What is the role of Cynic within the Advanced Threat Protection (ATP) solution?
A. Reputation-based security
B. Event correlation
C. Network detection component
D. Detonation/sandbox
Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?
A. Reports
B. Settings
C. Action Manager
D. Policies
Which best practice does Symantec recommend with the Endpoint Detection and Response feature?
A. Create a unique Cynic account to provide to ATP
B. Create a unique Symantec Messaging Gateway account to provide to ATP
C. Create a unique Symantec Endpoint Protection Manager (SEPM) administrator account to provide to ATP
D. Create a unique Email Security.cloud portal account to provide to ATP
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?
A. It ensures that the Incident is resolved, and the responder can clean up the infection.
B. It ensures that the Incident is resolved, and the responder can determine the best remediation method.
C. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
D. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)
A. Database version
B. Database IP address
C. Database domain name
D. Database hostname
E. Database name
How does an attacker use a zero-day vulnerability during the Incursion phase?
A. To perform a SQL injection on an internal server
B. To extract sensitive information from the target
C. To perform network discovery on the target
D. To deliver malicious code that breaches the target
Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?
A. Capture
B. Incursion
C. Discovery
D. Exfiltration
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?
A. To determine the best plan of action for cleaning up the infection
B. To isolate infected computers on the network and remediate the threat C. To gather threat artifacts and review the malicious code in a sandbox environment
D. To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident
Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?
A. Search
B. Action Manager
C. Incident Manager
D. Events
What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
A. Add a Quarantine firewall policy for non-compliant and non-remediated computers.
B. Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
C. Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).
D. Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
E. Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.