1. Home
  2. Symantec
  3. 250-428

Administration of Symantec Endpoint Protection 14

Exam Details

  • Exam Code
    :250-428
  • Exam Name
    :Administration of Symantec Endpoint Protection 14
  • Certification
    :Symantec Certifications
  • Vendor
    :Symantec
  • Total Questions
    :165 Q&As
  • Last Updated
    :Apr 21, 2025

Symantec Symantec Certifications 250-428 Questions & Answers

  • Question 21:

    An organization has a small group of Incident Responders (IR) using pentest tools and network monitoring (AngryIP scanner, Nmap). They need to allow all inbound and outbound traffic for their tools. What policy changes does the SEP Administrator need to configure in the SEPM?

    A. Create a Firewall rule that allows all hosts in the Firewall policy and enable Host Integrity

    B. Create a Firewall rule that allows all hosts in the Firewall policy and add the computers as a Trusted Web Domain in the Exceptions policy

    C. Create a Firewall rule that allows all hosts in the Firewall policy and enable System Lockdown

    D. Create a Firewall rule for each application in the firewall policy and add the IR computers to the Excluded Hosts in the IPS policy

  • Question 22:

    An organization needs to be notified when certain types of events happen in their SEP environment.

    What notification type should the SEP Administrator create to see attacks and events that the firewall or Intrusion Protection System (IPS) detects?

    A. Create a Client Security Notification that filters by Traffic Events

    B. Create a Client Security Notification that filters by Compliance Events

    C. Create a Client Security Notification that filters by Network and Host Mitigation Events

    D. Create a Client Security Notification that filters by Packet Events

  • Question 23:

    An organization has several Symantec Endpoint Protection Management (SEPM) Servers without access to the Internet. The SEPM can only run LiveUpdate within a specified "maintenance window" outside of business hours. What content distribution method should the organization utilize?

    A. Group Update Provider

    B. External LiveUpdate

    C. JDB file

    D. Internal LiveUpdate

  • Question 24:

    What should an administrator utilize to identify devices on a Mac?

    A. Use DevViewer when the Device is connected

    B. Use GatherSymantecInfo when the Device is connected

    C. Use DeviceInfo when the Device is connected

    D. Use Device Manager when the Device is connected

  • Question 25:

    An organization has a small group of servers with large drive volumes.

    What setting in the Virus and Spyware Protection policy can the organization utilize when scheduling scans on these servers?

    A. Use resumable scans

    B. Use Shared Insight Cache

    C. Adjust Auto Protect Settings

    D. Randomize scheduled scans

  • Question 26:

    What two core technologies does Symantec Endpoint Protection firewall utilize? (Choose two.)

    A. Circuit-level gateway

    B. Packet filtering

    C. Stateful

    D. Application-level gateway

    E. Deep packet inspection

  • Question 27:

    An organization created a rule in the Application and Device Control policy to block peer-to-peer applications. What two other protection technologies can block and log such unauthorized application? (Choose two.)

    A. Memory Exploit Mitigation

    B. Virus and Spyware Protection

    C. Custom IPS Signatures

    D. Host Integrity

    E. Firewall

  • Question 28:

    An organization needs to ensure that SEP detects a malicious or potentially malicious file when downloaded via a text messaging client. What feature can an organization enable in the Virus and Spyware Protection policy and modify its sensitivity settings?

    A. Global Scan Options

    B. SONAR

    C. Internet Email Auto Protect

    D. Download Protection

  • Question 29:

    An organization is troubleshooting a SONAR false positive and has created an exclusion for the in-house application generating the detection. How can the organization use Process Explorer to verify that the exclusion works?

    A. Use Process Explorer to see if secars.dll is still there. If secars.dll is still present in the application as an injected process, ensure the updated policy is applied to the group

    B. Use Process Explorer to see if UMEngx86.dll is still there. If UMEngx86.dll is still present in the application as an injected process, ensure the updated policy is applied to the group

    C. Use Process Explorer to see if IPSFFPI.dll is still there. If IPSFFPI.dll is still present in the application as an injected process, ensure the updated policy is applied to the group

    D. Use Process Explorer to see if sysfer.dll is still there. If sysfer.dll is still present in the application as an injected process, ensure the updated policy is applied to the group

  • Question 30:

    What SEPM report should an administrator utilize to view the files that Download Insight detected on your computers, after configuring Download Insight?

    A. Risk Distribution

    B. SONAR Detection Results

    C. Download Risk Distribution

    D. Risk Detections Count

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-428 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.