Pre-Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

250-587 Questions and Answers

Question # 6

Where do you configure the list of Endpoint Servers (or load balancers) to which a DLP Agent can report?

A.

In the Agent Package

B.

In the Agent Configuration

C.

In the Agent Group

D.

In the Agent Overview

Full Access
Question # 7

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

A.

Smart response on the Incident page

B.

Automated Response on the Incident Snapshot page

C.

Smart response on an Incident List report

D.

Automated response on an Incident List report

Full Access
Question # 8

A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger than 1MB are turning to .BAD files.

What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

A.

A corrupted policy was deployed.

B.

The Enforce server’s hard drive is out of space.

C.

A detection server has excessive filereader restarts.

D.

Tablespace is almost full.

Full Access
Question # 9

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

A.

Custom attributes

B.

Status attributes

C.

Sender attributes

D.

User attributes

Full Access
Question # 10

Which statement accurately describes where Optical Character Recognition (OCR) On-Premises DLP Core components must be installed?

A.

The OCR engine must be installed directly on the Enforce server.

B.

The OCR engine must be installed on one or more detection servers.

C.

The OCR server software must by installed on one or more dedicated (non-detection) Windows servers.

D.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

Full Access
Question # 11

Which option correctly describes the two-tier installation type for Symantec DLP?

A.

Install the Oracle database on one host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

C.

Install the Oracle database and a detection server on the same host, and install the Enforce server on a second host.

D.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Full Access
Question # 12

A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers.

What should the administrator do to make the Network Discover option available?

A.

Restart the Symantec DLP Controller service

B.

Apply a new software license file from the Enforce console

C.

Install a new Network Discover detection server

D.

Restart the Vontu Monitor Service

Full Access
Question # 13

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

A.

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.

Double-check that the correct device ID or class has been entered for each device

C.

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Full Access
Question # 14

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.

How should the administrator bring the detection servers to a running state in the Enforce management console?

A.

Restart the Vontu Update Service on the Enforce server

B.

Ensure the Vontu Monitor Controller service is running in the Enforce server

C.

Delete all of the .BAD files in the Incidents folder on the Enforce server

D.

Restart the Vontu Monitor Service on all the affected detection servers

Full Access
Question # 15

Which tool must a DLP administrator run to certify the database prior to upgrading DLP?

A.

Lob_Tablespace Reclamation Tool

B.

Upgrade Readiness Tool

C.

SymDiag

D.

EnforceMigrationUtility

Full Access
Question # 16

What is one difference between Exact Data Matching (EDM) and Exact Match Data Identifiers (EMDI)?

A.

EDM requires an index and EMDI does not.

B.

EDM rules can be evaluated by the DLP Agent and EMDI rules cannot.

C.

EDM is its own detection rule type and EMDI is a Data Identifier validation check.

D.

EDM is better at detecting non-standard delimiters (in ID numbers) than EMDI.

Full Access
Question # 17

Which two detection technology options run on the DLP agent? (Choose two.)

A.

Optical Character Recognition (OCR)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Form Recognition

E.

Indexed Document Matching (IDM)

Full Access
Question # 18

Which of the following actions can you implement ONLY as a Smart Response rule (and not as an automates response rule)?

A.

All: Limit Incident Data Retention

B.

Network Protect: SharePoint Release From Quarantine

C.

All: Set Attribute

D.

All: Add Note

Full Access
Question # 19

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.

What are the processes missing from the Server Detail page display?

A.

The detection server Display Control Process option is disabled on the Server Detail page.

B.

The Display Process Control setting on the Advanced Settings page is disabled.

C.

The detection server PacketCapture process is displayed on the Server Overview page.

D.

The Advanced Process Control setting on the System Settings page is deselected.

Full Access
Question # 20

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

A.

The new agent configuration was saved but not applied to any endpoint groups.

B.

The new agent configuration was copied and modified from the default agent configuration.

C.

The default agent configuration must be disabled before the new configuration can take effect.

D.

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Full Access
Question # 21

Which two detection technology options ONLY run on a detection server? (Choose two.)

A.

Form Recognition

B.

Indexed Document matching (IDM)

C.

Described Content Matching (DCM)

D.

Exact data matching (EDM)

E.

vector Machine Learning (VML)

Full Access
Question # 22

Refer to the exhibit.

What activity should occur during the baseline phase, according to the risk reduction model?

A.

Define and build the incident response team

B.

Monitor incidents and tune the policy to reduce false positives

C.

Establish business metrics and begin sending reports to business unit stakeholders

D.

Test policies to ensure that blocking actions minimize business process disruptions

Full Access
Question # 23

Why is it important for an administrator to utilize the grid scan feature?

A.

To distribute the scan workload across multiple network discover servers

B.

To distribute the scan workload across the cloud servers

C.

To distribute the scan workload across multiple endpoint servers

D.

To distribute the scan workload across multiple detection servers

Full Access
Question # 24

Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

A.

Any customer-hosted private cloud

B.

Amazon Web Services

C.

AT & T

D.

Verizon

E.

Rackspace

Full Access
Question # 25

What are two (2) reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

A.

To specify the endpoint server

B.

To specify an IP address or range

C.

To specify network card status (ON/OFF)

D.

To specify domain names

E.

To specify Wi-Fi SSID names

Full Access
Question # 26

What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

A.

Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller

B.

Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller

C.

Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.

D.

Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Full Access
Question # 27

A customer needs to integrate information form DLP incidents into external Governance, Risk, and Compliance dashboards.

Which feature should a third-party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

A.

Incident Reporting and Update API

B.

Export incidents using the CSV format

C.

A web incident extraction report

D.

Incident Data Views

Full Access
Question # 28

Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

A.

Network Discover

B.

Cloud Service for Email

C.

Endpoint Prevent

D.

Network Protect

Full Access
Question # 29

Which detection server is available from Symantec as a hardware appliance?

A.

Network Prevent for Email

B.

Network Discover

C.

Network Monitor

D.

Network Prevent for Web

Full Access
Question # 30

Why would an administrator set the Similarity Threshold to zero when testing and tuning a Vector Machine Learning (VML) profile?

A.

To capture the matches to the Negative set

B.

To capture the matches to the Positive set

C.

To see the entire range of potential matches

D.

To see the false negatives only

Full Access