How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?
- A . Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.
- B . Modify the agent config.db to include the file
- C . Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
- D . Modify the agent configuration and select the option “retain Original Files”
What is the correct configuration for “BoxMonitor.Channels”that will allow the server to start as a Network Monitor server?
- A . Packet Capture, Span Port
- B . Packet Capture, Network Tap
- C . Packet Capture, Copy Rule
- D . Packet capture, Network Monitor
C
Explanation:
Reference: https://support.symantec.com/en_US/article.TECH218980.html
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
- A . There is insufficient disk space on the Network Monitor server.
- B . The Network Monitor server’s certificate is corrupt or missing.
- C . The Network Monitor server’s license file has expired.
- D . The Enforce and Network Monitor servers are running different versions of DLP.
Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)
- A . Any customer-hosted private cloud
- B . Amazon Web Services
- C . AT&T
- D . Verizon
- E . Rackspace
BE
Explanation:
Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/ DOCUMENTATION/8000/DOC8244/en_US/Symantec_DLP_15.0_Cloud_Prevent_O365.pdf? __gda__=1554430310_584ffada3918e15ced8b6483a2bfb6fb (14)
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
- A . Only DLP administrators are permitted to access and view data for high risk users.
- B . The Enforce server has insufficient permissions for importing user attributes.
- C . User attribute data must be configured separately from incident data attributed.
- D . User attributes have been incorrectly mapped to Active Directory accounts.
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?
- A . Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
- B . Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
- C . Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.
- D . Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.
A
Explanation:
Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicyorchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620185.html
A software company wants to protect its source code, including new source code created between scheduled indexing runs.
Which detection method should the company use to meet this requirement?
- A . Exact Data Matching (EDM)
- B . Described Content Matching (DCM)
- C . Vector Machine Learning (VML) D. Indexed Document Matching (IDM)
D
Explanation:
Reference: https://help.symantec.com/cs/DLP15.0/DLP/v100774847_v120691346/Scheduling-remoteindexing?locale=EN_US
What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)
- A . To specify Wi-Fi SSID names
- B . To specify an IP address or range
- C . To specify the endpoint server
- D . To specify domain names
- E . To specify network card status (ON/OFF)
BD
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v18349332_v125428396/Setting-the-endpointlocation?locale=EN_US
What detection server is used for Network Discover, Network Protect, and Cloud Storage?
- A . Network Protect Storage Discover
- B . Network Discover/Cloud Storage Discover
- C . Network Prevent/Cloud Detection Service
- D . Network Protect/Cloud Detection Service
B
Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-NetworkDiscover-Cloud-Storage-Discover-Server-configuration?locale=EN_US
Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?
- A . Network Discover
- B . Cloud Service for Email
- C . Endpoint Prevent
- D . Network Protect
D
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v15600645_v125428396/Configuring-NetworkProtect-for-file-shares?locale=EN_US
Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)
- A . Exchange
- B . Jiveon
- C . File store
- D . SharePoint
- E . Confluence
CD
Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/information-centricencryption-en.pdf
Which detection method depends on “training sets”?
- A . Form Recognition
- B . Vector Machine Learning (VML)
- C . Index Document Matching (IDM)
- D . Exact Data Matching (IDM)
B
Explanation:
Reference: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-dlp_machine_learning.WP_enus.pdf
Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?
- A . Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.
- B . Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.
- C . Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.
- D . Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.
A
Explanation:
Reference: https://www.symantec.com/connect/articles/sslkeytool-utility-and-server-certificates
Which option correctly describes the two-tier installation type for Symantec DLP?
- A . Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
- B . Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
- C . Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
- D . Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.
D
Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers
Which two detection technology options run on the DLP agent? (Choose two.)
- A . Optical Character Recognition (OCR)
- B . Described Content Matching (DCM)
- C . Directory Group Matching (DGM)
- D . Form Recognition
- E . Indexed Document Matching (IDM)
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data.
However, data transfers to these devices are still being blocked.
What is the first action an administrator should take to enable data transfers to the approved endpoint devices?
- A . Disable and re-enable the Endpoint Prevent policy to activate the changes
- B . Double-check that the correct device ID or class has been entered for each device
- C . Verify Application File Access Control (AFAC) is configured to monitor the specific application
- D . Edit the exception rule to ensure that the “Match On” option is set to “Attachments”
What is the default fallback option for the Endpoint Prevent Encrypt response rule?
- A . Block
- B . User Cancel
- C . Encrypt
- D . Notify
Which two components can perform a file system scan of a workstation? (Choose two.)
- A . Endpoint Server
- B . DLP Agent
- C . Network Prevent for Web Server
- D . Discover Server
- E . Enforce Server
Which channel does Endpoint Prevent protect using Device Control?
- A . Bluetooth
- B . USB storage
- C . CD/DVD
- D . Network card
B
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO80865.html#v36651044
A divisional executive requests a report of all incidents generated by a particular region, summarized by department.
What does the DLP administrator need to configure to generate this report?
- A . Custom attributes
- B . Status attributes
- C . Sender attributes
- D . User attributes
A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.
What are the processes missing from the Server Detail page display?
- A . The Display Process Control setting on the Advanced Settings page is disabled.
- B . The Advanced Process Control setting on the System Settings page is deselected.
- C . The detection server Display Control Process option is disabled on the Server Detail page.
- D . The detection server PacketCapture process is displayed on the Server Overview page.
B
Explanation:
Reference: https://support.symantec.com/content/unifiedweb/en_US/article.TECH220250.html
What detection technology supports partial contents matching?
- A . Indexed Document Matching (IDM)
- B . Described Content Matching (DCM)
- C . Exact Data Matching (DCM)
- D . Optical Character Recognition (OCR)
A
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detectiontechnologies?locale=EN_US
What is Application Detection Configuration?
- A . The Cloud Detection Service (CDS) process that tells Enforce a policy has been violated
- B . The Data Loss Prevention (DLP) policy which has been pushed into Cloud Detection Service (CDC) for files in transit to or residing in Cloud apps
- C . The terminology describing the Data Loss Prevention (DLP) process within the CloudSOC administration portal
- D . the setting configured within the user interface (UI) that determines whether CloudSOC should send a file to Cloud Detection Service (CDS) for analysis.
A
Explanation:
Reference: https://help.symantec.com/cs/DLP15.0/DLP/v119805091_v120691346/About-ApplicationDetection%7CSymantec-Data-Loss-Prevention-15.0?locale=EN_US
What detection method utilizes Data Identifiers?
- A . Indexed Document matching (IDM)
- B . Described Content Matching (DCM)
- C . Directory Group Matching (DGM)
- D . Exact Data Matching (EDM)
D
Explanation:
Reference: https://www.symantec.com/connect/forums/edm-policy-exception
When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.
When does the DLP agent stop scanning?
- A . When the agent sends a report within the “Scan Idle Timeout” period
- B . When the endpoint computer is rebooted and the agent is started
- C . When the agent is unable to send a status report within the “Scan Idle Timeout” period
- D . When the agent sends a report immediately after the “Scan Idle Timeout” period
Which two detection servers are available as virtual appliances? (Choose two.)
- A . Network Monitor
- B . Network Prevent for Web
- C . Network Discover
- D . Network Prevent for Email
- E . Optical Character Recognition (OCR)
BD
Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v123002905_v120691346/About-DLP-Appliances? locale=EN_US
A company needs to secure the content of all mergers and Acquisitions Agreements/ However, the standard text included in all company literature needs to be excluded.
How should the company ensure that this standard text is excluded from detection?
- A . Create a Whitelisted.txtfile after creating the Vector Machine Learning (VML) profile.
- B . Create a Whitelisted.txtfile after creating the Exact Data Matching (EDM) profile
- C . Create a Whitelisted.txtfile before creating the Indexed Document Matching (IDM) profile
- D . Create a Whitelisted.txtfile before creating the Exact Data Matching (EDM) profile
C
Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v27161240_v120691346/White-listing-file-contents-to-exclude-from-partial-matching?locale=EN_US
Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?
- A . Exchange
- B . File System
- C . Lotus Notes
- D . SharePoint
B
Explanation:
Reference: https://help.symantec.com/cs/DLP15.0/DLP/v83981880_v120691346/Troubleshootingautomated-incident-remediation-tracking?locale=EN_US