1. Home
  2. Symantec
  3. 250-441

Administration of Symantec Advanced Threat Protection 3.0

Exam Details

  • Exam Code
    :250-441
  • Exam Name
    :Administration of Symantec Advanced Threat Protection 3.0
  • Certification
    :Symantec Certified Specialist
  • Vendor
    :Symantec
  • Total Questions
    :95 Q&As
  • Last Updated
    :May 08, 2024

Symantec Symantec Certified Specialist 250-441 Questions & Answers

  • Question 21:

    Which two non-Symantec methods for restricting traffic are available to the Incident Response team? (Choose two.)

    A. Temporarily disconnect the local network from the internet.

    B. Create an Access Control List at the router to deny traffic.

    C. Analyze traffic using Wireshark protocol analyzer to identify the source of the infection.

    D. Create a DNS sinkhole server to block malicious traffic.

    E. Isolate computers so they are NOT compromised by infected computers.

  • Question 22:

    What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

    A. Reputation-based security

    B. Event correlation

    C. Network detection component

    D. Detonation/sandbox

  • Question 23:

    An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

    In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

    A. The responder needs to analyze with Cynic

    B. The responder needs to isolate it from the network

    C. The responder needs to write firewall rules

    D. The responder needs to add the file to a whitelist

  • Question 24:

    An Incident Responder added a file's MD5 hash to the blacklist. Which component of SEP enforces the blacklist?

    A. Bloodhound

    B. System Lockdown

    C. Intrusion Prevention

    D. SONAR

  • Question 25:

    What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?

    A. SEP and Symantec Messaging Gateway

    B. SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)

    C. SEP and Symantec Email Security.cloud

    D. SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud

  • Question 26:

    During a recent virus outbreak, an Incident Responder found that the Incident Response team was successful in identifying malicious domains that were communicating with the infected endpoints.

    Which two options should the Incident Responder select to prevent endpoints from communicating with malicious domains? (Select two.)

    A. Use the isolate command in ATP to move all endpoints to a quarantine network.

    B. Blacklist suspicious domains in the ATP manager.

    C. Deploy a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

    D. Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

    E. Run a full system scan on all endpoints.

  • Question 27:

    What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?

    A. It allows for Microsoft Incident Responders to assist in remediation

    B. ATP can access the database using a log collector on the SEPM host

    C. It allows for Symantec Incident Responders to assist in remediation

    D. ATP can access the database without any special host system requirements

  • Question 28:

    Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?

    A. Email Protect (antivirus and anti-spam)

    B. Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)

    C. Symantec Messaging Gateway

    D. Skeptic

  • Question 29:

    What should an Incident Responder do to mitigate a false positive?

    A. Add to Whitelist

    B. Run an indicators of compromise (IOC) search

    C. Submit to VirusTotal

    D. Submit to Cynic

  • Question 30:

    ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

    Which step should the Incident Response team incorporate into their plan of action?

    A. Perform a healthcheck of ATP

    B. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

    C. Use ATP to isolate non-SEP protected computers to a remediation VLAN

    D. Rejoin the endpoints back to the network after completing a final virus scan

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.