250-438 Online Practice Questions and Answers

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco's role has the "User Reporting" privilege enabled, but User Risk reporting is still not working.

What is the probable reason that the User Risk Summary report is blank?

A. Only DLP administrators are permitted to access and view data for high risk users.

B. The Enforce server has insufficient permissions for importing user attributes.

C. User attribute data must be configured separately from incident data attributes.

D. User attributes have been incorrectly mapped to Active Directory accounts.

Which channel does Endpoint Prevent protect using Device Control?

A. Bluetooth

B. USB storage

C. CD/DVD

D. Network card

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

A. Endpoint Prevent

B. Cloud Service for Email

C. Network Prevent for Email

D. Network Discover

E. Cloud Detection Service

A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

A. Apply a new global agent uninstall password in the Enforce management console.

B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.

C. Replace the PGPsdk.dll file on the agent's assigned Endpoint server with a copy from a different Endpoint server

D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Which Network Prevent action takes place when the Network Incident list shows the message is "Modified"?

A. Remove attachments from an email

B. Obfuscate text in the body of an email

C. Add one or more SMTP headers to an email

D. Modify content from the body of an email

Which two detection technology options ONLY run on a detection server? (Choose two.)

A. Form Recognition

B. Indexed Document Matching (IDM)

C. Described Content Matching (DCM)

D. Exact Data Matching (EDM)

E. Vector Machine Learning (VML)

What detection technology supports partial row matching?

A. Vector Machine Learning (VML)

B. Indexed Document Matching (IDM)

C. Described Content Matching (DCM)

D. Exact Data Matching (EDM)

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team. Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

A. select database version from ;

B. select * from db$version;

C. select * from v$version;

D. select db$ver from ;

How do Cloud Detection Service and the Enforce server communicate with each other?

A. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 8100.

B. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 443.

C. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 1443.

D. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 443.

Which service encrypts the message when using a Modify SMTP Message response rule?

A. Network Monitor server

B. SMTP Prevent

C. Enforce server

D. Encryption Gateway