Symantec 250-441 問題練習

Question No : 1
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?

• A.Email Security.cloud
• B.Web security.cloud
• C.Skeptic
• D.Symantec Messaging Gateway

答えを確認する

正解:
Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-detection-and­response-atp-endpoint-en.pdf

Question No : 2
An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?

• A.Isolate the endpoint with a Quarantine Firewall policy
• B.Blacklist the IRC channel IP
• C.Blacklist the endpoint IP
• D.Isolate the endpoint with an application control policy

答えを確認する

正解:

Question No : 3
Which threat is an example of an Advanced Persistent Threat (APT)?

• A.Koobface
• B.Brain
• C.Flamer
• D.Creeper

答えを確認する

正解:

Question No : 4
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

• A.Rejoin healthy endpoints back to the network
• B.Blacklist any suspicious files found in the environment
• C.Submit any suspicious files to Cynic
• D.Isolate infected endpoints to a quarantine network
• E.Delete threat artifacts from the environment

答えを確認する

正解:

Question No : 5
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

• A.The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
• B.The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
• C.The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
• D.The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

答えを確認する

正解:

Question No : 6
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

• A.Exfiltration
• B.Incursion
• C.Capture
• D.Discovery

答えを確認する

正解:

Question No : 7
An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?

• A.Database search filename “msscrt.pdf”
• B.Database search msscrt.pdf
• C.Endpoint search filename like msscrt.pdf
• D.Endpoint search filename =“msscrt.pdf”

答えを確認する

正解:

Question No : 8
Where can an Incident Responder view Cynic results in ATP?

• A.Events
• B.Dashboard
• C.File Details
• D.Incident Details

答えを確認する

正解:
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO128417.html

Question No : 9
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?

• A.Throughput
• B.Bandwidth
• C.Link speed
• D.Number of users

答えを確認する

正解:

Question No : 10
An Incident Responder wants to run a database search that will list all client named starting with SYM.
Which syntax should the responder use?

• A.hostname like “SYM”
• B.hostname “SYM”
• C.hostname “SYM*”
• D.hostname like “SYM*”

答えを確認する

正解:
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO124805.html

Question No : 11
DRAG DROP
Which level of privilege corresponds to each ATP account type? Match the correct account type to the corresponding privileges.

答えを確認する

正解:

Question No : 12
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?

• A.SEPM embedded database name
• B.SEPM embedded database type
• C.SEPM embedded database version
• D.SEPM embedded database password

答えを確認する

正解:
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO125960.html

Question No : 13
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?

• A.Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
• B.Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain
• C.Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
• D.Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain

答えを確認する

正解:
Explanation:
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/ DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf? __gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (46)

Question No : 14
Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?

• A.Reports
• B.Settings
• C.Action Manager
• D.Policies

答えを確認する

正解:
Explanation:
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/ DOCUMENTATION/10000/DOC10986/en_US/satp_administration_guide_3.1.pdf? __gda__=1541979133_5668f0b4c03c16ac1a30d54989313e76 (132)

Question No : 15
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

• A.Reputation-based security
• B.Event correlation
• C.Network detection component
• D.Detonation/sandbox

答えを確認する

正解:
Explanation:
Reference: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-advanced-threat-protection­email-DS-21349610.pdf