최신 250-441 무료덤프 - Symantec Administration of Symantec Advanced Threat Protection 3.0

문제1

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

A. Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

B. Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

C. Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

D. Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

정답: B

문제2

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Duqu

B. Code Red

C. Zeus

D. Melissa

정답: A

문제3

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A. Exfiltration

B. Discovery

C. Incursion

D. Capture

정답: A

문제4

An Incident Responder observers and incident with multiple malware downloads from a malicious domain.
The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?
How should the Incident responder proceed?

A. Whitelist the domain and close the incident as a false positive

B. Blacklist the domain and IP of the attacking site

C. Notify the supplier and block the site on the external firewall

D. Identify the pieces of malware and blacklist them, then notify the supplier

정답: C

문제5

An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all connections are properly secured.
Which connections should the administrator secure with signed SSL certificates?

A. ATP and the Symantec Endpoint Protection Manager (SEPM)

B. ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
ATP and Email Security.cloud
Web access to the GUI

C. ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
Web access to the GUI

D. ATP and the Symantec Endpoint Protection Manager (SEPM)
Web access to the GUI

정답: A

문제6

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

A. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

B. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.

C. It ensures that the Incident is resolved, and the responder can determine the best remediation method.

D. It ensures that the Incident is resolved, and the responder can clean up the infection.

정답: B

문제7

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?

A. 8081

B. 1433

C. 8446

D. 8014

정답: A

문제8

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?

A. Perform a healthcheck of ATP

B. Rejoin the endpoints back to the network after completing a final virus scan

C. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

D. Use ATP to isolate non-SEP protected computers to a remediation VLAN

정답: D

문제9

Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?
(Choose two.)

A. Incident Responder

B. Root

C. Administrator

D. User

E. Controller

정답: C,E

문제10

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?

A. SONAR

B. Firewall

C. System Lockdown

D. Intrusion Prevention System

정답: C

최신 250-441 무료덤프 - Symantec Administration of Symantec Advanced Threat Protection 3.0

우리와 연락하기

유용한 링크

최신 업데이트