Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Symantec
  3. Data Loss Prevention
  4. 250-587 - Symantec Data Loss Prevention 16.x Administration Technical Specialist

Symantec 250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist Exam Practice Test

Demo: 30 questions
Total 100 questions
Get 250-587 Full Access Download 250-587 PDF

Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

Question 1

A DLP administrator needs to remove an agent its associated events from an Endpoint server.

Which Agent Task should the administrator perform to disable the agent’s visibility in the Enforce management console?

Options:

A.

Delete action from the Agent health dashboard

B.

Delete action from the Agent List page

C.

Disable action from Symantec Management Console

D.

Change endpoint Server action from the Agent Overview page

Question 2

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.

When does the DLP agent stop scanning?

Options:

A.

When the agent sends a report within the “Scan Idle Timeout” period

B.

When the endpoint computer is rebooted and the agent is started

C.

When the agent is unable to send a status report within the “Scan Idle Timeout” period

D.

When the agent sends a report immediately after the “Scan Idle Timeout” period

Question 3

Why would an administrator set the Similarity Threshold to s=zero when testing and tuning a Vector Machine Learning (VML) profile?

Options:

A.

To capture the matches to the Positive set

B.

To capture the matches to the negative set

C.

To see the false negatives only

D.

To see the entire range of potential matches

Question 4

A software company wants to protect its source code, including new source code created between scheduled indexing runs.

Which detection method should the company use to meet this requirement?

Options:

A.

Exact Data Matching (EDM)

B.

Described Content Matching (DCM)

C.

Indexed Document Matching (IDM)

D.

Vector Machine Learning (VML)

Question 5

Which two detection servers are available as virtual appliances? (Choose two.)

Options:

A.

Network Monitor

B.

Network Prevent for Web

C.

Network Discover

D.

Network Prevent for Email

E.

Optical Character Recognition (OCR)

Question 6

Which detection method depends on “training sets”?

Options:

A.

Form Recognition

B.

Vector Machine Learning (VML)

C.

Index Document Matching (IDM)

D.

Exact Data Matching (IDM)

Question 7

How do Cloud Detection Service and the Enforce server communicate with each other?

Options:

A.

Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 8100.

B.

Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 443.

C.

Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 1443.

D.

Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 443.

Question 8

How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?

Options:

A.

Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.

B.

Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.

C.

Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.

D.

Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

Question 9

What detection technology supports partial row matching?

Options:

A.

Vector Machine Learning (VML)

B.

Indexed Document Matching (IDM)

C.

described Content Matching (EDM)

D.

Exact data Matching (EDM)

Question 10

A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers.

What should the administrator do to make the Network Discover option available?

Options:

A.

Restart the Symantec DLP Controller service

B.

Apply a new software license file from the Enforce console

C.

Install a new Network Discover detection server

D.

Restart the Vontu Monitor Service

Question 11

Which two detection technology options ONLY run on a detection server? (Choose two.)

Options:

A.

Form Recognition

B.

Indexed Document matching (IDM)

C.

Described Content Matching (DCM)

D.

Exact data matching (EDM)

E.

vector Machine Learning (VML)

Question 12

Which two detection technology options run on the DLP agent? (Choose two.)

Options:

A.

Optical Character Recognition (OCR)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Form Recognition

E.

Indexed Document Matching (IDM)

Question 13

Which option is an accurate use case for Information Centric Encryption (ICE)?

Options:

A.

The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.

B.

The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.

C.

The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.

D.

The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Question 14

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

Options:

A.

Endpoint Prevent

B.

Cloud Service for Email

C.

Network Prevent for Email

D.

Network Discover

E.

Cloud Detection Service

Question 15

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Options:

A.

The OCR engine must be installed on detection server other than the Enforce server.

B.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

C.

The OCR engine must be directly on the Enforce server.

D.

The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Question 16

Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

Options:

A.

An absence of a trained incident response team

B.

A disgruntled employee for a job with a competitor

C.

Merger and Acquisition activities

D.

Lack of training and awareness

E.

Broken business processes

Question 17

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Options:

A.

Smart response on the Incident page

B.

Automated Response on the Incident Snapshot page

C.

Smart response on an Incident List report

D.

Automated response on an Incident List report

Question 18

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

Options:

A.

The new agent configuration was saved but not applied to any endpoint groups.

B.

The new agent configuration was copied and modified from the default agent configuration.

C.

The default agent configuration must be disabled before the new configuration can take effect.

D.

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Question 19

Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.

Allow the content to be posted

B.

Remove the content through FlexResponse

C.

Block the content before posting

D.

Encrypt the content before posting

E.

Redirect the content to an alternative destination

Question 20

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Options:

A.

Smart Response on the Incident Snapshot page

B.

Automated Response on an Incident List report

C.

Smart Response on an Incident List report

D.

Automated Response on the Incident Snapshot page

Question 21

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.

What is the probable reason that the User Risk Summary report is blank?

Options:

A.

Only DLP administrators are permitted to access and view data for high risk users.

B.

The Enforce server has insufficient permissions for importing user attributes.

C.

User attribute data must be configured separately from incident data attributed.

D.

User attributes have been incorrectly mapped to Active Directory accounts.

Question 22

A company needs to implement Data Owner Exception so that incidents when employees send or receive their own personal information.

What detection method should the company use?

Options:

A.

Indexed Document Matching (IDM)

B.

Vector Machine Learning (VML)

C.

Exact data matching (EDM)

D.

Described Content matching (DCM)

Question 23

Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

Options:

A.

File System High-Speed Discovery

B.

File System (standard)

C.

SharePoint

D.

Exchange

Question 24

Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)

Options:

A.

Exchange

B.

Jiveon

C.

File store

D.

SharePoint

E.

Confluence

Question 25

Where do you configure the list of Endpoint Servers (or load balancers) to which a DLP Agent can report?

Options:

A.

In the Agent Package

B.

In the Agent Configuration

C.

In the Agent Group

D.

In the Agent Overview

Question 26

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.

How should the administrator bring the detection servers to a running state in the Enforce management console?

Options:

A.

Restart the Vontu Update Service on the Enforce server

B.

Ensure the Vontu Monitor Controller service is running in the Enforce server

C.

Delete all of the .BAD files in the Incidents folder on the Enforce server

D.

Restart the Vontu Monitor Service on all the affected detection servers

Question 27

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

Options:

A.

Block

B.

User Cancel

C.

Encrypt

D.

Notify

Question 28

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

Options:

A.

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.

Double-check that the correct device ID or class has been entered for each device

C.

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Question 29

Which two components can perform a file system scan of a workstation? (Choose two.)

Options:

A.

Endpoint Server

B.

DLP Agent

C.

Network Prevent for Web Server

D.

Discover Server

E.

Enforce Server

Question 30

Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

Options:

A.

There is insufficient disk space on the Network Monitor server.

B.

The Network Monitor server’s certificate is corrupt or missing.

C.

The Network Monitor server’s license file has expired.

D.

The Enforce and Network Monitor servers are running different versions of DLP.

Load More 250-587 Questions
Demo: 30 questions
Total 100 questions
Get 250-587 Full Access Download 250-587 PDF