250-441 Exam Details

  • Exam Code
    :250-441
  • Exam Name
    :Administration of Symantec Advanced Threat Protection 3.0
  • Certification
    :Symantec Certifications
  • Vendor
    :Symantec
  • Total Questions
    :95 Q&As
  • Last Updated
    :

Symantec 250-441 Online Questions & Answers

  • Question 1:

    Which SEP technologies are used by ATP to enforce the blacklisting of files?

    A. Application and Device Control
    B. SONAR and Bloodhound
    C. System Lockdown and Download Insight
    D. Intrusion Prevention and Browser Intrusion Prevention

  • Question 2:

    An Incident Responder discovers an incident where all systems are infected with a file that has the same name and different hash. As a result, the organism view has multiple entries for the malicious file. What is causing this issue?

    A. This is a polymorphic threat
    B. This is a DDoS attack
    C. The file has multiple hashes
    D. The file is trying to phone home

  • Question 3:

    Which detection method identifies a file as malware after SEP has queried the file's reputation?

    A. Skeptic
    B. Vantage
    C. Insight
    D. Cynic

  • Question 4:

    DRAG DROP

    Which level of privilege corresponds to each ATP account type? Match the correct account type to the corresponding privileges.

    Select and Place:

  • Question 5:

    Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)

    A. Analyze suspicious code with Cynic
    B. Email the files to Symantec Technical Support
    C. Double-click to open the files
    D. Diagnose the files as a threat based on the file names
    E. Submit the files to Security Response

  • Question 6:

    Why is it important for an Incident Responder to analyze an incident during the Recovery phase?

    A. To determine the best plan of action for cleaning up the infection
    B. To isolate infected computers on the network and remediate the threat
    C. To gather threat artifacts and review the malicious code in a sandbox environment
    D. To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident

  • Question 7:

    Which action should an Incident Responder take to remediate false positives, according to Symantec best practices?

    A. Blacklist
    B. Whitelist
    C. Delete file
    D. Submit file to Cynic

  • Question 8:

    What is the second stage of an Advanced Persistent Threat (APT) attack?

    A. Exfiltration
    B. Incursion
    C. Discovery
    D. Capture

  • Question 9:

    Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?

    A. 8446
    B. 8081
    C. 8014
    D. 1433

  • Question 10:

    Which endpoint detection method allows for information about triggered processes to be displayed in ATP?

    A. SONAR
    B. Insight
    C. System Lockdown
    D. Antivirus

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.