New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

250-580 Endpoint Security Complete - R2 Technical Specialist Questions and Answers

Questions 4

On which platform is LiveShell available?

Options:

A.

Windows

B.

All

C.

Linux

D.

Mac

Buy Now
Questions 5

What happens when an administrator adds a file to the deny list?

Options:

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Buy Now
Questions 6

What does the MITRE ATT&CK Matrix consist of?

Options:

A.

Problems and Solutions

B.

Attackers and Techniques

C.

Tactics and Techniques

D.

Entities and Tactics

Buy Now
Questions 7

What happens when an administrator adds a file to the deny list?

Options:

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Buy Now
Questions 8

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

Options:

A.

10

B.

20

C.

30

D.

60

Buy Now
Questions 9

In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?

Options:

A.

Synapse, ECC, then Insight Proxy

B.

ECC, Synapse, then Insight Proxy

C.

Insight Proxy, Synapse, then ECC

D.

ECC, Insight Proxy, then Synapse

Buy Now
Questions 10

Using a hybrid environment, if a SEPM-managed endpoint cannot connect to the SEPM, how quickly can an administrator receive a security alert if the endpoint is using a public hot-spot?

Options:

A.

After a VPN is activated with Network Integrity

B.

When the client connects to SEPM

C.

At the next heartbeat

D.

Immediately

Buy Now
Questions 11

What EDR feature provides endpoint activity recorder data for a file hash?

Options:

A.

Process Dump

B.

Entity Dump

C.

Hash Dump

D.

Full Dump

Buy Now
Questions 12

Which type of event does operation:1indicate in a SEDR database search?

Options:

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Buy Now
Questions 13

What feature is used to get a comprehensive picture of infected endpoint activity?

Options:

A.

Entity View

B.

Process View

C.

Full Dump

D.

Endpoint Dump

Buy Now
Questions 14

What is the function of Symantec Insight?

Options:

A.

Provides reputation ratings for structured data

B.

Enhances the capability of Group Update Providers (GUP)

C.

Increases the efficiency and effectiveness of LiveUpdate

D.

Provides reputation ratings for binary executables

Buy Now
Questions 15

Which type of event does operation:1indicate in a SEDR database search?

Options:

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Buy Now
Questions 16

What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

Options:

A.

SEDR Cloud Console

B.

Synapse

C.

SEP Endpoints

D.

SEPM

Buy Now
Questions 17

Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.

Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

Options:

A.

Allow users to save credentials when logging on

B.

Delete clients that have not connected for specified time

C.

Lock account after the specified number of unsuccessful logon attempts

D.

Allow administrators to reset passwords

Buy Now
Questions 18

Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

Options:

A.

Searching the EDR database and multiple data sources directly

B.

Viewing PowerShell processes

C.

Detecting Memory Exploits in conjunction with SEP

D.

Detonating suspicious files using cloud-based or on-premises sandboxing

Buy Now
Questions 19

An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

Options:

A.

Email the App Control Admin

B.

Request an Override

C.

Install the application

D.

Wait for the Application Drift process to complete

Buy Now
Questions 20

Which Incident View widget shows the parent-child relationship of related security events?

Options:

A.

The Incident Summary Widget

B.

The Process Lineage Widget

C.

The Events Widget

D.

The Incident Graph Widget

Buy Now
Questions 21

What account type must the AD Gateway Service Account be assigned to the AD Gateway device for AD Synchronization to function correctly?

Options:

A.

Local Standard

B.

Local Administrator

C.

Domain Administrator

D.

Domain User

Buy Now
Questions 22

Which alert rule category includes events that are generated about the cloud console?

Options:

A.

Security

B.

System

C.

Diagnostic

D.

Application Activity

Buy Now
Questions 23

Which client log shows that a client is downloading content from its designated source?

Options:

A.

Risk Log

B.

System Log

C.

SesmLu.log

D.

Log.LiveUpdate

Buy Now
Questions 24

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Options:

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Buy Now
Questions 25

Which SES feature helps administrators apply policies based on specific endpoint profiles?

Options:

A.

Policy Bundles

B.

Device Profiles

C.

Policy Groups

D.

Device Groups

Buy Now
Questions 26

What are the two (2) locations where an Incident Responder should gather data for an After Actions Report in SEDR? (Select two)

Options:

A.

Incident Manager

B.

Policies

C.

Syslog

D.

Action Manager

E.

Endpoint Search

Buy Now
Questions 27

Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?

Options:

A.

Mismatched Port - Application Traffic

B.

Irregularities in Privileged User Account Activity

C.

Surges in Database Read Volume

D.

Geographical Irregularities

Buy Now
Questions 28

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

Options:

A.

10

B.

20

C.

30

D.

60

Buy Now
Questions 29

What protection technology should an administrator enable to prevent double executable file names of ransomware variants like Cryptolocker from running?

Options:

A.

Download Insight

B.

Intrusion Prevention System

C.

SONAR

D.

Memory Exploit Mitigation

Buy Now
Questions 30

How would an administrator specify which remote consoles and servers have access to the management server?

Options:

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Buy Now
Questions 31

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Options:

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Buy Now
Questions 32

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?

Options:

A.

Quarantine

B.

Block

C.

Deny List

D.

Firewall

Buy Now
Questions 33

When are events generated within SEDR?

Options:

A.

When an incident is selected

B.

When an activityoccurs

C.

When any event is opened

D.

When entities are viewed

Buy Now
Questions 34

What information is required to calculate storage requirements?

Options:

A.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

Buy Now
Questions 35

Which technology can prevent an unknown executable from being downloaded through a browser session?

Options:

A.

Intrusion Prevention

B.

Insight

C.

Application Control

D.

Advanced Machine Learning

Buy Now
Questions 36

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Buy Now
Questions 37

Which report template type should an administrator utilize to create a daily summary of network threats detected?

Options:

A.

Intrusion Prevention Report

B.

Blocked Threats Report

C.

Network Risk Report

D.

Access Violation Report

Buy Now
Questions 38

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

Options:

A.

Change the custom signature order

B.

Create a Custom Intrusion Prevention Signature library

C.

Define signature variables

D.

Enable signature logging

Buy Now
Questions 39

What does a medium-priority incident indicate?

Options:

A.

The incident may have an impact on the business

B.

The incident can result in a business outage

C.

The incident does not affect critical business operation

D.

The incident can safely be ignored

Buy Now
Questions 40

Which rule types should be at the bottom of the list when an administrator adds device control rules?

Options:

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Buy Now
Questions 41

Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?

Options:

A.

Host(s), Network Interface, and Network Service

B.

Application, Host(s), and Network Service

C.

Action, Hosts(s), and Schedule

D.

Action, Application, and Schedule

Buy Now
Questions 42

Which ICDm role is required in order to use LiveShell?

Options:

A.

Security Analyst

B.

Administrator

C.

Viewer

D.

Any

Buy Now
Questions 43

What type of policy provides a second layer of defense, after the Symantec firewall?

Options:

A.

Virus and Spyware

B.

Host Integrity

C.

Intrusion Prevention

D.

System Lockdown

Buy Now
Questions 44

A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system.

In which feature set order must the threat pass through to successfully infect the system?

Options:

A.

Download Insight, Firewall, IPS

B.

Firewall, IPS, Download Insight

C.

IPS, Firewall, Download Insight

D.

Download Insight, IPS, Firewall

Buy Now
Questions 45

Which Endpoint Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

Options:

A.

Device Discovery

B.

Endpoint Enrollment

C.

Discover and Deploy

D.

Discover Endpoints

Buy Now
Exam Code: 250-580
Exam Name: Endpoint Security Complete - R2 Technical Specialist
Last Update: Dec 26, 2024
Questions: 150
250-580 pdf

250-580 PDF

$25.5  $84.99
250-580 Engine

250-580 Testing Engine

$30  $99.99
250-580 PDF + Engine

250-580 PDF + Testing Engine

$40.5  $134.99