How are Insight results stored?
A file has been identified as malicious.
Which feature of SEDR allows an administrator to manually block a specific file hash?
Which type of security threat continues to threaten endpoint security after a system reboot?
Which rule types should be at the bottom of the list when an administrator adds device control rules?
What is an appropriate use of a file fingerprint list?
Which action is provided by Symantec EDR for the rapid remediation of impacted endpoints?
What should an administrator utilize to identify devices on a Mac?
What does a ranged query return or exclude?
Which of the following is a benefit of choosing a hybrid SES Complete architecture?
Which Endpoint Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?
An organization is considering a single site for their Symantec Endpoint Protection environment. What are two (2) reasons that the organization should consider? (Select two)
Which type of security threat is used by attackers to exploit vulnerable applications?
A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?
What does a ranged query return or exclude?
Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?
What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?
An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?
Which technique randomizes the memory address map with Memory Exploit Mitigation?
Which report template type should an administrator utilize to create a daily summary of network threats detected?
What is the result of disjointed telemetry collection methods used within an organization?
An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?
What permissions does the Security Analyst Role have?
What feature is used to get a comprehensive picture of infected endpoint activity?
The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?
The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?
An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?
Which option should an administrator utilize to temporarily or permanently block a file?
What prevention technique does Threat Defense for Active Directory use to expose attackers?
An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.
Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?
Which rule types should be at the bottom of the list when an administrator adds device control rules?
Which IPS signature type is primarily used to identify specific unwanted network traffic?
Which designation should an administrator assign to the computer configured to find unmanaged devices?
In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?
Which term or expression is utilized when adversaries leverage existing tools in the environment?
Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?
What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?
Which Incident View widget shows the parent-child relationship of related security events?
Which type of communication is blocked, when isolating the endpoint by clicking on the isolate button in SEDR?
What type of policy provides a second layer of defense, after the Symantec firewall?
What is the maximum number of SEPMs a single Management Platform is able to connect to?
Why is it important for an Incident Responder to copy malicious files to the SEDR file store or create an image of the infected system during the Recovery phase?
What Symantec Best Practice is recommended when setting up Active Directory integration with the Symantec Endpoint Protection Manager?
What happens when an administrator adds a file to the deny list?
In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)
Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?