250-580 exam

A file has been identified as malicious. Which feature of SEDR allows an administrator to manually block a specific file hash?A . PlaybooksB . QuarantineC . Allow ListD . Block ListView AnswerAnswer: D Explanation: In Symantec Endpoint Detection and Response (SEDR), the Block List feature allows administrators to manually block...

Which SES feature helps administrators apply policies based on specific endpoint profiles?A . Policy BundlesB . Device ProfilesC . Policy GroupsD . Device GroupsView AnswerAnswer: D Explanation: In Symantec Endpoint Security (SES), Device Groups enable administrators to apply policies based on specific endpoint profiles. Device Groups categorize endpoints according to...

What information is required to calculate storage requirements?A . Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump sizeB . Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump sizeC . Number of endpoints, available bandwidth,...

What priority would an incident that may have an impact on business be considered?A . LowB . CriticalC . HighD . MediumView AnswerAnswer: C Explanation: An incident that may have an impact on business is typically classified with a High priority in cybersecurity frameworks and incident response protocols. Here’s a...

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?A . File DeletionB . Incident ManagerC . IsolationD . Endpoint Activity RecorderView AnswerAnswer: C Explanation: When an Incident Responder determines that an endpoint is compromised,...

How would an administrator specify which remote consoles and servers have access to the management server?A . Edit the Server Properties and under the General tab, change the Server Communication Permission.B . Edit the Communication Settings for the Group under the Clients tab.C . Edit the External Communication Settings for...

Why is Active Directory a part of nearly every targeted attack?A . AD administration is managed by weak legacy APIs.B . AD is, by design, an easily accessed flat file name space directory databaseC . AD exposes all of its identities, applications, and resources to every endpoint in the networkD...

What does a ranged query return or exclude?A . Data matching the exact field names and their valuesB . Data matching a regular expressionC . Data falling between two specified values of a given fieldD . Data based on specific values for a given fieldView AnswerAnswer: C Explanation: A ranged...

Which SES advanced feature detects malware by consulting a training model composed of known good and known bad files?A . SignaturesB . ReputationC . Artificial IntelligenceD . Advanced Machine LearningView AnswerAnswer: D Explanation: The Advanced Machine Learning feature in Symantec Endpoint Security (SES) uses a sophisticated model trained on a...

Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?A . Mismatched Port - Application TrafficB . Irregularities in Privileged User Account ActivityC . Surges in Database...