Filters
Question type
Study Flashcards

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose two.)


A) Policies page
B) Action Manager
C) Syslog
D) Incident Manager
E) Indicators of compromise (IOC) search

F) None of the above
G) C) and E)

Correct Answer

verifed

verified

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What must be populated to generate this report?


A) remediation attributes
B) sender correlations
C) status groups
D) custom attributes

E) B) and D)
F) None of the above

Correct Answer

verifed

verified

Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)


A) Configure a SIEM feed from the portal to the ATP environment
B) Configure email reports on convictions
C) Submit false positive and false negative files
D) Query hashes
E) Submit hashes to Insight

F) B) and E)
G) B) and C)

Correct Answer

verifed

verified

Ten test agents are being deployed that use an uninstall password required to uninstall the DLP Agent. The agents deploy and install correctly. Upon testing to remove the Agent, the uninstall password fails to work. The deployment team used 'Symantec' for the UninstallPasswordKey. Why does the uninstall fail when using the same password?


A) uninstall passwords are restricted from containing the word 'Symantec'
B) the UninstallPwdKeyGenerator must be used to create an UninstallPasswordKey
C) the PGPsdk.dll file was missing when the key was created
D) the uninstall agent password needs to match the uninstall password key

E) A) and D)
F) All of the above

Correct Answer

verifed

verified

A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information. Which underlying technology should the company use?


A) Vector Machine Learning (VML)
B) Described Content Matching (DCM)
C) Indexed Document Matching (IDM)
D) Exact Data Matching (EDM)

E) A) and B)
F) B) and C)

Correct Answer

verifed

verified

You have a Storage Foundation 5.0 server named SrvA connected to SrvB, which is a cloned server of SrvA. SrvA is able to recognize the quick I/O (QIO) files. However, SrvB is unable to recognize the quick I/O files. You have ensured that the file systems are the same on both the servers. You want to ensure SrvB is able to recognize the quick I/O files. What should you do? (Select two. Each correct answer presents part of the solution.)


A) Check the file system on both the servers.
B) Restart the Oracle instance to recognize the Quick I/O file.
C) Enable the Quick I/O on SrvB.
D) Enable the Quick I/O on SrvA.
E) Apply a new license for the cloned server, SrvB.

F) D) and E)
G) A) and E)

Correct Answer

verifed

verified

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?


A) Capture
B) Incursion
C) Discovery
D) Exfiltration

E) B) and C)
F) A) and B)

Correct Answer

verifed

verified

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?


A) The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
B) The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
C) The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
D) The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

You are working on a Storage Foundation 5.0 server named Srv1 that has a disk group named vol1. You install another Storage Foundation 5.0 server named Srv2. You want to successfully move the disk group from Srv1 to Srv2. To initiate the movement, you stop all volumes in the disk group, and deport and move all disks to Srv2. What should you do next?


A) Start the volumes in the disk group.
B) Format the disk group.
C) Recognize the disks using VxVM.
D) Create a new disk group.

E) None of the above
F) All of the above

Correct Answer

verifed

verified

Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?


A) ATP: Email
B) ATP: Endpoint
C) ATP: Network
D) ATP: Roaming

E) None of the above
F) A) and C)

Correct Answer

verifed

verified

Which two options are available when selecting an incident for deletion?  (Select two.)


A) delete the incident completely
B) delete the original message and retain the incident
C) delete the incident and retain the original message
D) delete the incident and export incident details to .CSV file
E) delete all attachments or files and export incident to .XML file

F) A) and D)
G) All of the above

Correct Answer

verifed

verified

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats. Which two objects in the STIX report will ATP search against? (Choose two.)


A) SHA-256 hash
B) MD5 hash
C) MAC address
D) SHA-1 hash
E) Registry entry

F) A) and B)
G) A) and D)

Correct Answer

verifed

verified

A file system encounters an error during VxVM operations. The error "VxVM vxio WARMINIG V-5-0-144 Double failure condition detected on RAID-5 volume" is displayed in the file system. How should you resolve this error?


A) By correcting the hardware failure and recovering the volume using the vxrecover command.
B) By checking the underlying hardware to recover the desired path.
C) By creating a new log plex and attaching it with the volume to restore RAID-5 logging to a RAID-5 volume.
D) By rebooting the computer.

E) C) and D)
F) A) and C)

Correct Answer

verifed

verified

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode. What should the Incident Responder do to stop the traffic to the IRC channel?


A) Isolate the endpoint with a Quarantine Firewall policy
B) Blacklist the IRC channel IP
C) Blacklist the endpoint IP
D) Isolate the endpoint with an application control policy

E) None of the above
F) All of the above

Correct Answer

verifed

verified

Which process should never be configured on external DNS servers? (Choose the best answer.)


A) Bypass the ProxySG's cache
B) Use DNS imputing
C) Perform lookups on internal servers
D) Perform reverse DNS lookups

E) All of the above
F) B) and C)

Correct Answer

verifed

verified

Which incidents appear in the Network Incident List report when the Network Prevent Action filter is set to Modified?


A) incidents in which confidential content was removed from the body of an SMTP email
B) incidents in which an SMTP email was changed to include one or more SMTP headers
C) incidents in which digital rights were applied to SMTP email attachments containing confidential information
D) incidents in which confidential attachments were removed from an SMTP email

E) None of the above
F) B) and D)

Correct Answer

verifed

verified

Which service setting determines whether the traffic is passed to the SSL proxy or the HTTP proxy when a browser is configured to use an explicit proxy connection to the ProxySG? (Choose the best answer.)


A) Enable SSL/TLS
B) Detect protocol
C) Authenticate-401
D) Forward client cert

E) B) and D)
F) All of the above

Correct Answer

verifed

verified

While encapsulating a disk, you discover that a volume is removed as a part of the existing configuration. You want to restore the data on the disk as it was before removal of the disk. As the first step, you recreate the volume using the vxdg make command. What should you do next?


A) Replace the disk
B) Restore the plexes on the volume
C) Restore the data on the volume
D) Start the hot-relocation process

E) A) and B)
F) B) and D)

Correct Answer

verifed

verified

Which two (2) items are considered external dependencies? (Choose two.)


A) Policy
B) DNS
C) CPU
D) Authentication
E) Memory

F) A) and E)
G) D) and E)

Correct Answer

verifed

verified

You need to create a new volume. The new volume will only use disks on controller 1. You want to execute the vxassist command with the ctlr:c1 storage attribute. You want to ensure that the command provides desired output. What should you ensure to meet the required goal?


A) Ensure that storage attribute is a part of the disk group.
B) Ensure that storage attribute is a part of the plex.
C) Ensure that storage attribute is a part of the disk.
D) Ensure that storage attribute is a part of the volume.

E) A) and D)
F) B) and C)

Correct Answer

verifed

verified

Showing 81 - 100 of 409

Related Exams

Exam 1

Administration of Symantec Endpoint Protection 14 (Broadcom)

165 Questions

Exam 2

Administration of Symantec Email Security.cloud (v1)

113 Questions

Exam 3

Administration of Symantec Data Loss Prevention 12 (Broadcom)

98 Questions

Exam 4

Administration of Symantec ProxySG 6.7

138 Questions

Show Answer