250-580問題集、Symantec実際の試験問題

質問 1

Which technology can prevent an unknown executable from being downloaded through a browser session?

A. Intrusion Prevention

B. Advanced Machine Learning

C. Application Control

D. Insight

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 2

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

A. 20

B. 30

C. 60

D. 10

正解: B

解説: (PassTest メンバーにのみ表示されます)

質問 3

What protection technologies should an administrator enable to protect against Ransomware attacks?

A. IPS, Firewall, System Lockdown

B. Firewall, Host Integrity, System Lockdown

C. IPS, SONAR, and Download Insight

D. SONAR, Firewall, Download Insight

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 4

Why is Active Directory a part of nearly every targeted attack?

A. AD administrationis managed by weak legacy APIs.

B. AD exposes all of its identities, applications, and resources to every endpoint in the network

C. AD user attribution includes hidden elevated admin privileges

D. AD is, by design, an easily accessed flat file name space directory database

正解: B

解説: (PassTest メンバーにのみ表示されます)

質問 5

In which phase of the MITRE framework would attackers exploit faults in software to directly tamper with system memory?

A. Execution

B. Exfiltration

C. Defense Evasion

D. Discovery

正解: A

解説: (PassTest メンバーにのみ表示されます)

質問 6

An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.
What is the likely problem?

A. The Learn applications that run on the client computer setting are disabled.

B. The Symantec Endpoint Protection Manager is installed on a Domain Controller.

C. The clients are in a trusted Symantec Endpoint Protection domain.

D. The client computers already have exclusions for the applications.

正解: A

解説: (PassTest メンバーにのみ表示されます)

質問 7

The Behavioral Heat Map indicates that a specific application and a specific behavior are never used together.
What action can be safely set for the application behavior in a Behavioral Isolation policy?

A. Allow

B. Deny

C. Monitor

D. Delete

正解: B

解説: (PassTest メンバーにのみ表示されます)

質問 8

A company uses a remote administration tool that is detected as Hacktool.KeyLoggPro and quarantined by Symantec Endpoint Protection (SEP).
Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

A. Create a Known Risk exception for the tool

B. Create an Application to Monitor exception for the tool

C. Create a Tamper Protect exception for the tool

D. Create a SONAR exception for the tool

正解: A

解説: (PassTest メンバーにのみ表示されます)

質問 9

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

A. Add a Client security alert notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

B. Add a New risk detected notification and specify "Left Alone" for the action taken. Choose to log the notification and send an emailto the system administrators.

C. Add a System event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

D. Add a Single Risk Event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 10

What does a medium-priority incident indicate?

A. The incident can safely be ignored

B. The incident does not affect critical business operation

C. The incident can result in a business outage

D. The incident may have an impact on the business

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 11

What does an Endpoint Activity Recorder (EAR) full dump consist of?

A. All of the recorded events that are in the SEDR database

B. All of the recorded events that occurred on an endpoint relating to a single process

C. All of the recorded events that occurred on an endpoint relating to a single file

D. All of the recorded events that occurred on an endpoint

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 12

Which option should an administrator utilize to temporarily or permanently block a file?

A. Encrypt

B. Delete

C. Hide

D. Deny List

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 13

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.
Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

A. SQL Server

B. Apache Web Server

C. Tomcat

D. Group Update Provider (GUP)

正解: C

解説: (PassTest メンバーにのみ表示されます)

Symantec Endpoint Security Complete - Administration R2 - 250-580 模擬練習