Administration of Symantec Endpoint Protection 14 v1.0

Page:    1 / 6   
Exam contains 89 questions

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.
Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

  • A. Tomcat
  • B. Apache Web Server
  • C. Group Update Provider (GUP)
  • D. SQL Server


Answer : A

What is a function of Symantec Insight?

  • A. Provides reputation ratings for binary executables.
  • B. Enhances the capability of Group Update Providers (GUP)
  • C. Provides reputation ratings for structured data
  • D. Increases the efficiency and effectiveness of LiveUpdate


Answer : A

Which two options are available when configuring DNS change detections for SONAR? (Select two.)

  • A. Log
  • B. Quarantine
  • C. Block
  • D. Active Response
  • E. Trace


Answer : AC

How are Insight results stored?

  • A. Encrypted on the Symantec Endpoint Protection Client
  • B. Unencrypted on the Symantec Endpoint Protection Manager
  • C. Encrypted on the Symantec Endpoint Protection Manager
  • D. Unencrypted on the Symantec Endpoint Protection Client


Answer : A

Which option is unavailable in the Symantec Endpoint Protection console to run a command on the group menu item?

  • A. Disable SONAR
  • B. Scan
  • C. Disable Network Threat Protection
  • D. Update content and scan


Answer : A

A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.
Where should the administrator adjust the time to block the attacking computer?

  • A. In the group policy, under External Communication settings
  • B. In the group policy, under Communication settings
  • C. In the firewall policy, under Protection and Stealth
  • D. In the firewall policy, under Built in Rules


Answer : C

Which option is a function of the Symantec Endpoint Protection client?

  • A. Sends and receives application reputation ratings from LiveUpdate
  • B. Uploads logs to the Shared Insight Cache
  • C. Downloads virus content updates from Symantec Insight
  • D. Provides a Lotus Notes email scanner


Answer : D

References: https://support.symantec.com/en_US/article.TECH95093.html

Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

  • A. Another scan is in progress.
  • B. The detected file is in use.
  • C. The file has good reputation.
  • D. There are insufficient file permissions.
  • E. The file is marked for deletion by Windows on restart.


Answer : BD

A company has 10,000 Symantec Endpoint Protection (SEP) clients deployed using two Symantec Endpoint Protection Managers (SEPMs).
Which configuration is recommended to ensure that each SEPM is able to effectively handle the communications load with the SEP clients?

  • A. Pull mode
  • B. Push mode
  • C. Server control mode
  • D. Client control mode


Answer : A

An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.
How should the administrator architect this organization?

  • A. Set up 3 domains
  • B. Set up 3 sites
  • C. Set up 3 groups
  • D. Set up 3 locations


Answer : A

References: https://support.symantec.com/en_US/article.HOWTO80764.html

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

  • A. Disable Allow user-defined scans to run when the scan author is logged off
  • B. Change the LiveUpdate schedule
  • C. Disable Run an Active Scan when new definitions arrive
  • D. Change the Administrator-defined scan schedule


Answer : C

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

  • A. Define signature variables
  • B. Enable signature logging
  • C. Change the custom signature order
  • D. Create a Custom Intrusion Prevention Signature library


Answer : D

References: https://support.symantec.com/en_US/article.HOWTO80877.html

Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade according to best practices?

  • A. CollectLog.cmd
  • B. DBValidator.bat
  • C. LogExport.cmd
  • D. Upgrade.exe


Answer : B

References: https://support.symantec.com/en_US/article.TECH240591.html

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.
Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

  • A. Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line
  • B. Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line
  • C. Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.
  • D. Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.


Answer : A

References: https://support.symantec.com/en_US/article.TECH104433.html

Which action does SONAR take before convicting a process?

  • A. Checks the reputation of the process.
  • B. Restarts the system.
  • C. Quarantines the process.
  • D. Blocks suspicious behavior.


Answer : A

Page:    1 / 6   
Exam contains 89 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.