An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?
An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all
connections are properly secured.
Which connections should the administrator secure with signed SSL certificates?
An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP
manager.
Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)
During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.
Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?
Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)
How can an Incident Responder generate events for a site that was identified as malicious but has NOT
triggered any events or incidents in ATP?
Malware is currently spreading through an organization’s network. An Incident Responder sees some
detections in SEP, but there is NOT an apparent relationship between them.
How should the responder look for the source of the infection using ATP?
What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?
Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.
PDF + Testing Engine |
---|
$57.75 |
Testing Engine |
---|
$43.75 |
PDF (Q&A) |
---|
$36.75 |
Symantec Free Exams |
---|
|