Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

250-441 Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Questions 4

Which policies are required for the quarantine feature of ATP to work?

Options:

A.

Firewall Policy and Host Integrity Policy

B.

Quarantine Policy and Firewall Policy

C.

Host Integrity Policy and Quarantine Policy

D.

Quarantine and Intrusion Prevention Policy

Buy Now
Questions 5

An Incident Responder wants to run a database search that will list all client named starting with SYM.

Which syntax should the responder use?

Options:

A.

hostname like “SYM”

B.

hostname “SYM”

C.

hostname “SYM*”

D.

hostname like “SYM*”

Buy Now
Questions 6

Which action should an Incident Responder take to remediate false positives, according to Symantec best

practices?

Options:

A.

Blacklist

B.

Whitelist

C.

Delete file

D.

Submit file to Cynic

Buy Now
Questions 7

Which two non-Symantec methods for restricting traffic are available to the Incident Response team? (Choose two.)

Options:

A.

Temporarily disconnect the local network from the internet.

B.

Create an Access Control List at the router to deny traffic.

C.

Analyze traffic using Wireshark protocol analyzer to identify the source of the infection.

D.

Create a DNS sinkhole server to block malicious traffic.

E.

Isolate computers so they are NOT compromised by infected computers.

Buy Now
Questions 8

Which detection method identifies a file as malware after SEP has queried the file's reputation?

Options:

A.

Skeptic

B.

Vantage

C.

insight

D.

Cynic

Buy Now
Questions 9

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose

two.)

Options:

A.

Database version

B.

Database IP address

C.

Database domain name

D.

Database hostname

E.

Database name

Buy Now
Questions 10

During a recent virus outbreak, an Incident Responder found that the Incident Response team was successful in identifying malicious domains that were communicating with the infected endpoints.

Which two options should the Incident Responder select to prevent endpoints from communicating with malicious domains? (Select two.)

Options:

A.

Use the isolate command in ATP to move all endpoints to a quarantine network.

B.

Blacklist suspicious domains in the ATP manager.

C.

Deploy a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

D.

Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

E.

Run a full system scan on all endpoints.

Buy Now
Questions 11

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an

incident for an After Actions Report?

Options:

A.

It ensures that the Incident is resolved, and the responder can clean up the infection.

B.

It ensures that the Incident is resolved, and the responder can determine the best remediation method.

C.

It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the

environment.

D.

It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

Buy Now
Questions 12

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

Options:

A.

To have less raw data to analyze

B.

To evaluate the data, including information from other systems

C.

To access expanded historical data

D.

To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

E.

To determine the best cleanup method

Buy Now
Questions 13

While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

Options:

A.

Periodically log into the ATP manager and review only the Dashboard.

B.

Implement IT Analytics to create more flexible reporting.

C.

Dedicate an administrator to monitor new events as they flow into the ATP manager.

D.

Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

E.

Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

Buy Now
Questions 14

Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?

Options:

A.

Recover

B.

Protect

C.

Respond

D.

Identify

Buy Now
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Nov 17, 2024
Questions: 90

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now 250-441 testing engine

PDF (Q&A)

$31.5  $104.99
buy now 250-441 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024