250-580 exam

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?A . IPv6 TunnelingB . IPSC . FirewallD . VPNView AnswerAnswer: B Explanation: The Intrusion Prevention System (IPS) in Symantec Endpoint Security (SES) plays a crucial role in defending against data leakage during a man-in-the-middle...

Which type of event does operation:1 indicate in a SEDR database search?A . File Deleted.B . File Closed.C . File Open.D . File Created.View AnswerAnswer: C Explanation: In a Symantec Endpoint Detection and Response (SEDR) database search, an event labeled with operation:1 corresponds to a File Open action. This identifier...

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?A . QuarantineB . BlockC . Deny ListD . FirewallView AnswerAnswer: A Explanation: The function of "Quarantine" in Endpoint Detection and Response (EDR) minimizes the risk of an infected endpoint spreading malware or malicious activities to...

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?A . Enable port scan detectionB . Automatically block an...

Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?A . Intrusion PreventionB . SONARC . Application and Device ControlD . Tamper ProtectionView AnswerAnswer: C Explanation: The Application and Device Control technology within Symantec Endpoint Protection (SEP) is responsible for blocking unauthorized software behaviors, such as preventing...

If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?A . Navigate to ICDm > Enrollment and disable the settingB . Unenroll the SEPM > Disable the setting > Re-enroll the SEPMC . Revoke policies from ICDmD . Revoke...

What happens when an administrator adds a file to the deny list?A . The file is assigned to a chosen Deny List policyB . The file is assigned to the Deny List task listC . The file is automatically quarantinedD . The file is assigned to the default Deny List...

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?A . Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on...

What tool can administrators use to create custom behavioral isolation policies based on collected application behavior data?A . Behavioral Prevalence CheckB . Behavioral Heat MapC . Application CatalogD . Application Frequency MapView AnswerAnswer: C Explanation: Administrators can use the Application Catalog in Symantec Endpoint Security to create custom behavioral isolation...

Which Incident View widget shows the parent-child relationship of related security events?A . The Incident Summary WidgetB . The Process Lineage WidgetC . The Events WidgetD . The Incident Graph WidgetView AnswerAnswer: B Explanation: The Process Lineage Widget in the Incident View of Symantec Endpoint Security provides a visual representation...