Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Dumpsbuddy Logo
  1. Home
  2. Symantec
  3. Symantec Certified Specialist
  4. 250-441
  5. Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

250-441 Administration of Symantec Advanced Threat Protection 3.0 Questions and Answers

Questions 4

An Incident Responder launches a search from ATP for a file hash. The search returns the results

immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and

does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

Options:

A.

The search runs and returns results in ATP and then displays them in SEPM.

B.

This is only an endpoint search.

C.

This is a database search; a command is NOT sent to SEPM for this type of search.

D.

The browser cached result from a previous search with the same criteria.

Buy Now
Questions 5

In which scenario should an Incident Responder manually submit a file to the Cynic portal?

Options:

A.

There is a file on a USB that an Incident Responder wants to analyze in a sandbox.

B.

An Incident Responder is unable to remember the password to the .zip archive.

C.

The file has generated multiple incidents in the ATP manager and an Incident Responder wants to blacklist the file.

D.

The file is a legitimate application and an Incident Responder wants to report it to Symantec as a false

positive.

Buy Now
Questions 6

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

Options:

A.

Discovery

B.

Capture

C.

Exfiltration

D.

Incursion

Buy Now
Questions 7

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

Options:

A.

Add a Quarantine firewall policy for non-compliant and non-remediated computers.

B.

Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

C.

Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager

(SEPM).

D.

Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

E.

Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Buy Now
Questions 8

What should an Incident Responder do to mitigate a false positive?

Options:

A.

Add to Whitelist

B.

Run an indicators of compromise (IOC) search

C.

Submit to VirusTotal

D.

Submit to Cynic

Buy Now
Questions 9

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose

two.)

Options:

A.

Policies page

B.

Action Manager

C.

Syslog

D.

Incident Manager

E.

Indicators of compromise (IOC) search

Buy Now
Questions 10

An Incident Responder observers and incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?

How should the Incident responder proceed?

Options:

A.

Whitelist the domain and close the incident as a false positive

B.

Identify the pieces of malware and blacklist them, then notify the supplier

C.

Blacklist the domain and IP of the attacking site

D.

Notify the supplier and block the site on the external firewall

Buy Now
Questions 11

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.

Which approach allows the customer to meet this need?

Options:

A.

Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic

B.

Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

C.

Use the ATP console to check whether the MD5 hash triggers a detection from Cynic

D.

Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic

Buy Now
Questions 12

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

Options:

A.

Reputation-based security

B.

Event correlation

C.

Network detection component

D.

Detonation/sandbox

Buy Now
Questions 13

An Incident Responder wants to run a database search that will list all client named starting with SYM.

Which syntax should the responder use?

Options:

A.

hostname like “SYM”

B.

hostname “SYM”

C.

hostname “SYM*”

D.

hostname like “SYM*”

Buy Now
Questions 14

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

Options:

A.

Exfiltration

B.

Incursion

C.

Capture

D.

Discovery

Buy Now
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Nov 24, 2024
Questions: 96

PDF + Testing Engine

$134.99
buy now 250-441 pdf + testing engine

Testing Engine

$99.99
buy now 250-441 testing engine

PDF (Q&A)

$84.99
buy now 250-441 pdf