New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

250-441 Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Questions 4

Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?

Options:

A.

Email Protect (antivirus and anti-spam)

B.

Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)

C.

Symantec Messaging Gateway

D.

Skeptic

Buy Now
Questions 5

Which best practice does Symantec recommend with the Endpoint Detection and Response feature?

Options:

A.

Create a unique Cynic account to provide to ATP

B.

Create a unique Symantec Messaging Gateway account to provide to ATP

C.

Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP

D.

Create a unique Email Security.cloud portal account to provide to ATP

Buy Now
Questions 6

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

Options:

A.

To have less raw data to analyze

B.

To evaluate the data, including information from other systems

C.

To access expanded historical data

D.

To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

E.

To determine the best cleanup method

Buy Now
Questions 7

Which detection method identifies a file as malware after SEP has queried the file's reputation?

Options:

A.

Skeptic

B.

Vantage

C.

insight

D.

Cynic

Buy Now
Questions 8

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

Options:

A.

Close any open shares

B.

Identify the threat and understand how it spreads

C.

Create subnets or VLANs and configure the network devices to restrict traffic

D.

Set executables on network drives as read only

E.

Identify affected clients

Buy Now
Questions 9

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

Options:

A.

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

B.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

C.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

D.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Buy Now
Questions 10

In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?

Options:

A.

The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.

B.

The Incident Response team is reviewing detections in the risk logs and assigning a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

C.

The Incident Response team completed their analysis of the threat and added it to a blacklist.

D.

The Incident Response team is analyzing the file to determine if it is a threat or a false positive.

Buy Now
Questions 11

What does a Quarantine Firewall policy enable an ATP Administrator to do?

Options:

A.

Isolate a computer while it is manually being remediated

B.

Submit files to a Central Quarantine server

C.

Filter all traffic leaving the network

D.

Intercept all traffic entering the network

Buy Now
Questions 12

Why is it important for an Incident Responder to analyze an incident during the Recovery phase?

Options:

A.

To determine the best plan of action for cleaning up the infection

B.

To isolate infected computers on the network and remediate the threat

C.

To gather threat artifacts and review the malicious code in a sandbox environment

D.

To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident

Buy Now
Questions 13

During a recent virus outbreak, an Incident Responder found that the Incident Response team was successful in identifying malicious domains that were communicating with the infected endpoints.

Which two options should the Incident Responder select to prevent endpoints from communicating with malicious domains? (Select two.)

Options:

A.

Use the isolate command in ATP to move all endpoints to a quarantine network.

B.

Blacklist suspicious domains in the ATP manager.

C.

Deploy a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

D.

Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

E.

Run a full system scan on all endpoints.

Buy Now
Questions 14

Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)

Options:

A.

Configure a SIEM feed from the portal to the ATP environment

B.

Configure email reports on convictions

C.

Submit false positive and false negative files

D.

Query hashes

E.

Submit hashes to Insight

Buy Now
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Dec 25, 2024
Questions: 96
250-441 pdf

250-441 PDF

$25.5  $84.99
250-441 Engine

250-441 Testing Engine

$30  $99.99
250-441 PDF + Engine

250-441 PDF + Testing Engine

$40.5  $134.99