Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free Symantec 250-441 Practice Exam with Questions & Answers | Set: 3

Questions 21

An Incident Responder observers and incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?

How should the Incident responder proceed?

Options:
A.

Whitelist the domain and close the incident as a false positive

B.

Identify the pieces of malware and blacklist them, then notify the supplier

C.

Blacklist the domain and IP of the attacking site

D.

Notify the supplier and block the site on the external firewall

Symantec 250-441 Premium Access
Questions 22

Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details

page? (Choose two.)

Options:
A.

Affected Endpoints

B.

Dashboard

C.

Incident Graph

D.

Events View

E.

Actions Bar

Questions 23

Which two ATP control points are able to report events that are detected using Vantage?

Enter the two control point names:

Options:
Questions 24

Which threat is an example of an Advanced Persistent Threat (APT)?

Options:
A.

Zeus

B.

Melissa

C.

Duqu

D.

Code Red

Questions 25

Which best practice does Symantec recommend with the Endpoint Detection and Response feature?

Options:
A.

Create a unique Cynic account to provide to ATP

B.

Create a unique Symantec Messaging Gateway account to provide to ATP

C.

Create a unique Symantec Protection Manager (SEPM) administrator account to provide to ATP

D.

Create a unique Email Security.cloud portal account to provide to ATP

Questions 26

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose

two.)

Options:
A.

Policies page

B.

Action Manager

C.

Syslog

D.

Incident Manager

E.

Indicators of compromise (IOC) search

Questions 27

Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)

Options:
A.

Analyze suspicious code with Cynic

B.

Email the files to Symantec Technical Support

C.

Double-click to open the files

D.

Diagnose the files as a threat based on the file names

E.

Submit the files to Security Response

Questions 28

Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as “finding

incursions”?

Options:
A.

Protect

B.

Identify

C.

Respond

D.

Detect

Exam Code: 250-441
Certification Provider: Symantec
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Mar 23, 2025
Questions: 96

How to Pass 250-441 Exams

PDF + Testing Engine
$164.99
$57.75
Add to Cart
Testing Engine
$124.99
$43.75
Add to Cart
PDF (Q&A)
$104.99
$36.75
Add to Cart

Symantec Related Exams

How to pass Symantec 250-445 - Administration of Symantec Email Security.cloud - v1 Exam
How to pass Symantec 250-556 - Administration of Symantec ProxySG 6.7 Exam
How to pass Symantec 250-586 - Endpoint Security Complete Implementation - Technical Specialist Exam
250-576 - Mainframe Academy Core 2 Exam V1
250-571 - Endpoint Detection and Response 4.x Technical Specialist
250-567 - Performance Management 3.x Technical Specialist
250-433 - Administration of Blue Coat Security Analytics 7.2
250-579 - Email Security.cloud R2 Technical Specialist
250-426 - Administration of Data Center Security - Server Advanced 6.7
250-566 - APM 10.x Technical Specialist
Symantec Free Access
Get Symantec Full Access

Symantec Free Exams
Symantec Free Exams
Get the best free Symantec exam study materials and practice tests at Examstrack. Perfect your Symantec preparation by visiting Examstrack.