Exam Details

  • Exam Code
    :250-315
  • Exam Name
    :Administration of Symantec Endpoint Protection 12.1
  • Certification
    :Symantec Certifications
  • Vendor
    :Symantec
  • Total Questions
    :275 Q&As
  • Last Updated
    :Jul 06, 2025

Symantec Symantec Certifications 250-315 Questions & Answers

  • Question 51:

    Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

    A. Application Learning can generate increased false positives.

    B. Application Learning should be deployed on a small group of systems in the enterprise.

    C. Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.

    D. Application Learning requires a file fingerprint list to be created in advance.

    E. Application Learning is dependent on Insight.

  • Question 52:

    A Symantec Endpoint Protection (SEP) administrator performed a disaster recovery without a database backup.

    In which file should the SEP administrator add "scm.agent.groupcreation=true" to enable the automatic creation of client groups?

    A. settings.conf

    B. conf.properties

    C. catalina.out

    D. httpd.conf

  • Question 53:

    Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.

    What is the quickest way an administrator can restore the environment to its original state?

    A. build a new site and configure replication with the still functioning SEPM

    B. install a new SEPM into the existing site

    C. clone the still functioning SEPM and change the server.properties file

    D. reinstall the entire SEPM environment

  • Question 54:

    What is an appropriate use of a file fingerprint list?

    A. allow unknown files to be downloaded with Insight

    B. prevent programs from running

    C. prevent AntiVirus from scanning a file

    D. allow files to bypass Intrusion Prevention detection

  • Question 55:

    When can an administrator add a new replication partner?

    A. immediately following the first LiveUpdate session of the new site

    B. during a Symantec Endpoint Protection Manager upgrade

    C. during the initial install of the new site

    D. immediately following a successful Active Directory sync

  • Question 56:

    An administrator is re-adding an existing Replication Partner to the local Symantec Endpoint Protection Manager site.

    Which two parameters are required to re-establish this replication partnership? (Select two.)

    A. remote server IP Address and port

    B. remote site Encryption Password

    C. remote site Domain ID

    D. remote server Administrator credentials

    E. remote SQL database account credentials

  • Question 57:

    Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

    A. Subnet

    B. Network Services

    C. Application Protocol

    D. DNS Domain

    E. Network Adapters

  • Question 58:

    A Symantec Endpoint Protection administrator needs to prevent users from modifying files in a specific program folder that is on all client machines.

    What does the administrator need to configure?

    A. a file and folder exception in the Exception policy

    B. an application rule set in the Application and Device Control policy

    C. a file fingerprint list and System Lockdown

    D. the Tamper Protection settings for the client folder

  • Question 59:

    A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.

    What is the likely cause of the problem?

    A. The application has been upgraded.

    B. The Application and Device Control policy is in test mode.

    C. A file exception has been added to the Exceptions policy.

    D. The Application and Device Control policy is allowing the file to execute.

  • Question 60:

    A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SEP Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process.

    What is the most likely reason?

    A. The block rule is below the blue line.

    B. The server has an IPS exception for that traffic.

    C. Peer-to-peer authentication is allowing the traffic.

    D. The server is in the IPS policy excluded hosts list.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-315 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.