logo

Symantec 250-587 - Symantec Data Loss Prevention 16.x Administration Technical Specialist Exam

Download Exam View Entire Exam Collapse/Expand All Expose All Answers
Page: 2 / 14
Total 66 questions
Question #6 (Topic: Exam A)
Which detection server is available from Symantec as a hardware appliance?
A. Network Prevent for Email B. Network Prevent for Web C. Network Monitor D. Network Discover
Answer: B
Question #7 (Topic: Exam A)
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitored by Application File Access Control?
A. Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings. B. Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers. C. Add a “custom_app.exe” Application Monitoring Configuration and de-select all its channel options. D. Add “custom_app.exe” as a filename exception to the Endpoint Prevent policy.
Answer: A
Question #8 (Topic: Exam A)
Refer to the exhibit. What activity should occur during the baseline phase, according to the risk reduction model?
A. Monitor incidents and tune the policy to reduce false positives B. Define and build the incident response team C. Establish business metrics and begin sending reports to business unit stakeholders D. Test policies to ensure that blocking actions minimize business process disruptions
Answer: A
Question #9 (Topic: Exam A)
How should a DLP administrator change a policy that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?
A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected B. Modify the agent configuration and select the option “Retain Original Files” C. Modify the agent config.db to include the file D. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
Answer: B
Question #10 (Topic: Exam A)
Which two (2) of the following automated response rule types could be successfully executed by a policy who’s only detection rule is an Exact Data Matching (EDM) rule? (Choose two.)
A. Endpoint Prevent: Block B. All: Send Email Notification C. Endpoint Discover: Quarantine File D. Network Protect: Quarantine File E. Endpoint Prevent: User Cancel
Answer: AB
Download Exam
Page: 2 / 14
Total 66 questions