250-428 Online Practice Questions and Answers

An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.

How should the administrator architect this organization?

A. set up 3 domains

B. set up 3 sites

C. set up 3 locations

D. set up 3 groups

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs. What is the quickest way an administrator can restore the environment to its original state?

A. build a new site and configure replication with the still functioning SEPM

B. install a new SEPM into the existing site

C. clone the still functioning SEPM and change the server.properties file

D. reinstall the entire SEPM environment

An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems applies the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.

Which action should the administrator take to ensure that the desired setting is in place on the client?

A. Restart the client system

B. Run a command on the computer to Update Content

C. Enable the padlock next to the setting in the policy

D. Withdraw the Virus and Spyware Protection policy

Which feature reduces the impact of Auto-Protect on a virtual client guest operating system?

A. Network Shared Insight Cache

B. Virtual Image Exception

C. Scan Randomization

D. Virtual Shared Insight Cache

What happens when the license expires in Symantec Endpoint Protection 14 enterprise Edition?

A. LiveUpdate stops.

B. Group Update Providers (GUP) stop.

C. Symantec Insight is disabled.

D. Content updates continue.

An organization created a rule in the Application and Device Control policy to block peer-to-peer applications. What two other protection technologies can block and log such unauthorized application? (Choose two.)

A. Memory Exploit Mitigation

B. Virus and Spyware Protection

C. Custom IPS Signatures

D. Host Integrity

E. Firewall

An organization needs to be notified when certain types of events happen in their SEP environment.

What notification type should the SEP Administrator create to see attacks and events that the firewall or Intrusion Protection System (IPS) detects?

A. Create a Client Security Notification that filters by Traffic Events

B. Create a Client Security Notification that filters by Compliance Events

C. Create a Client Security Notification that filters by Network and Host Mitigation Events

D. Create a Client Security Notification that filters by Packet Events

An organization has a small group of Incident Responders (IR) using pentest tools and network monitoring (AngryIP scanner, Nmap). They need to allow all inbound and outbound traffic for their tools. What policy changes does the SEP Administrator need to configure in the SEPM?

A. Create a Firewall rule that allows all hosts in the Firewall policy and enable Host Integrity

B. Create a Firewall rule that allows all hosts in the Firewall policy and add the computers as a Trusted Web Domain in the Exceptions policy

C. Create a Firewall rule that allows all hosts in the Firewall policy and enable System Lockdown

D. Create a Firewall rule for each application in the firewall policy and add the IR computers to the Excluded Hosts in the IPS policy

What type of exceptions can an administrator create from the Symantec Endpoint Protection Manager for a Mac client?

A. Security Risk Exceptions - File

B. Security Risk Exceptions for both File or Folder

C. Security Risk Exceptions - Folder

D. Security Risk Exceptions - Extension

An organization recently experienced an outbreak involving a threat that replicated over network shares. The SEP Administrator needs to heuristically scan file operations that target network drives. What options should an administrator enable in the Virus and Spyware Protection policy?

A. Browse to Early Launch Malware Driver and select Enable Symantec early launch malware

B. Browse to Download Protection Download Insight and select Enable Download Insight to detect potential risks in downloaded files based on reputation

C. Browse to SONAR and enable Scan files on remote computers

D. Browse to Auto Protect Scan Details and enable Scan files on remote computers