250-428 Online Practice Questions and Answers

An administrator is unknowingly trying to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system. Drag and drop the technologies to the right side of the screen in the sequence necessary to block or detect the malicious file.

Select and Place:

A company needs to configure an Application and Device Control policy to block read/write access to all USB removable media on its Symantec Endpoint Protection (SLP) systems. Which tool should an administrator use to format the GUID and device IDs as required by SEP?

A. CheckSum.exe

B. DevViewer.exe

C. TaskMgr.exe

D. DeviceTree.exe

Which two options are available when configuring DNS change detected for SONAR? (Select two.)

A. Block

B. Active Response

C. Quarantine

D. Log

E. Trace

When can an administrator add a new replication partner?

A. immediately following the first LiveUpdate session of the new site

B. during a Symantec Endpoint Protection Manager upgrade

C. during the initial install of the new site

D. immediately following a successful Active Directory sync

Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?

A. Host Integrity Policy

B. Virus and Spyware Protection Policy

C. Exceptions Policy

D. Application and Device Control Policy

In addition to performance improvements, which two benefits does Insight provide? (Select two.)

A. Reputation scoring for documents

B. Zero-day threat detection

C. Protection against malicious java scripts

D. False positive mitigation

E. Blocking of malicious websites

What are two methods the SEP Administrator can use for gathering a fingerprint list? (Choose two.)

A. GatherSymantecInfo

B. DevViewer

C. Checksum

D. DeviceInf

E. Get File Fingerprint list command

What is the difference between a Block versus a Terminate action, when creating an Application Control rule?

A. A Block action prevents a child process from running. A Terminate action kills the application making the request or the caller process.

B. A Block action excludes the child process from being scanned. A Terminate action prevents the process from running.

C. A Block action places the process in Quarantine. A Terminate action kills the application making the request or the caller process.

D. A Block action prevents the process to be left alone. A Terminate action prevents the process from running.

Where could a SEP Administrator specify a notice to display before logging onto the Symantec Endpoint Protection Manager?

A. Add banner title and banner text under the Logon Banner

B. Once a month

C. Everyday

D. Every two weeks

Solusell recently deployed SEP 14 in their environment and created the following groups for their computers: Desktops Laptops Servers

What type of group structure does Solusell use?

A. Role

B. Combination

C. Folder

D. Geography