Administration of Symantec Endpoint Protection 12.1 v10.0 (250-315)

Page:    1 / 8   
Total 119 questions

A Symantec Endpoint Protection administrator needs to prevent users from modifying files in a specific program folder that is on all client machines.
What does the administrator need to configure?

  • A. a file and folder exception in the Exception policy
  • B. an application rule set in the Application and Device Control policy
  • C. a file fingerprint list and System Lockdown
  • D. the Tamper Protection settings for the client folder

Answer : B

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.
What is the likely cause of the problem?

  • A. The application has been upgraded.
  • B. The Application and Device Control policy is in test mode.
  • C. A file exception has been added to the Exceptions policy.
  • D. The Application and Device Control policy is allowing the file to execute.

Answer : A

Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

  • A. Subnet
  • B. Network Services
  • C. Application Protocol
  • D. DNS Domain
  • E. Network Adapters

Answer : A,D

What is an appropriate use of a file fingerprint list?

  • A. allow unknown files to be downloaded with Insight
  • B. prevent programs from running
  • C. prevent AntiVirus from scanning a file
  • D. allow files to bypass Intrusion Prevention detection

Answer : B

When can an administrator add a new replication partner?

  • A. immediately following the first LiveUpdate session of the new site
  • B. during a Symantec Endpoint Protection Manager upgrade
  • C. during the initial install of the new site
  • D. immediately following a successful Active Directory sync

Answer : C

An administrator is re-adding an existing Replication Partner to the local Symantec
Endpoint Protection Manager site.
Which two parameters are required to re-establish this replication partnership? (Select two.)

  • A. remote server IP Address and port
  • B. remote site Encryption Password
  • C. remote site Domain ID
  • D. remote server Administrator credentials
  • E. remote SQL database account credentials

Answer : A,D

Which task is unavailable for administrative accounts that authenticate using RSA SecurID

  • A. reset forgotten passwords
  • B. import organizational units (OU) from Active Directory
  • C. configure external logging
  • D. enable Session Based Authentication with Web Services

Answer : A

Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

  • A. Application Learning can generate increased false positives.
  • B. Application Learning should be deployed on a small group of systems in the enterprise.
  • C. Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.
  • D. Application Learning requires a file fingerprint list to be created in advance.
  • E. Application Learning is dependent on Insight.

Answer : B,C

A Symantec Endpoint Protection (SEP) administrator performed a disaster recovery without a database backup.
In which file should the SEP administrator add "scm.agent.groupcreation=true" to enable the automatic creation of client groups?

  • A. settings.conf
  • B.
  • C. catalina.out
  • D. httpd.conf

Answer : B

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection
Manager (SEPM) in an environment with two SEPMs.
What is the quickest way an administrator can restore the environment to its original state?

  • A. build a new site and configure replication with the still functioning SEPM
  • B. install a new SEPM into the existing site
  • C. clone the still functioning SEPM and change the file
  • D. reinstall the entire SEPM environment

Answer : B

The Security Status on the console home page is failing to alert a Symantec Endpoint
Protection (SEP) administrator when virus definitions are out of date.
How should the SEP administrator enable the Security Status alert?

  • A. lower the Security Status thresholds
  • B. raise the Security Status thresholds
  • C. change the Notifications setting to "Show all notifications"
  • D. change the Action Summary display to "By number of computers"

Answer : A

A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A Symantec Endpoint
Protection administrator has set a one hour damper period for that notification condition.
How many notifications does the administrator receive after 30 computers are infected in two hours?

  • A. 1
  • B. 2
  • C. 6
  • D. 15

Answer : B

Administrators at a company share a single terminal for configuring Symantec Endpoint
Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.
Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

  • A. allow users to save credentials when logging on
  • B. delete clients that have not connected for specified time
  • C. lock account after the specified number of unsuccessful logon attempts
  • D. allow administrators to reset the passwords

Answer : A

After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account.
Which action should the administrator take to correct the problem with minimal impact to the existing environment?

  • A. wait 15 minutes and attempt to log on again
  • B. restore the SEPM from a backup
  • C. run the Management Server and Configuration Wizard to reconfigure the server
  • D. reinstall the SEPM

Answer : A

An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment.
What will the tool do when it is run on each system?

  • A. Run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions
  • B. Disable Tamper Protect and deploys a Sylink.xml
  • C. Add a new Extended File Attribute value to all existing files
  • D. Remove unique Hardware IDs and GUIDs from the system

Answer : D

Page:    1 / 8   
Total 119 questions