How can an Incident Responder generate events for a site that was identified as malicious but has NOT
triggered any events or incidents in ATP?
A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:
Network to scan internet traffic at both sites.
Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?
Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?
What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an
incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?
An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?
TESTED 22 Feb 2025
