250-441 Exam Dumps - Symantec Certified Specialist Questions and Answers

Page: 1 / 3

Questions 4

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

Options:

Add a Quarantine firewall policy for non-compliant and non-remediated computers.

Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager

(SEPM).

Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Buy Now

Questions 5

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an

incident. ATP is configured in TAP mode.

What should the Incident Responder do to stop the traffic to the IRC channel?

Options:

Isolate the endpoint with a Quarantine Firewall policy

Blacklist the IRC channel IP

Blacklist the endpoint IP

Isolate the endpoint with an application control policy

Buy Now

Questions 6

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.

Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

Options:

Report the users to their manager for unauthorized usage of company resources

Blacklist the domains and IP associated with the malicious traffic

Isolate the endpoints

Blacklist the endpoints

Find and blacklist the P2P client application

Buy Now

Questions 7

How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?