250-441試験無料問題集（96題）「Symantec Administration of Symantec Advanced Threat Protection 3.0 認定」

出題：1

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?

A. 8446

B. 8081

C. 1433

D. 8014

正解：B 解答を投票する

出題：2

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

A. Incursion

B. Exfiltration

C. Capture

D. Discovery

正解：A 解答を投票する

出題：3

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)

A. Database version

B. Database domain name

C. Database hostname

D. Database name

E. Database IP address

正解：C,E 解答を投票する

出題：4

How can an Incident Responder generate events for a site that was identified as malicious but has NOT triggered any events or incidents in ATP?

A. Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

B. Add the site to a blacklist in ATP manager.

C. Run an indicators of compromise (IOC) search in ATP manager.

D. Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

正解：B 解答を投票する

出題：5

Which final steps should an Incident Responder take before using ATP to rejoin a remediated endpoint to the network, according to Symantec best practices?

A. Upgrade the client to the latest version of SEP. Once the client is upgraded, rejoin the computer to the production network.

B. Run Windows Update to patch the system with the latest service pack. Once the system is up-to-date, rejoin the computer to the production network.

C. Run an additional antivirus scan with the latest definitions. If the scan comes back as clean, rejoin the computer to the production network.

D. Use SymDiag to run a Threat Scan Analysis on the machine. Once the analysis comes back as clean, rejoin the computer to the production network.

正解：A 解答を投票する

出題：6

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

A. It ensures that the Incident is resolved, and the responder can determine the best remediation method.

B. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

C. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.

D. It ensures that the Incident is resolved, and the responder can clean up the infection.

正解：C 解答を投票する

出題：7

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.
Which two objects in the STIX report will ATP search against? (Choose two.)

A. Registry entry

B. SHA-1 hash

C. MD5 hash

D. MAC address

E. SHA-256 hash

正解：C,E 解答を投票する

出題：8

An ATP administrator is setting up correlation with Email Security cloud.
What is the minimum Email Security cloud account privilege required?

A. Standard User Role - Full Access

B. Standard User Role -Port

C. Standard User Role - Support

D. Standard User Role - Service

正解：D 解答を投票する

出題：9

An Incident Responder wants to use a STIX file to run an indicate of components (IOC) search.
Which format must the administrator use for the file?

A. .mht

B. .xml

C. .html

D. .csv

正解：B 解答を投票する

出題：10

An organization has five (5) shops with a few endpoints and a large warehouse where 98% of all computers are located. The shops are connected to the warehouse using leased lines and access internet through the warehouse network.
How should the organization deploy the network scanners to observe all inbound and outbound traffic based on Symantec best practices for Inline mode?

A. Deploy a physical network scanner at each shop

B. Deploy a physical network scanner at the warehouse gateway

C. Deploy a virtual network scanner at each shop

D. Deploy a virtual network scanner at the warehouse and a virtual network scanner at each shop

正解：B 解答を投票する

250-441試験無料問題集「Symantec Administration of Symantec Advanced Threat Protection 3.0 認定」