250-441 Exam Dumps - Administration of Symantec Advanced Threat Protection 3.0
A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.
Which approach allows the customer to meet this need?
An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)
A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to
implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.
Why does the company need more than one ATP manager?
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log
Collector?
Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.
Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?
(Choose two.)
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email
detections?
What is a benefit of using Microsoft SQL as the Symantec Endpoint Protection Manager (SEPM) database in regard to ATP?
An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?
Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?