1. Home
  2. Symantec
  3. 250-315

Administration of Symantec Endpoint Protection 12.1

Exam Details

  • Exam Code
    :250-315
  • Exam Name
    :Administration of Symantec Endpoint Protection 12.1
  • Certification
    :SCS
  • Vendor
    :Symantec
  • Total Questions
    :275 Q&As
  • Last Updated
    :May 15, 2024

Symantec SCS 250-315 Questions & Answers

  • Question 11:

    Which step is unnecessary when an administrator creates an application rule set?

    A. define a provider

    B. select a process to apply

    C. select a process to exclude

    D. define rule order

  • Question 12:

    A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

    Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

    A. create an Allow Firewall rule for the application and place it at the bottom of the firewall rules below the blue line

    B. create an Allow Firewall rule for the application and place it at the bottom of the firewall rules above the blue line

    C. create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

    D. create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line

  • Question 13:

    An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the files, the infection continues to display in the logs.

    Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)

    A. Risk Tracer

    B. Terminate Processes Automatically

    C. Early Launch Anti-Malware Driver

    D. Stop Service Automatically

    E. Stop and Reload AutoProtect

  • Question 14:

    An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems applies the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.

    Which action should the administrator take to ensure that the desired setting is in place on the client?

    A. Restart the client system

    B. Run a command on the computer to Update Content

    C. Enable the padlock next to the setting in the policy

    D. Withdraw the Virus and Spyware Protection policy

  • Question 15:

    You have executed the vxdg -g diskgroup adddisk disk_name= command. Which switch needs to be added to force VxVM to take the disk media name of the failed disk and assign it to the new replacement disk?

    A. -force

    B. -k

    C. -f

    D. -assign

  • Question 16:

    Refer to the exhibit.

    Which settings can impact the Files trusted count?

    A. SONAR settings in the Virus and Spyware Protection policy

    B. System Lockdown Whitelist in the Application and Device Control policy

    C. Insight settings in the Virus and Spyware Protection policy

    D. File Cache settings in the Virus and Spyware Protection policy

  • Question 17:

    What does SONAR use to reduce false positives?

    A. Virus and Spyware definitions

    B. File Fingerprint list

    C. Symantec Insight

    D. Extended File Attributes (EFA) table

  • Question 18:

    Which action does SONAR take before convicting a process?

    A. quarantines the process

    B. blocks suspicious behavior

    C. reboots the system

    D. checks the reputation of the process

  • Question 19:

    An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

    Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

    A. Risk log

    B. Computer Status report

    C. Notifications

    D. Infected and At Risk Computers report

  • Question 20:

    Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

    A. Another scan is in progress.

    B. The detected file is in use.

    C. There are insufficient file permissions.

    D. The file is marked for deletion by Windows on reboot.

    E. The file has good reputation.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-315 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.