A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SEP Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process. What is the most likely reason?
A. The block rule is below the blue line.
B. The server has an IPS exception for that traffic.
C. Peer-to-peer authentication is allowing the traffic.
D. The server is in the IPS policy excluded hosts list.
A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period. Where should the administrator adjust the time to block the attacking computer?
A. in the firewall policy, under Protection and Stealth
B. in the firewall policy, under Built in Rules
C. in the group policy, under External Communication Settings
D. in the group policy, under Communication Settings
A company has an application that requires network traffic in both directions to multiple systems at a specific external domain. A firewall rule was created to allow traffic to and from the external domain, but the rule is blocking incoming traffic. What should an administrator enable in the firewall policy to allow this traffic?
A. TCP resequencing
B. Smart DHCP
C. Reverse DNS Lookup
D. Smart WINS
A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application. Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?
A. create an Allow Firewall rule for the application and place it at the bottom of the firewall rules below the blue line
B. create an Allow Firewall rule for the application and place it at the bottom of the firewall rules above the blue line
C. create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line
D. create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line
An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies. Which two actions occur when a virus is detected? (Select two.)
A. replace the file with a place holder
B. check the reputation
C. store in Quarantine folder
D. send the file to Symantec Insight
E. encrypt the file
In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two factors should the administrator consider? (Select two.)
A. The deleted file may still be in the Recycle Bin.
B. IT Analytics may keep a copy of the file for investigation.
C. False positives may delete legitimate files.
D. Insight may back up the file before sending it to Symantec.
E. A copy of the threat may still be in the quarantine.
Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)
A. Another scan is in progress.
B. The detected file is in use.
C. There are insufficient file permissions.
D. The file is marked for deletion by Windows on reboot.
E. The file has good reputation.
An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat. Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?
A. Risk log
B. Computer Status report
C. Notifications
D. Infected and At Risk Computers report
Which action does SONAR take before convicting a process?
A. quarantines the process
B. blocks suspicious behavior
C. reboots the system
D. checks the reputation of the process
How are Insight results stored?
A. encrypted on the Symantec Endpoint Protection Manager
B. unencrypted on the Symantec Endpoint Protection Manager
C. encrypted on the Symantec Endpoint Protection client
D. unencrypted on the Symantec Endpoint Protection client
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ST0-134 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.