Symantec Administration of Symantec Advanced Threat Protection 3.0 - 250-441 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.
In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

A. The responder needs to add the file to a whitelist B. The responder needs to isolate it from the network C. The responder needs to analyze with Cynic D. The responder needs to write firewall rules

Discussion 0

Correct Answer: C Vote an answer

Question 2

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?

A. Firewall B. System Lockdown C. Intrusion Prevention System D. SONAR

Discussion 0

Correct Answer: B Vote an answer

Question 3

How does an attacker use a zero-day vulnerability during the Incursion phase?

A. To perform network discovery on the target B. To extract sensitive information from the target C. To perform a SQL injection on an internal server D. To deliver malicious code that breaches the target

Discussion 0

Correct Answer: D Vote an answer

Question 4

An Incident Responder wants to run a database search that will list all client named starting with SYM.
Which syntax should the responder use?

A. hostname "SYM*" B. hostname like "SYM*" C. hostname "SYM" D. hostname like "SYM"

Discussion 0

Correct Answer: D Vote an answer

Question 5

An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager.
Which two entity relationship examples should the responder look for and document from the Incident Graph?
(Choose two.)

A. A malicious file that was repeatedly downloaded by a Trojan or downloader that infected multiple endpoints. B. A network share is repeatedly accessed during and after an infection indicating a more targeted attack. C. An external website that was the source of many malicious files. D. An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office. E. A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.

Discussion 0

Correct Answer: A,C Vote an answer

Question 6

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization's defenses from the inside?

A. Discovery B. Capture C. Exfiltration D. Incursion

Discussion 0

Correct Answer: A Vote an answer

Question 7

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.
Which approach allows the customer to meet this need?

A. Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic B. Use the ATP console to check whether the MD5 hash triggers a detection from Cynic C. Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic D. Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

Discussion 0

Correct Answer: B Vote an answer

Question 8

Which policies are required for the quarantine feature of ATP to work?

A. Quarantine and Intrusion Prevention Policy B. Quarantine Policy and Firewall Policy C. Firewall Policy and Host Integrity Policy D. Host Integrity Policy and Quarantine Policy

Discussion 0

Correct Answer: D Vote an answer

Question 9

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?

A. Blacklist the IRC channel IP B. Isolate the endpoint with an application control policy C. Isolate the endpoint with a Quarantine Firewall policy D. Blacklist the endpoint IP

Discussion 0

Correct Answer: D Vote an answer

Question 10

Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?

A. Create an Access Control List at the router to deny traffic. B. Analyze traffic using wire shark protocol analyzer to identify the source of the infection. C. Temporarily disconnects the local network from the Internet. D. Create a DNS a sinkhole server to block malicious traffic. E. Isolate computers so they are NOT compromised by infested computers.

Discussion 0

Correct Answer: C,E Vote an answer