250-441試験無料問題集（96題）「Symantec Administration of Symantec Advanced Threat Protection 3.0 認定」

出題：1

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.
Which two objects in the STIX report will ATP search against? (Choose two.)

正解：C,E 解答を投票する

出題：2

What should an Incident Responder do to mitigate a false positive?

A. Submit to Cynic

B. Run an indicators of compromise (IOC) search

C. Add to Whitelist

D. Submit to VirusTotal

正解：B 解答を投票する

出題：3

Which threat is an example of an Advanced Persistent Threat (APT)?

A. MyDoom

B. GhostNet

C. Conficker

D. ILOVEYOU

正解：B 解答を投票する

出題：4

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.
Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

A. Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

B. Use the isolation command in ATP to move endpoint to quarantine network.

C. traffic to the domain.

D. Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

E. Blacklist suspicious domain in the ATP manager.

F. Run a full system scan on all endpoints

正解：B,E 解答を投票する

出題：5

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

A. Create subnets or VLANs and configure the network devices to restrict traffic

B. Set executables on network drives as read only

C. Identify affected clients

D. Close any open shares

E. Identify the threat and understand how it spreads

正解：C,D 解答を投票する

出題：6

A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.
Which approach allows the customer to meet this need?

A. Use the Cynic portal to check whether the MD5 hash triggers a detection from Cynic

B. Use the ATP console to check whether the MD5 hash triggers a detection from Cynic

C. Use the Cynic portal to check whether the SHA-256 hash triggers a detection from Cynic

D. Use the ATP console to check whether the SHA-256 hash triggers a detection from Cynic

正解：B 解答を投票する

出題：7

Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?

A. Action Manager

B. Events

C. Search

D. Incident Manager

正解：A 解答を投票する

出題：8

How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?

A. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain

B. Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain

C. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain

D. Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP

正解：A 解答を投票する

出題：9

Malware is currently spreading through an organization's network. An Incident Responder sees some detections in SEP, but there is NOT an apparent relationship between them.
How should the responder look for the source of the infection using ATP?

A. Isolate a system and collect a sample

B. Submit the hash to Virus Total

C. Check for the file hash for each detection

D. Check of the threats are downloaded from the same domain or IP by looking at incidents

正解：D 解答を投票する

出題：10

Which two (2 non-Symantec method for restricting traffic are available to the Incident response team?

A. Isolate computers so they are NOT compromised by infested computers.

B. Create a DNS a sinkhole server to block malicious traffic.

C. Create an Access Control List at the router to deny traffic.

D. Analyze traffic using wire shark protocol analyzer to identify the source of the infection.

E. Temporarily disconnects the local network from the Internet.

正解：A,E 解答を投票する

250-441試験無料問題集「Symantec Administration of Symantec Advanced Threat Protection 3.0 認定」