Administration of Symantec Endpoint Protection 14 v1.0 (250-428)

Page:    1 / 6   
Total 89 questions

A company has a small number of systems in their Symantec Endpoint Protection Manager (SEPM) group with federal mandates that AntiVirus definitions undergo a two week testing period. After being loaded on the client, the tested virus definitions must remain unchanged on the client systems until the next set of virus definitions have completed testing. All other clients must remain operational on the most recent definition sets. An internal LiveUpdate Server has been considered as too expensive to be a solution for this company.
What should be modified on the SEPM to meet this mandate?

  • A. The LiveUpdate Content policy for this group should be modified to use a specific definition revision.
  • B. The LiveUpdate Settings policy for this group should be modified to use an Explicit Group Update Provider.
  • C. The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 14.
  • D. The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 1.


Answer : A

Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

  • A. Network Adapters
  • B. Network Services
  • C. Subnet
  • D. Application Protocol
  • E. DNS Domain


Answer : CE

References: https://support.symantec.com/en_US/article.HOWTO81218.html

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive delta content packages instead of full content packages?

  • A. 10
  • B. 30
  • C. 20
  • D. 60


Answer : B

References:
https://support.symantec.com/en_US/article.TECH94916.html
https://support.symantec.com/en_US/article.TECH131528.html

Which feature reduces the impact of Auto-Protect on a virtual client guest operating system?

  • A. Network Shared Insight Cache
  • B. Scan Randomization
  • C. Virtual Shared Insight Cache
  • D. Virtual Image Exception


Answer : D

References: https://support.symantec.com/en_US/article.TECH172218.html

Which settings can impact the Files trusted count?


  • A. System Lockdown Whitelist in the Application and Device Control Policy
  • B. File Cache settings in the Virus and Spyware Protection policy
  • C. Insight settings in the Virus and Spyware Protection policy
  • D. SONAR settings in the Virus and Spyware Protection policy


Answer : C

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.
What is the quickest way an administrator can restore the environment to its original state?

  • A. Install a new SEPM into the existing site
  • B. Reinstall the entire SEPM environment
  • C. Clone the still functioning SEPM and change the server.properties file
  • D. Build a new site and configure replication with the still functioning SEPM


Answer : A

A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread evenly across two sites. The administrator needs to direct replication activity to SEPM3 server in Site 1 and SEPM4 in Site 2.
Which two actions should the administrator take to direct replication activity to SEPM3 and SEPM4? (Select two.)

  • A. Install the SQL Server databases on SEPM3 and SEPM4
  • B. Ensure SEPM3 and SEPM4 are in the same time zone
  • C. Ensure SEPM3 and SEPM4 are defined as remote servers in the replication partner configuration
  • D. Install SEPM3 and SEPM4 after the other SEPMs
  • E. Ensure SEPM3 and SEPM4 are defined as the top priority server in in the Site Settings


Answer : CE

An administrator needs to increase the access speed for client files that are stored on a file server.
Which configuration should the administrator review to address the read speed from the server?

  • A. Enable Network Cache in the client"™s Virus and Spyware Protection policy
  • B. Add the applicable server to a trusted host group
  • C. Enable download randomization in the client group"™s communication settings
  • D. Create a Firewall allow rule for the server"™s IP address.


Answer : A

Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?

  • A. Host Integrity Policy
  • B. Exceptions Policy
  • C. Virus and Spyware Protection Policy
  • D. Application and Device Control Policy


Answer : C

References: https://www.symantec.com/connect/articles/sep-121-virtualization

An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment. What will the tool do when it is run on each system?

  • A. run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions
  • B. disable Tamper Protect and deploys a Sylink.xml
  • C. add a new Extended File Attribute value to all existing files
  • D. remove unique Hardware IDs and GUIDs from the system


Answer : D

A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A
Symantec Endpoint Protection administrator has set a one hour damper period for that notification condition.
How many notifications dos the administrator receive after 30 computers are infected in two hours?

  • A. 1
  • B. 15
  • C. 6
  • D. 2


Answer : D

Where in the Symantec Endpoint Protection (SEP) management console will a SEP administrator find the option to allow all users to enable and disable the client firewall?

  • A. Settings in Intrusion Prevention Policy
  • B. Overview in Firewall Policy
  • C. Client User Interface Control Settings
  • D. System Lockdown in Group Policy


Answer : C

Reference: https://www.symantec.com/connect/forums/disable-protection-endpoint-protection-manager

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files is allowed to execute.
What is the likely cause of the problem?

  • A. The application has been upgraded.
  • B. The Application and Device Control policy is in the test mode.
  • C. A file exception has been added to the Exceptions policy.
  • D. The Application and Device Control policy is allowing the file to execute.


Answer : A

In addition to performance improvements, which two benefits does Insight provide? (Select two)

  • A. Reputation scoring for documents.
  • B. False positive migration.
  • C. Zero-day threat detection.
  • D. Blocks malicious websites.
  • E. Protects against malicious java scripts.


Answer : BC

Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?

  • A. The SIC server allocates additional memory for the whitelist as needed.
  • B. The SIC server will remove items with the fewest number of votes.
  • C. The SIC server will remove the least recently used items based on the prune size.
  • D. The SIC server will start writing the cache to disk.


Answer : C

Page:    1 / 6   
Total 89 questions