March Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

250-441 Questions and Answers

Question # 6

An Incident Responder launches a search from ATP for a file hash. The search returns the results

immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and

does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

A.

The search runs and returns results in ATP and then displays them in SEPM.

B.

This is only an endpoint search.

C.

This is a database search; a command is NOT sent to SEPM for this type of search.

D.

The browser cached result from a previous search with the same criteria.

Full Access
Question # 7

An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all

connections are properly secured.

Which connections should the administrator secure with signed SSL certificates?

A.

ATP and the Symantec Endpoint Protection Manager (SEPM)

ATP and SEP clients

Web access to the GUI

B.

ATP and the Symantec Endpoint Protection Manager (SEPM)

ATP and SEP clients

ATP and Email Security.cloud

Web access to the GUI

C.

ATP and the Symantec Endpoint Protection Manager (SEPM)

D.

ATP and the Symantec Endpoint Protection Manager (SEPM)

Web access to the GUI

Full Access
Question # 8

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

A.

Does the organization need to do a healthcheck in the environment?

B.

Are certain endpoints being repeatedly attacked?

C.

Is the organization being attacked by this external entity repeatedly?

D.

Do ports need to be blocked or opened on the firewall?

E.

Does a risk assessment need to happen in the environment?

Full Access
Question # 9

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

A.

The responder needs to analyze with Cynic

B.

The responder needs to isolate it from the network

C.

The responder needs to write firewall rules

D.

The responder needs to add the file to a whitelist

Full Access
Question # 10

A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to

implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.

Why does the company need more than one ATP manager?

A.

An ATP manager can only connect to a SQL backend

B.

An ATP manager can only support 30,000 SEP clients

C.

An ATP manager can only support 10 SEP site connections.

D.

An ATP manager needs to be installed at each location where a Symantec Endpoint Protection Manager (SEPM) is located.

Full Access
Question # 11

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

A.

Reputation-based security

B.

Event correlation

C.

Network detection component

D.

Detonation/sandbox

Full Access
Question # 12

Which threat is an example of an Advanced Persistent Threat (APT)?

A.

Koobface

B.

Brain

C.

Flamer

D.

Creeper

Full Access
Question # 13

Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log

Collector?

A.

SEPM embedded database name

B.

SEPM embedded database type

C.

SEPM embedded database version

D.

SEPM embedded database password

Full Access
Question # 14

An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated.

Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?

A.

Intrusion Prevention

B.

Firewall

C.

SONAR

D.

Application and Device Control

Full Access