Symantec Symantec Certifications 250-315 Questions & Answers

• Question 61:

  A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system.

  In which feature set order must the threat pass through to successfully infect the system?

  A. Download Insight, Firewall, IPS

  B. Firewall, IPS, Download Insight

  C. IPS, Firewall, Download Insight

  D. Download Insight, IPS, Firewall

  Correct Answer: B

• Question 62:

  A company has an application that requires network traffic in both directions to multiple systems at a specific external domain. A firewall rule was created to allow traffic to and from the external domain, but the rule is blocking incoming traffic.

  What should an administrator enable in the firewall policy to allow this traffic?

  A. TCP resequencing

  B. Smart DHCP

  C. Reverse DNS Lookup

  D. Smart WINS

  Correct Answer: C

• Question 63:

  A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.

  Where should the administrator adjust the time to block the attacking computer?

  A. in the firewall policy, under Protection and Stealth

  B. in the firewall policy, under Built in Rules

  C. in the group policy, under External Communication Settings

  D. in the group policy, under Communication Settings

  Correct Answer: A

• Question 64:

  A threat was detected by Auto-Protect on a client system.

  Which command can an administrator run to determine whether additional threats exist?

  A. Restart Client Computer

  B. Update Content and Scan

  C. Enable Network Threat Protection

  D. Enable Download Insight

  Correct Answer: A

• Question 65:

  In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk.

  Which two factors should the administrator consider? (Select two.)

  A. The deleted file may still be in the Recycle Bin.

  B. IT Analytics may keep a copy of the file for investigation.

  C. False positives may delete legitimate files.

  D. Insight may back up the file before sending it to Symantec.

  E. A copy of the threat may still be in the quarantine.

  Correct Answer: CE

• Question 66:

  Refer to the exhibit.

  

  In the use case displayed in the exhibit, why is Notepad unable to save the changes to this file?

  A. Tamper Protection is preventing Notepad from modifying the host file.

  B. SONAR is set to block host file modifications.

  C. System Lockdown is enabled.

  D. SONAR High Risk detection is set to Block.

  Correct Answer: B

• Question 67:

  An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies.

  Which two actions occur when a virus is detected? (Select two.)

  A. replace the file with a place holder

  B. check the reputation

  C. store in Quarantine folder

  D. send the file to Symantec Insight

  E. encrypt the file

  Correct Answer: CE

• Question 68:

  How are Insight results stored?

  A. encrypted on the Symantec Endpoint Protection Manager

  B. unencrypted on the Symantec Endpoint Protection Manager

  C. encrypted on the Symantec Endpoint Protection client

  D. unencrypted on the Symantec Endpoint Protection client

  Correct Answer: C

• Question 69:

  Which two options are available when configuring DNS change detected for SONAR? (Select two.)

  A. Block

  B. Active Response

  C. Quarantine

  D. Log

  E. Trace

  Correct Answer: AD

• Question 70:

  What are two criteria that Symantec Insight uses to evaluate binary executables? (Select two.)

  A. sensitivity

  B. prevalence

  C. confidentiality

  D. content

  E. age

  Correct Answer: BE