Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?
A. 8446
B. 8081
C. 8014
D. 1433
Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?
A. Recover
B. Protect
C. Respond
D. Identify
Which final steps should an Incident Responder take before using ATP to rejoin a remediated endpoint to the network, according to Symantec best practices?
A. Run an additional antivirus scan with the latest definitions. If the scan comes back as clean, rejoin the computer to the production network.
B. Run Windows Update to patch the system with the latest service pack. Once the system is up-to-date, rejoin the computer to the production network.
C. Use SymDiag to run a Threat Scan Analysis on the machine. Once the analysis comes back as clean, rejoin the computer to the production network.
D. Upgrade the client to the latest version of SEP. Once the client is upgraded, rejoin the computer to the production network.
An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.
Which two objects in the STIX report will ATP search against? (Choose two.)
A. SHA-256 hash
B. MD5 hash
C. MAC address
D. SHA-1 hash
E. Registry entry
What is the minimum amount of RAM required for a virtual deployment of the ATP Manager in a production environment?
A. 48 GB
B. 64 GB
C. 16 GB
D. 32GB
A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP: Network to scan internet traffic at both sites.
Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?
A. Site A 8840 x4 ?Site B 8880 x2
B. Site A 8880 x2 ?Site B 8840 x1
C. Site A 8880 x1 ?Site B 8840 x6
D. Site A 8880 x1 ?Site B 8880 x2
Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager? (Choose two.)
A. Administrator
B. Controller
C. User
D. Incident Responder
E. Root
Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?
A. Capture
B. Incursion
C. Discovery
D. Exfiltration
An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?
A. All tokens
B. Domainname, Filename, and Filehash
C. Filename, Filehash, and Registry
D. Domainname and Filename only
An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all connections are properly secured.
Which connections should the administrator secure with signed SSL certificates?
A. ATP and the Symantec Endpoint Protection Manager (SEPM) ATP and SEP clients Web access to the GUI
B. ATP and the Symantec Endpoint Protection Manager (SEPM) ATP and SEP clients ATP and Email Security.cloud Web access to the GUI
C. ATP and the Symantec Endpoint Protection Manager (SEPM)
D. ATP and the Symantec Endpoint Protection Manager (SEPM) Web access to the GUI
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.