Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Symantec
Symantec Certified Specialist
250-441
Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Pass the Symantec Certified Specialist 250-441 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 250-441 Premium Access

View all detail and faqs for the 250-441 exam

Go to Exam

404 Students Passed

88% Average Score

91% Same Questions

Viewing page 1 out of 3 pages

Viewing questions 1-10 out of questions

Questions # 1:

While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

Options:

Periodically log into the ATP manager and review only the Dashboard.

Implement IT Analytics to create more flexible reporting.

Dedicate an administrator to monitor new events as they flow into the ATP manager.

Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

Answer

D, E

Questions # 2:

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

Options:

Use the isolation command in ATP to move endpoint to quarantine network.

Blacklist suspicious domain in the ATP manager.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

traffic to the domain.

Run a full system scan on all endpoints

Answer

A, B

Questions # 3:

Where can an Incident Responder view Cynic results in ATP?

Options:

Events

Dashboard

File Details

Incident Details

Answer

Explanation

[Reference: https://support.symantec.com/en_US/article.HOWTO128417.html]

Questions # 4:

Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?

(Choose two.)

Options:

Administrator

Controller

User

Incident Responder

Root

Answer

A, B

Explanation

[Reference: https://support.symantec.com/en_US/article.HOWTO125620.html]

Questions # 5:

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

Options:

To have less raw data to analyze

To evaluate the data, including information from other systems

To access expanded historical data

To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

To determine the best cleanup method

Answer

B, E

Questions # 6:

What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

Options:

Reputation-based security

Event correlation

Network detection component

Detonation/sandbox

Answer

Explanation

[Reference: https://www.symantec.com/content/dam/symantec/docs/brochures/atp-brochure-en.pdf]

Questions # 7:

In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?

Options:

The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.

The Incident Response team is reviewing detections in the risk logs and assigning a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

The Incident Response team completed their analysis of the threat and added it to a blacklist.

The Incident Response team is analyzing the file to determine if it is a threat or a false positive.

Answer

Questions # 8:

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

Options:

Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

Answer

Questions # 9:

Which action should an Incident Responder take to remediate false positives, according to Symantec best

practices?

Options:

Blacklist

Whitelist

Delete file

Submit file to Cynic

Answer

Explanation

[Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/, DOCUMENTATION/10000/DOC10899/en_US/satp_security_ops_guide_3.0.5.pdf?, __gda__=1541987119_a3559016c9355c98c2ec53278a8df2a0 (119)]

Questions # 10:

How can an Incident Responder generate events for a site that was identified as malicious but has NOT

triggered any events or incidents in ATP?