最新的Symantec Certified Specialist認證 250-441考試題庫

問題1

Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)

A. Diagnose the files as a threat based on the file names

B. Submit the files to Security Response

C. Analyze suspicious code with Cynic

D. Double-click to open the files

E. Email the files to Symantec Technical Support

正確答案: C,D

問題2

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?

A. 1433

B. 8446

C. 8014

D. 8081

正確答案: D

問題3

Which detection method identifies a file as malware after SEP has queried the file's reputation?

A. insight

B. Vantage

C. Skeptic

D. Cynic

正確答案: A

問題4

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

A. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

B. It ensures that the Incident is resolved, and the responder can clean up the infection.

C. It ensures that the Incident is resolved, and the responder can determine the best remediation method.

D. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.

正確答案: D

問題5

Where can an Incident Responder view Cynic results in ATP?

A. Incident Details

B. File Details

C. Events

D. Dashboard

正確答案: A

問題6

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

A. Report the users to their manager for unauthorized usage of company resources

B. Find and blacklist the P2P client application

C. Blacklist the endpoints

D. Blacklist the domains and IP associated with the malicious traffic

E. Isolate the endpoints

正確答案: B,E

問題7

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

A. Do ports need to be blocked or opened on the firewall?

B. Are certain endpoints being repeatedly attacked?

C. Does the organization need to do a healthcheck in the environment?

D. Does a risk assessment need to happen in the environment?

E. Is the organization being attacked by this external entity repeatedly?

正確答案: B,D

問題8

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)

A. Database hostname

B. Database domain name

C. Database IP address

D. Database name

E. Database version

正確答案: A,C

問題9

Malware is currently spreading through an organization's network. An Incident Responder sees some detections in SEP, but there is NOT an apparent relationship between them.
How should the responder look for the source of the infection using ATP?

A. Check for the file hash for each detection

B. Submit the hash to Virus Total

C. Isolate a system and collect a sample

D. Check of the threats are downloaded from the same domain or IP by looking at incidents

正確答案: D

問題10

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

A. Discovery

B. Capture

C. Exfiltration

D. Incursion

正確答案: D

最新的Symantec Administration of Symantec Advanced Threat Protection 3.0 - 250-441免費考試真題

最新更新

站內鏈接

聯系我們