer: A
Section: (none)
Explanation
Reference: https://support.symantec.com/us/en/article.howto80810.html
QUESTION 62
An organization has several remote locations with minimum bandwidth and would like to use a content distribution method that does NOT involve configuring an
internal LiveUpdate server.
What content distribution method should be utilized?
A. Intelligent Updater
B. Management Server
C. External LiveUpdate
D. Group Update Provider
Correct Answer: A
Section: (none)
Explanation
Reference: https://support.symantec.com/us/en/article.howto80888.html
QUESTION 63
What SEPM report should an administrator utilize to view the files that Download Insight detected on your computers, after configuring Download Insight?
A. Risk Distribution
B. SONAR Detection Results
C. Download Risk Distribution
D. Risk Detections Count
Correct Answer: A
Section: (none)
Explanation
Reference: https://support.symantec.com/us/en/article.HOWTO80966.html
QUESTION 64
An organization is troubleshooting a SONAR false positive and has created an exclusion for the in-house application generating the detection.
How can the organization use Process Explorer to verify that the exclusion works?
A. Use Process Explorer to see if secars.dll is still there. If secars.dll is still present in the application as an injected process, ensure the updated policy is applied
to the group
B. Use Process Explorer to see if UMEngx86.dll is still there. If UMEngx86.dll is still present in the application as an injected process, ensure the updated policy is
applied to the group
C. Use Process Explorer to see if IPSFFPI.dll is still there. If IPSFFPI.dll is still present in the application as an injected process, ensure the updated policy is
applied to the group
D. Use Process Explorer to see if sysfer.dll is still there. If sysfer.dll is still present in the application as an injected process, ensure the updated policy is applied
to the group
Correct Answer: D
Section: (none)
Explanation
QUESTION 65
What two core technologies does Symantec Endpoint Protection firewall utilize? (Choose two.)
A. Circuit-level gateway
B. Packet filtering
C. Stateful
D. Application-level gateway
E. Deep packet inspection
Correct Answer: BC
Section: (none)
Explanation
QUESTION 66
What two steps should an administrator take to troubleshoot firewall processing with the Symantec Endpoint Protection client? (Choose two.)
A. Create an exclusion in the Exceptions policy and reproduce the issue

B. Disable the Symantec Endpoint Protection client and reproduce the issue
C. Withdraw the assigned firewall policy and reproduce the issue
D. Add an “Allow All” traffic rule to the assigned firewall policy and reproduce the issue
E. Enable TSE debug on the Symantec Endpoint Protect client and reproduce the issue
Correct Answer: DE
Section: (none)
Explanation
QUESTION 67
Which is an example of legitimate software that Intrusion Protection Systems (IPS) may detect as a threat?
A. Running a P2P software on a network

B. Running a FTP client on a network
C. Running a ley logger on a network
D. Running a vulnerability scanner on a network
Correct Answer: A
Section: (none)
Explanation
QUESTION 68
An organization would like to control the policies that the client uses when connecting over VPN, but wants to use a different set of policies in the office.
How should an administrator implement this?
A. Create a Location called VPN and a Group called Office. Allow the client to switch to the VPN location when the user is working remote.
B. Create a Group called VPN and a Location called Office. Allow the client to switch to the VPN location when the user is working remote.
C. Create a Location called VPN and a Location called Office. Allow the client to switch to the VPN location when the user is working remote.
D. Create a Group called VPN and a Group called Office. Move the client to the VPN group when the user is working remotely.
Correct Answer: A
Section: (none)
Explanation
QUESTION 69
What is the difference between a Block versus a Terminate action, when creating an Application Control rule?
A. A Block action prevents a child process from running. A Terminate action kills the application making the request or the caller process.
B. A Block action excludes the child process from being scanned. A Terminate action prevents the process from running.
C. A Block action places the process in Quarantine. A Terminate action kills the application making the request or the caller process.
D. A Block action prevents the process to be left alone. A Terminate action prevents the process from running.
Correct Answer: C
Section: (none)
Explanation
QUESTION 70
An organization has four locations setup in their Symantec Endpoint Protection Environment to match the physical sites they have – NAM, LATAM, EMEA, and
APAC. When users travel from site to site, they would like to control which SEPM a client connects to based on the client’s proximity to the nearest SEPM server.
The location is triggered by IP range assigned by the DHCP of that site.
How can the organization utilize Locations to control which SEPM or set of SEPMs the clients connect to?
A. Assign the Management Server list to the Group with the appropriate SEPM order. (Each SEPM is on the same priority level)
B. Assign the Management Server list to the Location and Group with the appropriate SEPM order. (Each SEPM has its own priority level)
C. Assign the Management Server list to the Location with the appropriate SEPM order. (Each SEPM has its own priority level)
D. Assign the Management Server list to the Location under My Company. (Each SEPM is on the same priority level)
Correct Answer: D
Section: (none)
Explanation
QUESTION 71
Which content distribution method can distribute content to all client types and provides validation scheduling?
A. Group Update Provider

B. Internal LiveUpdate
C. Intelligent Updater
D. Management Server
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.it-klinika.rs/dogadjaj/tajni-agenti/Symantec-Endpoint-Protection-14-Overview.pdf
QUESTION 72
An organization is considering multiple sites for their Symantec Endpoint Protection environment.
What are two reasons that the organization should consider? (Choose two.)
A. Legal constraints
B. Control your hardware and administration costs
C. Content distribution
D. Tolerable downtime
E. Control when your WAN links are used
Correct Answer: BE
Section: (none)
Explanation
QUESTION 73
What type of exceptions can an administrator create from the Symantec Endpoint Protection Manager for a Mac client?
A. Security Risk Exceptions - File

B. Security Risk Exceptions for both File or Folder
C. Security Risk Exceptions - Folder
D. Security Risk Exceptions - Extension
Correct Answer: D
Section: (none)
Explanation

Symantec PracticeTest 250-428 v2019-08-17 by Maddison 73q

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Symantec PracticeTest 250-428 v2019-08-17 by Maddison 73q

Uploaded by

Copyright:

Available Formats

250-428.

Administration of Symantec Endpoint Protection 14

A. Application Learning should be deployed on a small group of systems in the enterprise.

A. Verify the sqlserver.exe service is running on port 1433

A. Infected and At Risk Computers report

Which action should the administrator perform to correct the problem?

A. Grant the Administrator Full Access to Root group of the organization

A. Stop Service Automatically

A. Reduce number of content revisions to keep

What is the likely problem?

A. The Symantec Endpoint Protection Manager is installed on a Domain Controller

Which source must the administrator avoid using?

A. Group Update Provider (GUP)

Select and Place:

A. Change the Notifications setting to “Show all notifications”

A. Virus and Spyware definitions are out of date.

A. Rebuilding database indexes

A. Provides reputation ratings for binary executables.

How should the administrator architect this organization?

A. Define signature variables

A. Remote site Encryption Password

A. Create a Tamper Protect exception for the tool

A. Validate root certificates on all portable executables (PXE) files

A. SONAR High Risk detection is set to Block

A. Default Standard Client

A. Network Shared Insight Cache

A. System Lockdown Whitelist in the Application and Device Control Policy

A. Install a new SEPM into the existing site

A. Install the SQL Server databases on SEPM3 and SEPM4

A. Host Integrity Policy

A. run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions

A. Settings in Intrusion Prevention Policy

What is the likely cause of the problem?

A. The application has been upgraded.

A. Reputation scoring for documents.

Which two factors should the administrator consider? (Select two.)

A. The deleted file may still be in the Recycle Bin.

Which Symantec Endpoint Protection technology is ineffective on this company’s workstations?

A. Allow administrators to reset the passwords

What is likely cause of this problem?

A. Application and Device Control is configured.

A. \Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat

A. Trusted Web Domain

A. Group Update Provider

What content distribution method should be utilized?

A. Create an exclusion in the Exceptions policy and reproduce the issue

A. Running a P2P software on a network

How should an administrator implement this?

A. Group Update Provider

A. Security Risk Exceptions - File

You might also like