An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)
A. Report the users to their manager for unauthorized usage of company resources
B. Blacklist the domains and IP associated with the malicious traffic
C. Isolate the endpoints
D. Blacklist the endpoints
E. Find and blacklist the P2P client application
Which threat is an example of an Advanced Persistent Threat (APT)?
A. ILOVEYOU
B. Conficker
C. MyDoom
D. GhostNet
An ATP administrator is setting up correlation with Email Security.cloud.
What is the minimum Email Security.cloud account privilege required?
A. Standard User Role - Report
B. Standard User Role - Service
C. Standard User Role - Support
D. Standard User Role - Full Access
An ATP Administrator set up ATP: Network in TAP mode and has placed URLs on the blacklist. What will happen when a user attempts to access one of the blacklisted URLs?
A. Access to the website is blocked by the network scanner but an event is NOT generated
B. Access to the website is blocked by the network scanner and a network event is generated
C. Access to the website is allowed by the network scanner but blocked by ATP: Endpoint and an endpoint event is generated
D. Access to the website is allowed by the network scanner but a network event is generated
Which detection method identifies a file as malware after SEP has queried the file's reputation?
A. Skeptic
B. Vantage
C. Insight
D. Cynic
An organization is considering an ATP: Endpoint and Network deployment with multiple appliances. Which form factor will be the most effective in terms of performance and costs?
A. Virtual for management, physical for the network scanners and ATP: Endpoint
B. Physical for management and ATP: Endpoint, virtual for the network scanners
C. Virtual for management and ATP: Endpoint, physical for the network scanners
D. Virtual for management, ATP: Endpoint, and the network scanners
An Incident Responder wants to use a STIX file to run an indicators of compromise (IOC) search. Which format must the administrator use for the file?
A. .csv
B. .xml
C. .mht
D. .html
Which endpoint detection method allows for information about triggered processes to be displayed in ATP?
A. SONAR
B. Insight
C. System Lockdown
D. Antivirus
Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
A. To have a copy of the file policy enforcement
B. To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)
C. To create custom IPS signatures
D. To document and preserve any pieces of evidence associated with the incident
In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?
A. The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.
B. The Incident Response team is reviewing detections in the risk logs and assigning a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).
C. The Incident Response team completed their analysis of the threat and added it to a blacklist.
D. The Incident Response team is analyzing the file to determine if it is a threat or a false positive.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.