Filters
Question type
Study Flashcards

Which two options are available when configuring high risk detection in SONAR? (Select two.)


A) Block
B) Skip
C) Quarantine
D) Log
E) Delete

F) B) and E)
G) D) and E)

Correct Answer

verifed

verified

A Symantec Endpoint Protection administrator needs to prevent users from modifying files in a specific program folder that is on all client machines. What does the administrator need to configure?


A) a file and folder exception in the Exception policy
B) an application rule set in the Application and Device Control policy
C) a file fingerprint list and System Lockdown
D) the Tamper Protection settings for the client folder

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

In Symantec Endpoint Protection 12.1 Enterprise Edition (SEP) , what happens when the Soft Enforcement license expires?


A) LiveUpdate stops.
B) Proactive Threat Protection is disabled.
C) SEP clients become unmanaged.
D) Content updates are allowed.

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

What are two criteria that Symantec Insight uses to evaluate binary executables? (Select two.)


A) sensitivity
B) prevalence
C) confidentiality
D) content
E) age

F) A) and C)
G) B) and C)

Correct Answer

verifed

verified

What is the likely impact of increasing the Download Insight sensitivity?


A) It would block files that trend towards a poor reputation and decrease false positives.
B) It would allow only files with a good reputation and decrease false positives.
C) It would allow only files that trend toward a good reputation and increases false positives.
D) It would block files that have a poor reputation and decrease false positives.

E) None of the above
F) C) and D)

Correct Answer

verifed

verified

Which action should an administrator take to prevent users from using Windows Security Center?


A) set Disable antivirus alert within Windows Security Center to Disable
B) set Disable antivirus alert within Windows Security Center to Never
C) set Disable Windows Security Center to Disable
D) set Disable Windows Security Center to Always

E) All of the above
F) A) and B)

Correct Answer

verifed

verified

What does SONAR use to reduce false positives?


A) Virus and Spyware definitions
B) File Fingerprint list
C) Symantec Insight
D) Extended File Attributes (EFA) table

E) A) and D)
F) All of the above

Correct Answer

verifed

verified

A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period. Where should the administrator adjust the time to block the attacking computer?


A) in the firewall policy, under Protection and Stealth
B) in the firewall policy, under Built in Rules
C) in the group policy, under External Communication Settings
D) in the group policy, under Communication Settings

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country. Which deployment method should the company use to notify its sales staff to install the client?


A) Push mode
B) Client Deployment Wizard
C) Pull mode
D) Unmanaged Detector

E) B) and D)
F) B) and C)

Correct Answer

verifed

verified

Which technology uses heuristics to scan outbound email?


A) Internet Email Auto-Protect
B) Microsoft Outlook Auto-Protect
C) Lotus Notes Auto-Protect
D) SONAR

E) B) and C)
F) A) and C)

Correct Answer

verifed

verified

What could be an adverse effect of activating aggressive mode on the SONAR policy?


A) false negatives
B) false positives
C) performance issues
D) higher rejection rate

E) All of the above
F) A) and B)

Correct Answer

verifed

verified

Which Symantec Endpoint Protection defense mechanism provides protection against threats that propagate from system to system through the use of autorun.inf files?


A) Application and Device Control
B) SONAR
C) TruScan
D) Host Integrity

E) C) and D)
F) None of the above

Correct Answer

verifed

verified

Which protection technology assists in protecting documents in real-time when accessed or modified?


A) SONAR
B) Reputation Scans
C) Auto-Protect
D) Scheduled Scans

E) A) and D)
F) None of the above

Correct Answer

verifed

verified

Acrobat Reader is being targeted by a threat using process injection. Which feature of SONAR is sandboxing Acroread32.exe so that the threat is prevented from dropping its payload?


A) Commercial Application Detection
B) Suspicious Behavior Detection
C) System Change Events
D) Signature Based Detection

E) B) and C)
F) None of the above

Correct Answer

verifed

verified

A Symantec Endpoint Protection 12.1 group has two defined locations based on whether clients are attached to the local network or are remote. The local network location has an administrator- defined scan scheduled to begin each Monday at 09:00. The remote location has an administrator- defined scan scheduled to begin each Wednesday night at 21:00. All systems are used daily and remain powered on all night. Some users in the group have laptops, while the other users have standard desktops. Assuming the laptops are taken home and used each night, what is the effect?


A) All clients will run scans only on Monday.
B) All clients will run scans both on Monday and Wednesday.
C) The laptops will run scans only on Wednesday, while the desktops will run scans only on Monday.
D) The laptops will run scans both the Monday and Wednesday, while the desktops will run scans only on Monday.

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

What is an appropriate use of a file fingerprint list?


A) allow unknown files to be downloaded with Insight
B) prevent programs from running
C) prevent AntiVirus from scanning a file
D) allow files to bypass Intrusion Prevention detection

E) All of the above
F) A) and B)

Correct Answer

verifed

verified

A Symantec Endpoint Protection (SEP) client uses a management server list with three management servers in the priority 1 list. Which mechanism does the SEP client use to select an alternate management server if the currently selected management server is unavailable?


A) The client chooses another server in the list randomly.
B) The client chooses a server based on the lowest server load.
C) The client chooses a server with the next highest IP address.
D) The client chooses the next server alphabetically by server name.

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?


A) Host Integrity Policy
B) Virus and Spyware Protection Policy
C) Exceptions Policy
D) Application and Device Control Policy

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application. Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?


A) create an Allow Firewall rule for the application and place it at the bottom of the firewall rules below the blue line
B) create an Allow Firewall rule for the application and place it at the bottom of the firewall rules above the blue line
C) create an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line
D) create an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

A company recently purchased the Symantec Endpoint Protection 12.1 (SEP) product. It has two datacenters and wants to configure SEP for high availability, so that if one datacenter goes down, the SEP clients can smoothly fail over to the other datacenter. What should be done to allow SEP clients to fail over from one datacenter to the next?


A) Install a Group Update Provider at each datacenter and configure replication.
B) Install a Symantec Protection Center at each datacenter and configure replication.
C) Install a Symantec Endpoint Protection Manager at each datacenter and configure replication.
D) Install a Symantec Site Server at each datacenter and configure replication.

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

Showing 121 - 140 of 165

Related Exams

Exam 2

Administration of Symantec Email Security.cloud (v1)

113 Questions

Exam 3

Administration of Symantec Data Loss Prevention 12 (Broadcom)

98 Questions

Exam 4

Administration of Symantec ProxySG 6.7

138 Questions

Exam 5

Symantec Messaging Gateway 10.5 Technical Assessment (Broadcom)

409 Questions

Show Answer