What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
A. Add a Quarantine firewall policy for non-compliant and non-remediated computers.
B. Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
C. Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).
D. Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
E. Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?
A. Reputation-based security
B. Event correlation
C. Network detection component
D. Detonation/sandbox
Which threat is an example of an Advanced Persistent Threat (APT)?
A. Loyphish
B. Aurora
C. ZeroAccess
D. Michelangelo
What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?
A. ATP will continue to block previously blacklisted addresses but NOT new ones.
B. ATP does NOT block access to blacklisted addresses unless block mode is enabled.
C. ATP will clear the existing blacklists.
D. ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.
Which two ATP control points are able to report events that are detected using Vantage? Enter the two control point names:
A. ATP: network ATP: Endpoint
Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as "finding incursions"?
A. Protect
B. Identify
C. Respond
D. Detect
ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?
A. Perform a healthcheck of ATP
B. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C. Use ATP to isolate non-SEP protected computers to a remediation VLAN
D. Rejoin the endpoints back to the network after completing a final virus scan
What should an Incident Responder do to mitigate a false positive?
A. Add to Whitelist
B. Run an indicators of compromise (IOC) search
C. Submit to VirusTotal
D. Submit to Cynic
Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?
A. Email Protect (antivirus and anti-spam)
B. Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)
C. Symantec Messaging Gateway
D. Skeptic
An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.
In which scenario should the Incident Responder copy a suspicious file to the ATP file store?
A. The responder needs to analyze with Cynic
B. The responder needs to isolate it from the network
C. The responder needs to write firewall rules
D. The responder needs to add the file to a whitelist