Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.

Which two objects in the STIX report will ATP search against? (Choose two.)

A.

SHA-256 hash

B.

MD5 hash

C.

MAC address

D.

SHA-1 hash

E.

Registry entry

Full Access
Question # 5

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

A.

The responder needs to analyze with Cynic

B.

The responder needs to isolate it from the network

C.

The responder needs to write firewall rules

D.

The responder needs to add the file to a whitelist

Full Access
Question # 6

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

A.

Use the isolation command in ATP to move endpoint to quarantine network.

B.

Blacklist suspicious domain in the ATP manager.

C.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

D.

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

E.

traffic to the domain.

F.

Run a full system scan on all endpoints

Full Access
Question # 7

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

A.

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.

B.

The endpoint automatically switches to using a System Lockdown location, where a System Lockdown

policy is applied to the computer.

C.

The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is

applied to the computer.

D.

The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Full Access
Question # 8

A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to

implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.

Why does the company need more than one ATP manager?

A.

An ATP manager can only connect to a SQL backend

B.

An ATP manager can only support 30,000 SEP clients

C.

An ATP manager can only support 10 SEP site connections.

D.

An ATP manager needs to be installed at each location where a Symantec Endpoint Protection Manager (SEPM) is located.

Full Access
Question # 9

Which threat is an example of an Advanced Persistent Threat (APT)?

A.

Loyphish

B.

Aurora

C.

ZeroAccess

D.

Michelangelo

Full Access
Question # 10

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an

endpoint?

A.

System Lockdown

B.

Intrusion Prevention System

C.

Firewall

D.

SONAR

Full Access
Question # 11

While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

A.

Periodically log into the ATP manager and review only the Dashboard.

B.

Implement IT Analytics to create more flexible reporting.

C.

Dedicate an administrator to monitor new events as they flow into the ATP manager.

D.

Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

E.

Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

Full Access
Question # 12

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose

two.)

A.

Database version

B.

Database IP address

C.

Database domain name

D.

Database hostname

E.

Database name

Full Access
Question # 13

An Incident responder added a files NDS hash to the blacklist.

Which component of SEP enforces the blacklist?

A.

Bloodhound

B.

System Lockdown

C.

Intrusion Prevention

D.

SONAR

Full Access
Question # 14

Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?

A.

Recover

B.

Protect

C.

Respond

D.

Identify

Full Access