New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Symantec > Symantec Certification > 250-580

250-580 Endpoint Security Complete - R2 Technical Specialist Question and Answers

Question # 4

Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

A.

Insight

B.

SONAR

C.

Risk Tracer

D.

Intrusion Prevention

Full Access
Question # 5

Files are blocked by hash in the deny list policy. Which algorithm is supported, in addition to MD5?

A.

SHA2

B.

SHA256

C.

SHA256 "salted"

D.

MD5 "Salted"

Full Access
Question # 6

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

A.

IPv6 Tunneling

B.

IPS

C.

Firewall

D.

VPN

Full Access
Question # 7

What EDR feature provides endpoint activity recorder data for a file hash?

A.

Process Dump

B.

Entity Dump

C.

Hash Dump

D.

Full Dump

Full Access
Question # 8

How would an administrator specify which remote consoles and servers have access to the management server?

A.

Edit theServer Propertiesand under theGeneral tab,change theServer Communication Permission.

B.

Edit theCommunication Settingsfor the Group under theClients tab.

C.

EdittheExternal Communication Settingsfor the Group under theClients tab.

D.

Edit theSite Propertiesand under theGeneral tab,change the server priority.

Full Access
Question # 9

Which IPS signature type is primarily used to identify specific unwanted network traffic?

A.

Attack

B.

Audit

C.

Malcode

D.

Probe

Full Access
Question # 10

What is the result of disjointed telemetry collection methods used within an organization?

A.

Investigators lack granular visibility

B.

Back of orchestration across controls

C.

False positives are seen

D.

Attacks continue to spread during investigation

Full Access
Question # 11

What happens when an administrator adds a file to the deny list?

A.

The file is assigned to a chosen Deny List policy

B.

The file is assigned to the Deny List task list

C.

The file is automatically quarantined

D.

The file is assigned to the default Deny List policy

Full Access
Question # 12

Which Discover and Deploy process requires the LocalAccountTokenFilterPolicy value to be added to the Windows registry of endpoints, before the process begins?

A.

Push Enrollment

B.

Auto Discovery

C.

Push Discovery

D.

Device Enrollment

Full Access
Question # 13

Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

A.

Searching the EDR database and multiple data sources directly

B.

Viewing PowerShell processes

C.

Detecting Memory Exploits in conjunction with SEP

D.

Detonating suspicious files using cloud-based or on-premises sandboxing

Full Access
Question # 14

Which two (2) security controls are utilized by an administrator to mitigate threats associated with the Discovery phase? (Select two)

A.

Firewall

B.

IPS

C.

Antimalware

D.

Blacklist

E.

E.Device Control

Full Access
Question # 15

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

A.

Add a Single Risk Event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

B.

Add a Client security alert notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

C.

Add a System event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

D.

Add a New risk detected notification and specify "Left Alone" for the action taken. Choose to log the notification and send an emailto the system administrators.

Full Access
Question # 16

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

A.

An email with the SES_setup.zip file attached

B.

An email with a link to register on the ICDm user portal

C.

An email with a link to directly download the SES client

D.

An email with a link to a KB article explaining how to install the SES Agent

Full Access
Question # 17

Which type of file attribute is valid for creating a block list entry with Symantec Endpoint Detection and Response (SEDR)?

A.

SHA256

B.

Type

C.

Date Created

D.

Filename

Full Access
Question # 18

What does an Endpoint Activity Recorder (EAR) full dump consist of?

A.

All of the recorded events that occurred on an endpoint relating to a single file

B.

All of the recorded events that occurred on an endpoint relating to a single process

C.

All of the recorded events that occurred on an endpoint

D.

All of the recorded events that are in the SEDR database

Full Access
Question # 19

When are events generated within SEDR?

A.

When an incident is selected

B.

When an activityoccurs

C.

When any event is opened

D.

When entities are viewed

Full Access
Question # 20

What priority would an incident that may have an impact on business be considered?

A.

Low

B.

Critical

C.

High

D.

Medium

Full Access
Question # 21

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?

A.

Enable port scan detection

B.

Automatically block an attacker's IP address

C.

Block all traffic until the firewall starts and after the firewall stops

D.

Enable denial of service detection

Full Access
Question # 22

What should an administrator utilize to identify devices on a Mac?

A.

UseDevViewerwhen the Device is connected.

B.

Use Devicelnfo when the Device is connected.

C.

UseDevice Managerwhen the Device is connected.

D.

UseGatherSymantecInfowhen the Device is connected.

Full Access
Question # 23

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

A.

Change the LiveUpdate schedule

B.

Change the Administrator-defined scan schedule

C.

Disable Allow user-defined scans to run when the scan author is logged off

D.

Disable Run an Active Scan when new definitions arrive

Full Access
Question # 24

What must be entered before downloading a file from ICDm?

A.

Name

B.

Password

C.

Hash

D.

Date

Full Access
Question # 25

Which type of event does operation:1indicate in a SEDR database search?

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Full Access
Question # 26

What is the timeout for the file deletion command in SEDR?

A.

2 Days

B.

7 Days

C.

72 Hours

D.

5 Days

Full Access
Question # 27

Which Incident View widget shows the parent-child relationship of related security events?

A.

The Incident Summary Widget

B.

The Process Lineage Widget

C.

The Events Widget

D.

The Incident Graph Widget

Full Access
Question # 28

Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

A.

Decreasing the number of content revisions to keep

B.

Lowering the client installation log entries

C.

Rebuilding database indexes

D.

Limiting the number of backups to keep

Full Access
Question # 29

Which action is provided by Symantec EDR for the rapid remediation of impacted endpoints?

A.

Quickly filtering for specific attributes

B.

Detonate Memory Exploits in conjunction with SEP

C.

Automatically stopping suspicious behaviors & unknown threats

D.

Block Listing or Allow Listing of specific files

Full Access
Question # 30

What type of Threat Defense for Active Directory alarms are displayed after domain misconfigurations or hidden backdoors are detected?

A.

Computer Information Gathering

B.

Pass-The-Ticket

C.

Credential Theft

D.

Dark Corners

Full Access
Question # 31

Which Incident View widget shows the parent-child relationship of related security events?

A.

The Incident Summary Widget

B.

The Process Lineage Widget

C.

The Events Widget

D.

The Incident Graph Widget

Full Access
Question # 32

Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.

Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

A.

Allow users to save credentials when logging on

B.

Delete clients that have not connected for specified time

C.

Lock account after the specified number of unsuccessful logon attempts

D.

Allow administrators to reset passwords

Full Access
Question # 33

What is an appropriate use of a file fingerprint list?

A.

Allow unknown files to be downloaded with Insight

B.

Prevent programs from running

C.

Prevent Antivirus from scanning a file

D.

Allow files to bypass Intrusion Prevention detection

Full Access
Question # 34

Which designation should an administrator assign to the computer configured to find unmanaged devices?

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Full Access
Question # 35

What does the MITRE ATT&CK Matrix consist of?

A.

Problems and Solutions

B.

Attackers and Techniques

C.

Tactics and Techniques

D.

Entities and Tactics

Full Access
Question # 36

What permissions does the Security Analyst Role have?

A.

Trigger dumps, get & quarantine files, enroll new sites

B.

Search endpoints, trigger dumps, get & quarantine files

C.

Trigger dumps, get & quarantine files, create device groups

D.

Search endpoints, trigger dumps, create policies

Full Access
Question # 37

How are Insight results stored?

A.

Encrypted on the Symantec Endpoint Protection Manager

B.

Unencrypted on the Symantec Endpoint Protection Manager

C.

Encrypted on the Symantec Endpoint Protection client

D.

Unencrypted on the Symantec Endpoint Protection client

Full Access
Question # 38

Which EDR feature is used to search for real-time indicators of compromise?

A.

Domain search

B.

Endpoint search

C.

Cloud Database search

D.

Device Group search

Full Access
Question # 39

Which technique randomizes the memory address map with Memory Exploit Mitigation?

A.

ForceDEP

B.

SEHOP

C.

ASLR

D.

ROPHEAP

Full Access
Question # 40

The Security Status on the console home page is failing to alert a Symantec Endpoint Protection (SEP) administrator when virus definitions are out of date.

How should the SEP administrator enable the Security Status alert?

A.

Lower the Security Status thresholds

B.

Raise the Security Status thresholds

C.

Change the Notifications setting to "Show all notifications"

D.

Change the Action Summary display to "By number of computers"

Full Access
Question # 41

Which SES feature helps administrators apply policies based on specific endpoint profiles?

A.

Policy Bundles

B.

Device Profiles

C.

Policy Groups

D.

Device Groups

Full Access
Question # 42

What is the function of Symantec Insight?

A.

Provides reputation ratings for structured data

B.

Enhances the capability of Group Update Providers (GUP)

C.

Increases the efficiency and effectiveness of LiveUpdate

D.

Provides reputation ratings for binary executables

Full Access
Question # 43

Which two (2) criteria are used by Symantec Insight to evaluate binary executables? (Select two.)

A.

Sensitivity

B.

Prevalence

C.

Confidentiality

D.

Content

E.

Age

Full Access
Question # 44

Which rule types should be at the bottom of the list when an administrator adds device control rules?

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Full Access
Question # 45

Which default role has the most limited permission in the Integrated Cyber Defense Manager?

A.

Endpoint Console Domain Administrator

B.

Server Administrator

C.

Restricted Administrator

D.

Limited Administrator

Full Access