Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Ace the Symantec 250-441 Exam: Ultimate Preparation Guide

Questions 11

An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.

Which search query and type should the responder run?

Options:

A.

Database search filename “msscrt.pdf”

B.

Database search msscrt.pdf

C.

Endpoint search filename like msscrt.pdf

D.

Endpoint search filename =“msscrt.pdf”

Buy Now
Questions 12

An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all

connections are properly secured.

Which connections should the administrator secure with signed SSL certificates?

Options:

A.

ATP and the Symantec Endpoint Protection Manager (SEPM)

ATP and SEP clients

Web access to the GUI

B.

ATP and the Symantec Endpoint Protection Manager (SEPM)

ATP and SEP clients

ATP and Email Security.cloud

Web access to the GUI

C.

ATP and the Symantec Endpoint Protection Manager (SEPM)

D.

ATP and the Symantec Endpoint Protection Manager (SEPM)

Web access to the GUI

Buy Now
Questions 13

What should an Incident Responder do to mitigate a false positive?

Options:

A.

Add to Whitelist

B.

Run an indicators of compromise (IOC) search

C.

Submit to VirusTotal

D.

Submit to Cynic

Buy Now
Questions 14

An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP

manager.

Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)

Options:

A.

An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.

B.

A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.

C.

A network share is repeatedly accessed during and after an infection indicating a more targeted attack.

D.

A malicious file that was repeatedly downloaded by a Trojan or downloader that infected multiple

endpoints.

E.

An external website that was the source of many malicious files.

Buy Now
Questions 15

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

Options:

A.

Use the isolation command in ATP to move endpoint to quarantine network.

B.

Blacklist suspicious domain in the ATP manager.

C.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

D.

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

E.

traffic to the domain.

F.

Run a full system scan on all endpoints

Buy Now
Questions 16

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

Options:

A.

Does the organization need to do a healthcheck in the environment?

B.

Are certain endpoints being repeatedly attacked?

C.

Is the organization being attacked by this external entity repeatedly?

D.

Do ports need to be blocked or opened on the firewall?

E.

Does a risk assessment need to happen in the environment?

Buy Now
Questions 17

How can an Incident Responder generate events for a site that was identified as malicious but has NOT

triggered any events or incidents in ATP?

Options:

A.

Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager

(SEPM).

B.

Run an indicators of compromise (IOC) search in ATP manager.

C.

Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that

blocks traffic to the domain.

D.

Add the site to a blacklist in ATP manager.

Buy Now
Questions 18

Malware is currently spreading through an organization’s network. An Incident Responder sees some

detections in SEP, but there is NOT an apparent relationship between them.

How should the responder look for the source of the infection using ATP?

Options:

A.

Check for the file hash for each detection

B.

Isolate a system and collect a sample

C.

Submit the hash to Virus Total

D.

Check of the threats are downloaded from the same domain or IP by looking at incidents

Buy Now
Questions 19

What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?

Options:

A.

ATP will continue to block previously blacklisted addresses but NOT new ones.

B.

ATP does NOT block access to blacklisted addresses unless block mode is enabled.

C.

ATP will clear the existing blacklists.

D.

ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.

Buy Now
Questions 20

Which level of privilege corresponds to each ATP account type?

Match the correct account type to the corresponding privileges.

250-441 Question 20

Options:

Buy Now