Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Symantec
  3. Endpoint Protection 14
  4. 250-428
  5. Administration of Symantec Endpoint Protection 14 Questions and Answers

250-428 Administration of Symantec Endpoint Protection 14 Questions and Answers

Questions 4

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

Options:

A.

Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

B.

Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line

C.

Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.

D.

Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.

Buy Now
Questions 5

Which tool should an administrator use to discover and deploy the Symantec Endpoint Protection client to new computers?

Options:

A.

Unmanaged Detector

B.

Client Deployment Wizard

C.

Communication Update Package Deployment

D.

Symantec Endpoint Discovery Tool

Buy Now
Questions 6

What does SONAR use to reduce false positives?

Options:

A.

Virus and Spyware definitions

B.

Extended File Attributes (EFA) table

C.

File Fingerprint list

D.

Symantec Insight

Buy Now
Questions 7

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Options:

A.

Infected and At Risk Computers report

B.

Risk log

C.

Notifications

D.

Computer Status report

Buy Now
Questions 8

An organization needs to add a collection of DNS host names to permit in the firewall policy.

How Should the SEP Administrator add these DNS host names as a single rule in the firewall policy?

Options:

A.

Create a Most Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Source/ Destination

B.

Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Local/ Remote.

C.

Create a Host Group and add the DNS host names. Then create a firewall rule with the new Host Group as the Local/Remote

D.

Create a Host Group and add the DNS domain. Then create a firewall rule with the new Host Group as the Source/ Destination

Buy Now
Questions 9

Which setting can an administrator change that will result in the greatest impact on the speed of delivery of Symantec Endpoint Protection policy changes to the endpoints?

Options:

A.

Download randomization

B.

Heartbeat interval

C.

LiveUpdate scheduling frequency

D.

Reconnection preferences

Buy Now
Questions 10

A Symantec Endpoint Protection administrator needs to comply with a service level agreement stipulating that all definitions must be internally quality assurance tested before being deployed to customers.

Which step should the administrator take?

Options:

A.

install a LiveUpdate Administrator Server

B.

install a Shared Insight Cache Server

C.

install a Group Update Provider (GUP) to the existing site

D.

install a Symantec Protection Center

Buy Now
Questions 11

A large software company runs a small engineering department that is remotely located over a slow WAN connection.

Which option should the company use to install an exported Symantec Endpoint Protection (SEP) package to the remote site using the smallest amount of network bandwidth?

Options:

A.

a SEP package using Basic content

B.

a SEP package using a policy defined Single Group Update Provider (GUP)

C.

a SEP package using a policy defined Multiple Group Update Provider (GUP) list

D.

a SEP package using the Install Packages tab

Buy Now
Questions 12

Which command attempts to find the name of the drive in the private region and to match it to a disk media record that is missing a disk access record?

Options:

A.

vxdisk

B.

vxdctl

C.

vxreattach

D.

vxrecover

Buy Now
Questions 13

A Symantec Endpoint Protection (SEP) client uses a management server list with three management servers in the priority 1 list.

Which mechanism does the SEP client use to select an alternate management server if the currently selected management server is unavailable?

Options:

A.

The client chooses the next server alphabetically by server name.

B.

The client chooses another server alphabetically in the list randomly.

C.

The client chooses a server with the next highest IP address.

D.

The client chooses a server based on the lowest server load.

Buy Now
Questions 14

Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?

Options:

A.

Intrusion Prevention

B.

SONAR

C.

Tamper Protection

D.

Application and Device Control

Buy Now
Questions 15

A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client ' s system.

In which feature set order must the threat pass through to successfully infect the system?

Options:

A.

Download Insight, Firewall, IPS

B.

Firewall, IPS, Download Insight

C.

IPS, Firewall, Download Insight

D.

Download Insight, IPS, Firewall

Buy Now
Questions 16

An organization is troubleshooting a false positive detection with WS.Respulation.1 Signature on an unmanaged SEP client.

What are the steps to create an exclusion on the unmanaged SEP Client?

Options:

A.

In the Symantec Endpoint Protection Client, click on View logs and select Virus And SEP ware Protection - > View Logs > Open the Risk Log and Select the log entry for the false positive. Click Export.

B.

In the Symantec Endpoint Protection Client, client on Change Settings and select Exceptions - > Configure Settings. Choose Add and select SONAR Exception.

C.

In the Symantec Endpoint Protection Client, client on Change Settings and selects Exceptions - > Configure Settings. Choose Add and select Security Exception.

D.

In the Symantec Endpoint Protection Client, client on Change Settings and select Exceptions - > Configure Settings. Choose Add and select Application Exception.

Buy Now
Questions 17

Which Symantec Endpoint Protection defense mechanism provides protection against threats that propagate from system to system through the use of autorun.inf files?

Options:

A.

Host Integrity

B.

SONAR

C.

Application and Device Control

D.

Emulator

Buy Now
Questions 18

Which step is unnecessary when an administrator creates an application rule set?

Options:

A.

define a provider

B.

select a process to apply

C.

select a process to exclude

D.

define rule order

Buy Now
Questions 19

Which two are policy types within the Symantec Endpoint Protection Manager? (Select two.)

Options:

A.

Intrusion Prevention

B.

Exceptions

C.

Process Control

D.

Shared Insight

E.

Host Protection

Buy Now
Questions 20

Why is Notepad unable to save the changes to the file in the image below?

250-428 Question 20

Options:

A.

SONAR High Risk detection is set to Block

B.

SONAR is set to block host file modifications.

C.

Tamper Protection is preventing Notepad from modifying the host file.

D.

System Lockdown is enabled.

Buy Now
Questions 21

An administrator is unable to delete a location.

What is the likely cause?

Options:

A.

The location currently contains clients.

B.

Criteria is defined within the location.

C.

The administrator has client control enabled.

D.

The location is currently assigned as the default location.

Buy Now
Questions 22

A threat was detected by Auto-Protect on a client system.

Which command can an administrator run to determine whether additional threats exist?

Options:

A.

Restart Client Computer

B.

Update Content and Scan

C.

Enable Network Threat Protection

D.

Enable Download Insight

Buy Now
Questions 23

Which object in the Symantec Endpoint Protection Manager console describes the most granular level to which a policy can be assigned?

Options:

A.

Group

B.

Computer

C.

User

D.

Client

Buy Now
Questions 24

An organization recently experienced a definition storm where clients downloaded full definition packages from the management server.

Where can the SEPM increase the amount of content revisions so that clients with older content can get delta updates?

Options:

A.

Click on Policies and select LiveUpdate. Edit the LiveUpdate Content policy.

B.

Edit the Site Properties and under the LiveUpdate tab, edit the amount of content revisions to keep.

C.

Click on Policies and select LiveUpdate. Edit the LiveUpdate Settings policy.

D.

Edit the Server Properties and under the LiveUpdate tab, edit the amount of content revisions to keep.

Buy Now
Questions 25

What report should a SEP administrator utilize to verify that Clients are connected to the management server?

Options:

A.

Client Inventory

B.

Client Online Status

C.

Client Migration

D.

Audit report

Buy Now
Questions 26

An organization has several remote location with minimum bandwidth and would like to use a content distribution method that does NOT involve configuring as internal LiveUpdate server.

What content distribution method should be utilized?

Options:

A.

External LiveUpdate

B.

Management Server

C.

Intelligent Updater

D.

Group Update Provider

Buy Now
Questions 27

An administrator configures the scan duration for a scheduled scan. The scan fails to complete in the specified time period.

When will the next scheduled scan occur on the computer?

Options:

A.

When the computer restarts

B.

At the next scheduled scan period

C.

Within the next hour

D.

When the user restarts the scan

Buy Now
Questions 28

Where can an administrator obtain the Sylink.xml file?

Options:

A.

C:\Program Files\Symantec\Symantec Endpoint Protection\ folder on the client

B.

C:\Program Files\Symantec\Symantec Endpoint Protection\Manager\data\inbox\agent\ folder on the Symantec Endpoint Protection Manager

C.

by selecting the client group and exporting the communication settings in the Symantec Endpoint Protection Manager Console

D.

by selecting the location and exporting the communication settings in the Symantec Endpoint Protection Manager Console

Buy Now
Questions 29

What is a valid Symantec Endpoint Protection (SEP) single site design?

Options:

A.

Multiple MySQL databases

B.

One Microsoft SQL Server database

C.

One Microsoft SQL Express database

D.

Multiple embedded databases

Buy Now
Questions 30

Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.

Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

Options:

A.

allow users to save credentials when logging on

B.

delete clients that have not connected for specified time

C.

lock account after the specified number of unsuccessful logon attempts

D.

allow administrators to reset the passwords

Buy Now
Questions 31

A company deploys Symantec Endpoint Protection (SEP) to50 virtual machines running on a single ESXi host.

Which configuration change can the administrator make to minimize sudden IOPS impact on the ESXi server while each SEP endpoint communicates with the Symantec Endpoint Protection Manager?

Options:

A.

Reduce number of content revisions to keep

B.

Increase download randomization window

C.

Reduce the heartbeat interval

D.

Increase Download Insight sensitivity level

Buy Now
Questions 32

Which two criteria should an administrator use when defining Location Awareness for the Symantec Endpoint Protection (SEP) client? (Select two.)

Options:

A.

NIC description

B.

SEP domain

C.

geographic location

D.

WINS server

E.

Network Speed

Buy Now
Questions 33

A Symantec Endpoint Protection Manager (SEPM) administrator notices performance issues with the SEPM server. The Client tab becomes unresponsive in the SEPM console and .DAT files accumulate in the “agentinfo” folder.

Which tool should the administrator use to gather log files to submit to Symantec Technical Support?

Options:

A.

collectLog.cmd

B.

LogExport.exe

C.

smc.exe

D.

ExportLog.vbs

Buy Now
Questions 34

A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.

Where should the administrator adjust the time to block the attacking computer?

Options:

A.

In the group policy, under External Communication settings

B.

In the group policy, under Communication settings

C.

In the firewall policy, under Protection and Stealth

D.

In the firewall policy, under Built in Rules

Buy Now
Questions 35

An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.

Which action should the administrator take to ensure that the desired setting is in place on the client?

Options:

A.

Restart the client system.

B.

Enable the padlock next to the setting in the policy.

C.

Run a command on the computer to Update Content

D.

Withdraw the Virus and Spyware Protection policy

Buy Now
Questions 36

A financial company enforces a security policy that prevents banking system workstations from connecting to the Internet.

Which Symantec Endpoint Protection technology is ineffective on this company ' s workstations?

Options:

A.

Insight

B.

Intrusion Prevention

C.

Network Threat Protection

D.

Browser Intrusion Prevention

Buy Now
Questions 37

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

Options:

A.

Tomcat

B.

Apache Web Server

C.

Group Update Provider (GUP)

D.

SQL Server

Buy Now
Questions 38

Which feature reduces the impact of Auto-Protect on a virtual client guest operating system?

Options:

A.

Network Shared Insight Cache

B.

Scan Randomization

C.

Virtual Shared Insight Cache

D.

Virtual Image Exception

Buy Now
Questions 39

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive delta content packages instead of full content packages?

Options:

A.

10

B.

30

C.

20

D.

60

Buy Now
Questions 40

Why does Power Eraser need Internet access?

Options:

A.

Validate root certificates on all portable executables (PXE) files

B.

Leverage Symantec Insight

C.

Ensure the Power Eraser tool is the latest release

D.

Look up CVE vulnerabilities

Buy Now
Exam Code: 250-428
Exam Name: Administration of Symantec Endpoint Protection 14
Last Update: Apr 30, 2026
Questions: 135

PDF + Testing Engine

$63.52  $181.49
buy now 250-428 pdf + testing engine

Testing Engine

$50.57  $144.49
buy now 250-428 testing engine

PDF (Q&A)

$43.57  $124.49
buy now 250-428 pdf