What is the minimum amount of RAM required for a virtual deployment of the ATP Manager in a production environment?
What does a Quarantine Firewall policy enable an ATP Administrator to do?
Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?
What is the role of Synapse within the Advanced Threat Protection (ATP) solution?
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the
After Actions Report.
What are two reasons the responder should analyze the information using Syslog? (Choose two.)
Which detection method identifies a file as malware after SEP has queried the file's reputation?
Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)
web services?
Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?
Which SEP technologies are used by ATP to enforce the blacklisting of files?
What should an Incident Responder do to mitigate a false positive?
ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?
An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated.
Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?