Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Symantec 250-580 Endpoint Security Complete - R2 Technical Specialist Exam Practice Test

Page: 1 / 15
Total 150 questions

Endpoint Security Complete - R2 Technical Specialist Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

How are Insight results stored?

Options:

A.

Encrypted on the Symantec Endpoint Protection Manager

B.

Unencrypted on the Symantec Endpoint Protection Manager

C.

Encrypted on the Symantec Endpoint Protection client

D.

Unencrypted on the Symantec Endpoint Protection client

Question 2

A file has been identified as malicious.

Which feature of SEDR allows an administrator to manually block a specific file hash?

Options:

A.

Playbooks

B.

Quarantine

C.

Allow List

D.

Block List

Question 3

Which type of security threat continues to threaten endpoint security after a system reboot?

Options:

A.

file-less

B.

memory attack

C.

script

D.

Rootkit

Question 4

Which rule types should be at the bottom of the list when an administrator adds device control rules?

Options:

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Question 5

What is an appropriate use of a file fingerprint list?

Options:

A.

Allow unknown files to be downloaded with Insight

B.

Prevent programs from running

C.

Prevent Antivirus from scanning a file

D.

Allow files to bypass Intrusion Prevention detection

Question 6

Which action is provided by Symantec EDR for the rapid remediation of impacted endpoints?

Options:

A.

Quickly filtering for specific attributes

B.

Detonate Memory Exploits in conjunction with SEP

C.

Automatically stopping suspicious behaviors & unknown threats

D.

Block Listing or Allow Listing of specific files

Question 7

What should an administrator utilize to identify devices on a Mac?

Options:

A.

UseDevViewerwhen the Device is connected.

B.

Use Devicelnfo when the Device is connected.

C.

UseDevice Managerwhen the Device is connected.

D.

UseGatherSymantecInfowhen the Device is connected.

Question 8

What does a ranged query return or exclude?

Options:

A.

Data matching the exact field names and their values

B.

Data matching a regular expression

C.

Data falling between two specified values of a given field

D.

Data based on specific values for a given field

Question 9

Which of the following is a benefit of choosing a hybrid SES Complete architecture?

Options:

A.

The ability to use the cloud EDR functionality

B.

The ability to manage legacy clients running an embedded OS

C.

The ability to manage Active Directory group structure without Azure

D.

The ability to use Adaptive Protection features

Question 10

Which Endpoint Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

Options:

A.

Device Discovery

B.

Endpoint Enrollment

C.

Discover and Deploy

D.

Discover Endpoints

Question 11

An organization is considering a single site for their Symantec Endpoint Protection environment. What are two (2) reasons that the organization should consider? (Select two)

Options:

A.

Organizational merger

B.

Sufficient WAN bandwidth

C.

Delay-free, centralized reporting

D.

24x7 admin availability

E.

E.Legal constraints

Question 12

Which type of security threat is used by attackers to exploit vulnerable applications?

Options:

A.

Lateral Movement

B.

Privilege Escalation

C.

Credential Access

D.

Command and Control

Question 13

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Options:

A.

Change the LiveUpdate schedule

B.

Change the Administrator-defined scan schedule

C.

Disable Allow user-defined scans to run when the scan author is logged off

D.

Disable Run an Active Scan when new definitions arrive

Question 14

What does a ranged query return or exclude?

Options:

A.

Data matching the exact field names and their values

B.

Data matching a regular expression

C.

Data falling between two specified values of a given field

D.

Data based on specific values for a given field

Question 15

Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?

Options:

A.

Mismatched Port - Application Traffic

B.

Irregularities in Privileged User Account Activity

C.

Surges in Database Read Volume

D.

Geographical Irregularities

Question 16

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

Options:

A.

An email with the SES_setup.zip file attached

B.

An email with a link to register on the ICDm user portal

C.

An email with a link to directly download the SES client

D.

An email with a link to a KB article explaining how to install the SES Agent

Question 17

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

Options:

A.

File Deletion

B.

Incident Manager

C.

Isolation

D.

Endpoint Activity Recorder

Question 18

Which technique randomizes the memory address map with Memory Exploit Mitigation?

Options:

A.

ForceDEP

B.

SEHOP

C.

ASLR

D.

ROPHEAP

Question 19

Which report template type should an administrator utilize to create a daily summary of network threats detected?

Options:

A.

Intrusion Prevention Report

B.

Blocked Threats Report

C.

Network Risk Report

D.

Access Violation Report

Question 20

What is the result of disjointed telemetry collection methods used within an organization?

Options:

A.

Investigators lack granular visibility

B.

Back of orchestration across controls

C.

False positives are seen

D.

Attacks continue to spread during investigation

Question 21

An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

Options:

A.

Email the App Control Admin

B.

Request an Override

C.

Install the application

D.

Wait for the Application Drift process to complete

Question 22

What permissions does the Security Analyst Role have?

Options:

A.

Trigger dumps, get & quarantine files, enroll new sites

B.

Search endpoints, trigger dumps, get & quarantine files

C.

Trigger dumps, get & quarantine files, create device groups

D.

Search endpoints, trigger dumps, create policies

Question 23

What feature is used to get a comprehensive picture of infected endpoint activity?

Options:

A.

Entity View

B.

Process View

C.

Full Dump

D.

Endpoint Dump

Question 24

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?

Options:

A.

Enable port scan detection

B.

Automatically block an attacker's IP address

C.

Block all traffic until the firewall starts and after the firewall stops

D.

Enable denial of service detection

Question 25

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

Options:

A.

10

B.

20

C.

30

D.

60

Question 26

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?

Options:

A.

Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on the file fingerprint.

B.

Gather the process name of the file and create an Application Content Rule that blocks the file based on the device ID type.

C.

Gather the MD5 hash of the file and create an Application Content Rule that uses regular expression matching.

D.

Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on specific arguments.

Question 27

Which option should an administrator utilize to temporarily or permanently block a file?

Options:

A.

Delete

B.

Hide

C.

Encrypt

D.

Deny List

Question 28

What prevention technique does Threat Defense for Active Directory use to expose attackers?

Options:

A.

Process Monitoring

B.

Obfuscation

C.

Honeypot Traps

D.

Packet Tracing

Question 29

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Options:

A.

Risk log

B.

Computer Status report

C.

Notifications

D.

Infected and At-Risk Computers report

Question 30

Which rule types should be at the bottom of the list when an administrator adds device control rules?

Options:

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Question 31

Which IPS signature type is primarily used to identify specific unwanted network traffic?

Options:

A.

Attack

B.

Audit

C.

Malcode

D.

Probe

Question 32

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Question 33

In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?

Options:

A.

Synapse, ECC, then Insight Proxy

B.

ECC, Synapse, then Insight Proxy

C.

Insight Proxy, Synapse, then ECC

D.

ECC, Insight Proxy, then Synapse

Question 34

Which term or expression is utilized when adversaries leverage existing tools in the environment?

Options:

A.

opportunistic attack

B.

file-less attack

C.

script kiddies

D.

living off the land

Question 35

Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?

Options:

A.

Host(s), Network Interface, and Network Service

B.

Application, Host(s), and Network Service

C.

Action, Hosts(s), and Schedule

D.

Action, Application, and Schedule

Question 36

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

Options:

A.

An email with the SES_setup.zip file attached

B.

An email with a link to register on the ICDm user portal

C.

An email with a link to directly download the SES client

D.

An email with a link to a KB article explaining how to install the SES Agent

Question 37

Which Incident View widget shows the parent-child relationship of related security events?

Options:

A.

The Incident Summary Widget

B.

The Process Lineage Widget

C.

The Events Widget

D.

The Incident Graph Widget

Question 38

Which type of communication is blocked, when isolating the endpoint by clicking on the isolate button in SEDR?

Options:

A.

All non-SEP and non-SEDR network communications

B.

All network communications

C.

Only SEP and SEDR network communications

D.

Only Web and UNC network communications

Question 39

What type of policy provides a second layer of defense, after the Symantec firewall?

Options:

A.

Virus and Spyware

B.

Host Integrity

C.

Intrusion Prevention

D.

System Lockdown

Question 40

What is the maximum number of SEPMs a single Management Platform is able to connect to?

Options:

A.

50

B.

10

C.

5,000

D.

500

Question 41

Why is it important for an Incident Responder to copy malicious files to the SEDR file store or create an image of the infected system during the Recovery phase?

Options:

A.

To create custom IPS signatures

B.

To test the effectiveness of the current assigned policy settings in the Symantec Endpoint ProtectionManager (SEPM)

C.

To have a copy of the file for policy enforcement

D.

To document and preserve any pieces of evidence associated with the incident

Question 42

What Symantec Best Practice is recommended when setting up Active Directory integration with the Symantec Endpoint Protection Manager?

Options:

A.

Ensure there is more than one Active Directory Server listed in the Server Properties.

B.

Link the built-in Admin account to an Active Directory account.

C.

Import the existing AD structure to organize clients in user mode.

D.

Secure the management console by denying access to certain computers.

Question 43

What happens when an administrator adds a file to the deny list?

Options:

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Question 44

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Options:

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Question 45

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

Options:

A.

IPv6 Tunneling

B.

IPS

C.

Firewall

D.

VPN

Page: 1 / 15
Total 150 questions