Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. Symantec
  3. Endpoint Protection 14
  4. 250-428 - Administration of Symantec Endpoint Protection 14

Symantec 250-428 Administration of Symantec Endpoint Protection 14 Exam Practice Test

Demo: 20 questions
Total 135 questions
Get 250-428 Full Access Download 250-428 PDF

Administration of Symantec Endpoint Protection 14 Questions and Answers

Question 1

In which two areas can host groups be used? (Select two.)

Options:

A.

Locations

B.

Download Insight

C.

IPS

D.

Application and Device Control

E.

Firewall

Question 2

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.

What is the quickest way an administrator can restore the environment to its original state?

Options:

A.

Install a new SEPM into the existing site

B.

Reinstall the entire SEPM environment

C.

Clone the still functioning SEPM and change the server.properties file

D.

Build a new site and configure replication with the still functioning SEPM

Question 3

What is an appropriate use of a file fingerprint list?

Options:

A.

allow unknown files to be downloaded with Insight

B.

prevent programs from running

C.

prevent AntiVirus from scanning a file

D.

allow files to bypass Intrusion Prevention detection

Question 4

A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country.

Which deployment method should the company use to notify its sales staff to install the client?

Options:

A.

Unmanaged Detector

B.

Client Deployment Wizard

C.

Pull mode

D.

Push mode

Question 5

A Symantec Endpoint Protection administrator needs to prevent users from modifying files in a specific program folder that is on all client machines.

What does the administrator need to configure?

Options:

A.

a file and folder exception in the Exception policy

B.

an application rule set in the Application and Device Control policy

C.

a file fingerprint list and System Lockdown

D.

the Tamper Protection settings for the client folder

Question 6

A company receives a high number of reports from users that files being downloaded from internal web servers are blocked. The Symantec Endpoint Protection administrator verifies that the Automatically trust any file downloaded from an intranet website option is enabled.

Which configuration can cause Insight to block the files being downloaded from the internal web servers?

Options:

A.

Virus and Spyware definitions are out of date.

B.

Local intranet zone is configured incorrectly on the Mac clients browser settings.

C.

Intrusion prevention is disabled.

D.

Local intranet zone is configured incorrectly on the Windows clients browser settings.

Question 7

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

Options:

A.

Create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

B.

Create an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line

C.

Create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.

D.

Create an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.

Question 8

A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.

Where should the administrator adjust the time to block the attacking computer?

Options:

A.

In the group policy, under External Communication settings

B.

In the group policy, under Communication settings

C.

In the firewall policy, under Protection and Stealth

D.

In the firewall policy, under Built in Rules

Question 9

An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies.

Which two actions occur when a virus is detected? (Select two.)

Options:

A.

replace the file with a place holder

B.

check the reputation

C.

store in Quarantine folder

D.

send the file to Symantec Insight

E.

encrypt the file

Question 10

What is the file scan workflow order when Shared Insight Cache and reputation are enabled?

Options:

A.

Symantec Insight > Shared Insight Cache server > local client Insight cache

B.

Local client Insight cache > Shared Insight Cache server > Symantec Insight

C.

Shared Insight Cache server > local client Insight cache > Symantec Insight

D.

Local client Insight cache > Symantec Insight > Shared Insight Cache server

Question 11

An administrator is re-adding an existing Replication Partner to the local Symantec Endpoint Protection Manager site.

Which two parameters are required to re-establish this replication partnership? (Select two.)

Options:

A.

Remote site Encryption Password

B.

Remote server IP Address and port

C.

Remote SQL database account credentials

D.

Remote server Administrator credentials

E.

Remote site Domain ID

Question 12

A company has a small number of systems in their Symantec Endpoint Protection Manager (SEPM) group with federal mandates that AntiVirus definitions undergo a two week testing period. After being loaded on the client, the tested virus definitions must remain unchanged on the client systems until the next set of virus definitions have completed testing. All other clients must remain operational on the most recent definition sets. An internal LiveUpdate Server has been considered as too expensive to be a solution for this company.

What should be modified on the SEPM to meet this mandate?

Options:

A.

The LiveUpdate Content policy for this group should be modified to use a specific definition revision.

B.

The LiveUpdate Settings policy for this group should be modified to use an Explicit Group Update Provider.

C.

The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 14.

D.

The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 1.

Question 13

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.

What is the likely cause of the problem?

Options:

A.

The application has been upgraded.

B.

The Application and Device Control policy is in test mode.

C.

A file exception has been added to the Exceptions policy.

D.

The Application and Device Control policy is allowing the file to execute.

Question 14

Which two Symantec Endpoint Protection components are used to distribute content updates? (Select two.)

Options:

A.

Group Update Provider (GUP)

B.

Shared Insight Cache Server

C.

Symantec Protection Center

D.

Symantec Endpoint Protection Manager

E.

Symantec Insight Database

Question 15

An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the files, the infection continues to display in the logs.

Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)

Options:

A.

Stop Service Automatically

B.

Stop and Reload AutoProtect

C.

Terminate Processes Automatically

D.

Risk Tracer

E.

Early Launch Anti-Malware Driver

Question 16

Which task should an administrator perform to troubleshoot operation of the Symantec Endpoint Protection embedded database?

Options:

A.

Verify the sqlserver.exe service is running on port 1433

B.

Verify that dbsrv11.exe is listening on port 2638

C.

Check the database transaction logs in X:\Program Files\Microsoft SQL server

D.

Check whether the MSSQLSERVER service is running

Question 17

A Symantec Endpoint Protection (SEP) administrator is remotely deploying SEP clients, but the clients are failing to install on Windows XP.

What are two possible reasons for preventing installation? (Select two.)

Options:

A.

Windows firewall is enabled.

B.

Internet Connection firewall is disabled.

C.

Administrative file shares are enabled.

D.

Simple file sharing is enabled.

E.

Clients are configured for DHCP.

Question 18

A company has an application that requires network traffic in both directions to multiple systems at a specific external domain. A firewall rule was created to allow traffic to and from the external domain, but the rule is blocking incoming traffic.

What should an administrator enable in the firewall policy to allow this traffic?

Options:

A.

TCP resequencing

B.

Smart DHCP

C.

Reverse DNS Lookup

D.

Smart WINS

Question 19

An administrator configures the scan duration for a scheduled scan. The scan fails to complete in the specified time period.

When will the next scheduled scan occur on the computer?

Options:

A.

When the computer restarts

B.

At the next scheduled scan period

C.

Within the next hour

D.

When the user restarts the scan

Question 20

Which action should an administrator take to prevent users from using Windows Security Center?

Options:

A.

Set Disable antivirus alert within Windows Security Center to Disable

B.

Set Disable Windows Security Center to Always

C.

Set Disable Windows Security Center to Disable

D.

Set Disable antivirus alert within Windows Security Center to Never

Load More 250-428 Questions
Demo: 20 questions
Total 135 questions
Get 250-428 Full Access Download 250-428 PDF