Symantec 250-441 Administration of Symantec Advanced Threat Protection 3.0 Online Training
Symantec 250-441 Online Training
The questions for 250-441 were last updated at May 07,2024.
- Exam Code: 250-441
- Exam Name: Administration of Symantec Advanced Threat Protection 3.0
- Certification Provider: Symantec
- Latest update: May 07,2024
Where can an Incident Responder view Cynic results in ATP?
- A . Events
- B . Dashboard
- C . File Details
- D . Incident Details
An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?
- A . Database search filename “msscrt.pdf”
- B . Database search msscrt.pdf
- C . Endpoint search filename like msscrt.pdf
- D . Endpoint search filename =“msscrt.pdf”
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?
- A . Exfiltration
- B . Incursion
- C . Capture
- D . Discovery
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?
- A . The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
- B . The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
- C . The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
- D . The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
- A . Rejoin healthy endpoints back to the network
- B . Blacklist any suspicious files found in the environment
- C . Submit any suspicious files to Cynic
- D . Isolate infected endpoints to a quarantine network
- E . Delete threat artifacts from the environment
Which threat is an example of an Advanced Persistent Threat (APT)?
- A . Koobface
- B . Brain
- C . Flamer
- D . Creeper
An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?
- A . Isolate the endpoint with a Quarantine Firewall policy
- B . Blacklist the IRC channel IP
- C . Blacklist the endpoint IP
- D . Isolate the endpoint with an application control policy
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?
- A . Email Security.cloud
- B . Web security.cloud
- C . Skeptic
- D . Symantec Messaging Gateway