Leads4pass > Symantec > Symantec Certifications > 250-441 > 250-441 Online Practice Questions and Answers

250-441 Online Practice Questions and Answers

Questions 4

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

A. Add a Quarantine firewall policy for non-compliant and non-remediated computers.

B. Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.

C. Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).

D. Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).

E. Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

Buy Now
Questions 5

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

A. Reputation-based security

B. Event correlation

C. Network detection component

D. Detonation/sandbox

Buy Now
Questions 6

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Loyphish

B. Aurora

C. ZeroAccess

D. Michelangelo

Buy Now
Questions 7

What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?

A. ATP will continue to block previously blacklisted addresses but NOT new ones.

B. ATP does NOT block access to blacklisted addresses unless block mode is enabled.

C. ATP will clear the existing blacklists.

D. ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.

Buy Now
Questions 8

Which two ATP control points are able to report events that are detected using Vantage? Enter the two control point names:

A. ATP: network ATP: Endpoint

Buy Now
Questions 9

Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as "finding incursions"?

A. Protect

B. Identify

C. Respond

D. Detect

Buy Now
Questions 10

ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

Which step should the Incident Response team incorporate into their plan of action?

A. Perform a healthcheck of ATP

B. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

C. Use ATP to isolate non-SEP protected computers to a remediation VLAN

D. Rejoin the endpoints back to the network after completing a final virus scan

Buy Now
Questions 11

What should an Incident Responder do to mitigate a false positive?

A. Add to Whitelist

B. Run an indicators of compromise (IOC) search

C. Submit to VirusTotal

D. Submit to Cynic

Buy Now
Questions 12

Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?

A. Email Protect (antivirus and anti-spam)

B. Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)

C. Symantec Messaging Gateway

D. Skeptic

Buy Now
Questions 13

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

A. The responder needs to analyze with Cynic

B. The responder needs to isolate it from the network

C. The responder needs to write firewall rules

D. The responder needs to add the file to a whitelist

Buy Now
Exam Code: 250-441
Exam Name: Administration of Symantec Advanced Threat Protection 3.0
Last Update: Jul 09, 2026
Questions: 95
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99