Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. Symantec
  3. Endpoint Protection 14
  4. 250-428
  5. Administration of Symantec Endpoint Protection 14 Questions and Answers

250-428 Sample Questions Answers

Questions 4

A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system.

In which feature set order must the threat pass through to successfully infect the system?

Options:

A.

Download Insight, Firewall, IPS

B.

Firewall, IPS, Download Insight

C.

IPS, Firewall, Download Insight

D.

Download Insight, IPS, Firewall

Buy Now
Questions 5

A company uses a remote administration tool that is detected and quarantined by Symantec Endpoint Protection (SEP).

Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

Options:

A.

Create a Tamper Protect exception for the tool

B.

Create a SONAR exception for the tool

C.

Create an Application to Monitor exception for the tool

D.

Create a Known Risk exception for the tool

Buy Now
Questions 6

What Symantec Best Practice is recommended when setting up Active Directory integration with the Symantec Endpoint protection Manager?

Options:

A.

Link the built-in Admin account to an Active Directory account.

B.

Ensure there is more than one Active Directory Server listed in the Server Properties.

C.

Secure the management console by denying access to certain computers.

D.

Import the existing AD structure to organize clients in user mode.

Buy Now
Questions 7

A system running Symantec Endpoint Protection is assigned to a group with client user interface control settings set to mixed mode with Auto-Protect options set to Client. The user on the system is unable to turn off Auto-Protect.

What is the likely cause of this problem?

Options:

A.

Tamper protection is enabled.

B.

System Lockdown is enabled.

C.

Application and Device Control is configured.

D.

The padlock on the enable Auto-Protect option is locked.

Buy Now
Questions 8

A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread evenly across two sites. The administrator needs to direct replication activity to SEPM3 server in Site 1 and SEPM4 in Site 2.

Which two actions should the administrator take to direct replication activity to SEPM3 and SEPM4? (Select two.)

Options:

A.

Install the SQL Server databases on SEPM3 and SEPM4

B.

Ensure SEPM3 and SEPM4 are in the same time zone

C.

Ensure SEPM3 and SEPM4 are defined as remote servers in the replication partner configuration

D.

Install SEPM3 and SEPM4 after the other SEPMs

E.

Ensure SEPM3 and SEPM4 are defined as the top priority server in in the Site Settings

Buy Now
Questions 9

An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment. What will the tool do when it is run on each system?

Options:

A.

run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions

B.

disable Tamper Protect and deploys a Sylink.xml

C.

add a new Extended File Attribute value to all existing files

D.

remove unique Hardware IDs and GUIDs from the system

Buy Now
Questions 10

Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

Options:

A.

Another scan is in progress.

B.

The detected file is in use.

C.

The file has good reputation.

D.

There are insufficient file permissions.

E.

The file is marked for deletion by Windows on restart.

Buy Now
Questions 11

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Options:

A.

Disable Allow user-defined scans to run when the scan author is logged off

B.

Change the LiveUpdate schedule

C.

Disable Run an Active Scan when new definitions arrive

D.

Change the Administrator-defined scan schedule

Buy Now
Questions 12

Which step is unnecessary when an administrator creates an application rule set?

Options:

A.

define a provider

B.

select a process to apply

C.

select a process to exclude

D.

define rule order

Buy Now
Questions 13

What is a function of Symantec Insight?

Options:

A.

Provides reputation ratings for binary executables

B.

Enhances the capability of Group Update Providers (GUP)

C.

Provides reputation ratings for structured data

D.

Increases the efficiency and effectiveness of LiveUpdate

Buy Now
Questions 14

In which two areas can host groups be used? (Select two.)

Options:

A.

Locations

B.

Download Insight

C.

IPS

D.

Application and Device Control

E.

Firewall

Buy Now
Questions 15

An administrator reports that the Home, Monitors, and Report pages are absent in the Symantec Endpoint Protection Management console when the administrator logs on.

Which action should the administrator perform to correct the problem?

Options:

A.

Grant the Administrator Full Access to Root group of the organization

B.

Configure proxy settings for each server in the site

C.

Configure External Logging to Enable Transmission of Logs to a Syslog Server

D.

Grant View Reports permission to the administrator

Buy Now
Questions 16

Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

Options:

A.

Application Learning should be deployed on a small group of systems in the enterprise.

B.

Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.

C.

Application Learning is dependent on Insight.

D.

Application Learning requires a file fingerprint list to be created in advance.

E.

Application Learning can generate increased false positives.

Buy Now
Questions 17

What is an appropriate use of a file fingerprint list?

Options:

A.

allow unknown files to be downloaded with Insight

B.

prevent programs from running

C.

prevent AntiVirus from scanning a file

D.

allow files to bypass Intrusion Prevention detection

Buy Now
Questions 18

Which two options are available when configuring DNS change detections for SONAR? (Select two.)

Options:

A.

Log

B.

Quarantine

C.

Block

D.

Active Response

E.

Trace

Buy Now
Questions 19

What is the file scan workflow order when Shared Insight Cache and reputation are enabled?

Options:

A.

Symantec Insight > Shared Insight Cache server > local client Insight cache

B.

Local client Insight cache > Shared Insight Cache server > Symantec Insight

C.

Shared Insight Cache server > local client Insight cache > Symantec Insight

D.

Local client Insight cache > Symantec Insight > Shared Insight Cache server

Buy Now
Questions 20

An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to minimize the amount of traffic from content passing through the firewall.

Which source must the administrator avoid using?

Options:

A.

Group Update Provider (GUP)

B.

LiveUpdate Administrator (LUA)

C.

Symantec Endpoint Protection Manager

D.

Shared Insight Cache (SIC)

Buy Now
Questions 21

Why is Notepad unable to save the changes to the file in the image below?

Options:

A.

SONAR High Risk detection is set to Block

B.

SONAR is set to block host file modifications.

C.

Tamper Protection is preventing Notepad from modifying the host file.

D.

System Lockdown is enabled.

Buy Now
Questions 22

What does SONAR use to reduce false positives?

Options:

A.

Virus and Spyware definitions

B.

Extended File Attributes (EFA) table

C.

File Fingerprint list

D.

Symantec Insight

Buy Now
Questions 23

A threat was detected by Auto-Protect on a client system.

Which command can an administrator run to determine whether additional threats exist?

Options:

A.

Restart Client Computer

B.

Update Content and Scan

C.

Enable Network Threat Protection

D.

Enable Download Insight

Buy Now
Questions 24

Which two Symantec Endpoint Protection components are used to distribute content updates? (Select two.)

Options:

A.

Group Update Provider (GUP)

B.

Shared Insight Cache Server

C.

Symantec Protection Center

D.

Symantec Endpoint Protection Manager

E.

Symantec Insight Database

Buy Now
Questions 25

A company has 10,000 Symantec Endpoint Protection (SEP) clients deployed using two Symantec Endpoint Protection Managers (SEPMs).

Which configuration is recommended to ensure that each SEPM is able to effectively handle the communications load with the SEP clients?

Options:

A.

Pull mode

B.

Push mode

C.

Server control mode

D.

Client control mode

Buy Now
Questions 26

An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.

How should the administrator architect this organization?

Options:

A.

Set up 3 domains

B.

Set up 3 sites

C.

Set up 3 groups

D.

Set up 3 locations

Buy Now
Questions 27

Which Symantec Endpoint Protection component enables access to data through ad-hoc reports and charts with pivot tables?

Options:

A.

Symantec Protection Center

B.

Shared Insight Cache Server

C.

Symantec Endpoint Protection Manager

D.

IT Analytics

Buy Now
Questions 28

Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?

Options:

A.

The SIC server allocates additional memory for the whitelist as needed.

B.

The SIC server will start writing the cache to disk.

C.

The SIC server will remove the least recently used items based on the prune size.

D.

The SIC server will remove items with the fewest number of votes.

Buy Now
Questions 29

A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A Symantec Endpoint Protection administrator has set a one hour damper period for that notification condition.

How many notifications does the administrator receive after 30 computers are infected in two hours?

Options:

A.

1

B.

2

C.

6

D.

15

Buy Now
Questions 30

An administrator receives a browser certificate warning when accessing the Symantec Endpoint Protection Manager (SEPM) Web console.

Where can the administrator obtain the certificate?

Options:

A.

SEPM console Licenses section

B.

Admin > Servers > Configure SecureID Authentication

C.

SEPM console Admin Tasks

D.

SEPM Web Access

Buy Now
Questions 31

Match the following list of ports used by Symantec Endpoint Protection (SEP) to the defining characteristics by clicking and dragging the port on the left to the corresponding description on the right.

Options:

Buy Now
Questions 32

A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country.

Which deployment method should the company use to notify its sales staff to install the client?

Options:

A.

Unmanaged Detector

B.

Client Deployment Wizard

C.

Pull mode

D.

Push mode

Buy Now
Questions 33

Which package type should an administrator use to reduce a SEP environment’s footprint when considering that new SEP 14 clients will be installed on point of sale terminals?

Options:

A.

Default Standard Client

B.

Default Embedded or VDI client

C.

Default dark network client

D.

Custom Standard client

Buy Now
Questions 34

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

Options:

A.

Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

B.

Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line

C.

Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.

D.

Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.

Buy Now
Questions 35

An organization needs to add a collection of DNS host names to permit in the firewall policy.

How Should the SEP Administrator add these DNS host names as a single rule in the firewall policy?

Options:

A.

Create a Most Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Source/ Destination

B.

Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Local/ Remote.

C.

Create a Host Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Local/Remote

D.

Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Source/ Destination

Buy Now
Questions 36

Which tool should an administrator use to discover and deploy the Symantec Endpoint Protection client to new computers?

Options:

A.

Unmanaged Detector

B.

Client Deployment Wizard

C.

Communication Update Package Deployment

D.

Symantec Endpoint Discovery Tool

Buy Now
Questions 37

An organization recently experienced an outbreak and is conducting a health check of their environment! What Protection Technology should the SEP team enable to prevent vulnerability attacks on software?

Options:

A.

Memory Exploit Mitigation (MEM)

B.

System Lockdown

C.

Behavior Monitoring (SONAR)

D.

Host Integrity

Buy Now
Questions 38

When can an administrator add a new replication partner?

Options:

A.

immediately following the first LiveUpdate session of the new site

B.

during a Symantec Endpoint Protection Manager upgrade

C.

during the initial install of the new site

D.

immediately following a successful Active Directory sync

Buy Now
Questions 39

What is a valid Symantec Endpoint Protection (SEP) single site design?

Options:

A.

Multiple MySQL databases

B.

One Microsoft SQL Server database

C.

One Microsoft SQL Express database

D.

Multiple embedded databases

Buy Now
Questions 40

Why does Power Eraser need Internet access?

Options:

A.

Validate root certificates on all portable executables (PXE) files

B.

Leverage Symantec Insight

C.

Ensure the Power Eraser tool is the latest release

D.

Look up CVE vulnerabilities

Buy Now
Exam Code: 250-428
Exam Name: Administration of Symantec Endpoint Protection 14
Last Update: Nov 20, 2024
Questions: 135
$64  $159.99
$48  $119.99
$40  $99.99
buy now 250-428