An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated.

Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?

A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:

Network to scan internet traffic at both sites.

Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?

Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details

page? (Choose two.)

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an

endpoint?

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.

Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose

two.)

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization’s defenses from the inside?

What is the role of Synapse within the Advanced Threat Protection (ATP) solution?

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the

After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)