250-315 Online Practice Questions and Answers

A financial company enforces a security policy that prevents banking system workstations from connecting to the Internet.

Which Symantec Endpoint Protection technology is ineffective on this company's workstations?

A. Insight

B. Intrusion Prevention

C. Network Threat Protection

D. Browser Intrusion Prevention

In addition to performance improvements, which two benefits does Insight provide? (Select two.)

A. Reputation scoring for documents

B. Zero-day threat detection

C. Protection against malicious java scripts

D. False positive mitigation

E. Blocking of malicious websites

What is a supported migration path for Symantec Endpoint Protection?

A. Symantec Endpoint Protection Enterprise Edition 12.1 > Symantec Endpoint Protection Small Business Edition 12.1

B. Symantec Endpoint Protection Small Business Edition 12.1 > Symantec Endpoint Protection Enterprise Edition 12.1

C. Symantec Endpoint Protection 12.1 Enterprise Edition > Symantec Endpoint Protection 11.x Enterprise Edition

D. Symantec Endpoint Protection Small Business Edition 12.1 > Symantec Endpoint Protection 11.x Small Business Edition

A company uses a remote administration tool that is detected and quarantined by Symantec Endpoint Protection (SEP).

Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

A. create a Tamper Protect exception for the tool

B. create an Application to Monitor exception for the tool

C. create a Known Risk exception for the tool

D. create a SONAR exception for the tool

What are two criteria that Symantec Insight uses to evaluate binary executables? (Select two.)

A. sensitivity

B. prevalence

C. confidentiality

D. content

E. age

A company has an application that requires network traffic in both directions to multiple systems at a specific external domain. A firewall rule was created to allow traffic to and from the external domain, but the rule is blocking incoming traffic.

What should an administrator enable in the firewall policy to allow this traffic?

A. TCP resequencing

B. Smart DHCP

C. Reverse DNS Lookup

D. Smart WINS

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.

What is the likely cause of the problem?

A. The application has been upgraded.

B. The Application and Device Control policy is in test mode.

C. A file exception has been added to the Exceptions policy.

D. The Application and Device Control policy is allowing the file to execute.

Which client log shows that a client is downloading content from its designated source?

A. Risk Log

B. System Log

C. SesmLu.log

D. Log.LiveUpdate

An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP) deployment. The administrator needs to determine whether replication is viable without needing to make network firewall changes or change defaults in SEP.

Which port should the administrator verify is open on the path of communication between the two proposed sites?

A. 1433

B. 2967

C. 8014

D. 8443

A Symantec Endpoint Protection Manager (SEPM) administrator notices performance issues with the SEPM server. The Client tab becomes unresponsive in the SEPM console and .DAT files accumulate in the "agentinfo" folder.

Which tool should the administrator use to gather log files to submit to Symantec Technical Support?

A. collectLog.cmd

B. LogExport.exe

C. ExportLog.vbs

D. smc.exe