Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

250-580 Endpoint Security Complete - R2 Technical Specialist Questions and Answers

Questions 4

Which SES feature helps administrators apply policies based on specific endpoint profiles?

Options:

A.

Policy Bundles

B.

Device Profiles

C.

Policy Groups

D.

Device Groups

Buy Now
Questions 5

What must be entered before downloading a file from ICDm?

Options:

A.

Name

B.

Password

C.

Hash

D.

Date

Buy Now
Questions 6

Which type of security threat is used by attackers to exploit vulnerable applications?

Options:

A.

Lateral Movement

B.

Privilege Escalation

C.

Credential Access

D.

Command and Control

Buy Now
Questions 7

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Buy Now
Questions 8

Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.

Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

Options:

A.

Allow users to save credentials when logging on

B.

Delete clients that have not connected for specified time

C.

Lock account after the specified number of unsuccessful logon attempts

D.

Allow administrators to reset passwords

Buy Now
Questions 9

Which rule types should be at the bottom of the list when an administrator adds device control rules?

Options:

A.

Specific "device type" rules

B.

Specific "device model" rules

C.

General "catch all" rules

D.

General "brand defined" rules

Buy Now
Questions 10

Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

Options:

A.

Decreasing the number of content revisions to keep

B.

Lowering the client installation log entries

C.

Rebuilding database indexes

D.

Limiting the number of backups to keep

Buy Now
Questions 11

What is the purpose of a Threat Defense for Active Directory Deceptive Account?

Options:

A.

It prevents attackers from reading the contents of the Domain Admins Group.

B.

It assigns a fake NTLM password hash value for users with an assigned AdminCount attribute.

C.

It exposes attackers as they seek to gather credential information from workstation memory.

D.

It acts as a honeypot to expose attackers as they attempt to build their AD treasure map

Buy Now
Questions 12

An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

Options:

A.

Email the App Control Admin

B.

Request an Override

C.

Install the application

D.

Wait for the Application Drift process to complete

Buy Now
Questions 13

Which designation should an administrator assign to the computer configured to find unmanaged devices?

Options:

A.

Discovery Device

B.

Discovery Manager

C.

Discovery Agent

D.

Discovery Broker

Buy Now
Questions 14

What priority would an incident that may have an impact on business be considered?

Options:

A.

Low

B.

Critical

C.

High

D.

Medium

Buy Now
Questions 15

An organization recently experienced an outbreak and is conducting a health check of the environment. What Protection Technology can the SEP team enable to control and monitor the behavior of applications?

Options:

A.

Host Integrity

B.

System Lockdown

C.

Application Control

D.

Behavior Monitoring (SONAR)

Buy Now
Questions 16

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

Options:

A.

Add a Single Risk Event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

B.

Add a Client security alert notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

C.

Add a System event notification and specify "Left Alone" for the action taken. Choose to log the notification and send an e-mail to the system administrators.

D.

Add a New risk detected notification and specify "Left Alone" for the action taken. Choose to log the notification and send an emailto the system administrators.

Buy Now
Questions 17

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Options:

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Buy Now
Questions 18

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)

Options:

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Buy Now
Questions 19

Which term or expression is utilized when adversaries leverage existing tools in the environment?

Options:

A.

opportunistic attack

B.

file-less attack

C.

script kiddies

D.

living off the land

Buy Now
Questions 20

A file has been identified as malicious.

Which feature of SEDR allows an administrator to manually block a specific file hash?

Options:

A.

Playbooks

B.

Quarantine

C.

Allow List

D.

Block List

Buy Now
Questions 21

What is an appropriate use of a file fingerprint list?

Options:

A.

Allow unknown files to be downloaded with Insight

B.

Prevent programs from running

C.

Prevent Antivirus from scanning a file

D.

Allow files to bypass Intrusion Prevention detection

Buy Now
Questions 22

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

Options:

A.

Change the custom signature order

B.

Create a Custom Intrusion Prevention Signature library

C.

Define signature variables

D.

Enable signature logging

Buy Now
Questions 23

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).

How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?

Options:

A.

10

B.

20

C.

30

D.

60

Buy Now
Questions 24

What Threat Defense for Active Directory feature disables a process's ability to spawn another process, overwrite a part of memory, run recon commands, or communicate to the network?

Options:

A.

Process Mitigation

B.

Process Protection

C.

Memory Analysis

D.

Threat Monitoring

Buy Now
Questions 25

What type of policy provides a second layer of defense, after the Symantec firewall?

Options:

A.

Virus and Spyware

B.

Host Integrity

C.

Intrusion Prevention

D.

System Lockdown

Buy Now
Questions 26

What permissions does the Security Analyst Role have?

Options:

A.

Trigger dumps, get & quarantine files, enroll new sites

B.

Search endpoints, trigger dumps, get & quarantine files

C.

Trigger dumps, get & quarantine files, create device groups

D.

Search endpoints, trigger dumps, create policies

Buy Now
Questions 27

Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?

Options:

A.

Intrusion Prevention

B.

SONAR

C.

Application and Device Control

D.

Tamper Protection

Buy Now
Questions 28

What is an appropriate use of a file fingerprint list?

Options:

A.

Allow unknown files to be downloaded with Insight

B.

Prevent programs from running

C.

Prevent Antivirus from scanning a file

D.

Allow files to bypass Intrusion Prevention detection

Buy Now
Questions 29

Which alert rule category includes events that are generated about the cloud console?

Options:

A.

Security

B.

System

C.

Diagnostic

D.

Application Activity

Buy Now
Questions 30

In what order should an administrator configure the integration between SEDR and Symantec Endpoint Protection in order to maximize their benefits?

Options:

A.

Synapse, ECC, then Insight Proxy

B.

ECC, Synapse, then Insight Proxy

C.

Insight Proxy, Synapse, then ECC

D.

ECC, Insight Proxy, then Synapse

Buy Now
Questions 31

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?

Options:

A.

Enable port scan detection

B.

Automatically block an attacker's IP address

C.

Block all traffic until the firewall starts and after the firewall stops

D.

Enable denial of service detection

Buy Now
Questions 32

What protection technologies should an administrator enable to protect against Ransomware attacks?

Options:

A.

Firewall, Host Integrity, System Lockdown

B.

IPS, SONAR, and Download Insight

C.

IPS, Firewall, System Lockdown

D.

SONAR, Firewall, Download Insight

Buy Now
Questions 33

Which other items may be deleted when deleting a malicious file from an endpoint?

Options:

A.

Registry entries that point to that file

B.

The incident related to the file

C.

SEP Policies related to that file

D.

Files and libraries that point to that file

Buy Now
Questions 34

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Options:

A.

Risk log

B.

Computer Status report

C.

Notifications

D.

Infected and At-Risk Computers report

Buy Now
Questions 35

Which IPS signature type is primarily used to identify specific unwanted network traffic?

Options:

A.

Attack

B.

Audit

C.

Malcode

D.

Probe

Buy Now
Questions 36

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?

Options:

A.

Quarantine

B.

Block

C.

Deny List

D.

Firewall

Buy Now
Questions 37

On which platform is LiveShell available?

Options:

A.

Windows

B.

All

C.

Linux

D.

Mac

Buy Now
Questions 38

Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

Options:

A.

Searching the EDR database and multiple data sources directly

B.

Viewing PowerShell processes

C.

Detecting Memory Exploits in conjunction with SEP

D.

Detonating suspicious files using cloud-based or on-premises sandboxing

Buy Now
Questions 39

What type of condition must be included in a custom incident rule in order for it to be valid?

Options:

A.

Good

B.

Rich

C.

Valid

D.

Poor

Buy Now
Questions 40

What information is required to calculate retention rate?

Options:

A.

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

B.

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

C.

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

D.

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

Buy Now
Questions 41

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?

Options:

A.

Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on the file fingerprint.

B.

Gather the process name of the file and create an Application Content Rule that blocks the file based on the device ID type.

C.

Gather the MD5 hash of the file and create an Application Content Rule that uses regular expression matching.

D.

Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on specific arguments.

Buy Now
Questions 42

What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

Options:

A.

SEDR Cloud Console

B.

Synapse

C.

SEP Endpoints

D.

SEPM

Buy Now
Questions 43

Which type of event does operation:1indicate in a SEDR database search?

Options:

A.

File Deleted.

B.

File Closed.

C.

File Open.

D.

File Created.

Buy Now
Questions 44

If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?

Options:

A.

Navigate to ICDm > Enrollment and disable the setting

B.

Unenroll the SEPM > Disable the setting > Re-enroll the SEPM

C.

Revoke policies from ICDm

D.

Revoke policies from SEPM

Buy Now
Questions 45

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

Options:

A.

File Deletion

B.

Incident Manager

C.

Isolation

D.

Endpoint Activity Recorder

Buy Now
Exam Code: 250-580
Exam Name: Endpoint Security Complete - R2 Technical Specialist
Last Update: Dec 3, 2024
Questions: 150

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now 250-580 testing engine

PDF (Q&A)

$42  $104.99
buy now 250-580 pdf