Symantec 250-438 - Administration of Symantec Data Loss Prevention 15 Exam
Page: 1 / 15
Total 70 questions
Question #1 (Topic: Topic 1)
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a ג€copy to USB deviceג€ operation?
A. Add a ג€Limit Incident Data Retentionג€ response rule with ג€Retain Original Messageג€ option selected.
B. Modify the agent config.db to include the file
C. Modify the ג€Endpoint_Retain_Files.intג€ setting in the Endpoint server configuration
D. Modify the agent configuration and select the option ג€Retain Original Filesג€
Answer: A
Question #2 (Topic: Topic 1)
What is the correct configuration for ג€BoxMonitor.Channelsג€ that will allow the server to start as a Network Monitor server?
A. Packet Capture, Span Port
B. Packet Capture, Network Tap
C. Packet Capture, Copy Rule
D. Packet capture, Network Monitor
Answer: C
Question #3 (Topic: Topic 1)
Under the ג€System Overviewג€ in the Enforce management console, the status of a Network Monitor detection server is shown as ג€Running Selected.ג€ The Network
Monitor serverג€™s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
Monitor serverג€™s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
A. There is insufficient disk space on the Network Monitor server.
B. The Network Monitor serverג€™s certificate is corrupt or missing.
C. The Network Monitor serverג€™s license file has expired.
D. The Enforce and Network Monitor servers are running different versions of DLP.
Answer: D
Question #4 (Topic: Topic 1)
Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)
A. Any customer-hosted private cloud
B. Amazon Web Services
C. AT&T
D. Verizon
E. Rackspace
Answer: BE
Question #5 (Topic: Topic 1)
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Ciscoג€™s
role has the ג€User Reportingג€ privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Ciscoג€™s
role has the ג€User Reportingג€ privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
A. Only DLP administrators are permitted to access and view data for high risk users.
B. The Enforce server has insufficient permissions for importing user attributes.
C. User attribute data must be configured separately from incident data attributes.
D. User attributes have been incorrectly mapped to Active Directory accounts.
Answer: D
