250-428 Online Practice Questions and Answers

An administrator is unknowingly trying to connect to a malicious website and download a known threat within a .rar file. All Symantec Endpoint Protection technologies are installed on the client's system. Drag and drop the technologies to the right side of the screen in the sequence necessary to block or detect the malicious file.

Select and Place:

Which two Symantec Endpoint Protection components are used to distribute content updates? (Select two.)

A. Group Update Provider (GUP)

B. Shared Insight Cache Server

C. Symantec Protection Center

D. Symantec Endpoint Protection Manager

E. Symantec Insight Database

Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade as a Symantec Best Practice?

A. collectLog.cmd

B. DBValidator.bat

C. LogExport.cmd

D. Upgrade.exe

A large software company runs a small engineering department that is remotely located over a slow WAN connection.

Which option should the company use to install an exported Symantec Endpoint Protection (SEP) package to the remote site using the smallest amount of network bandwidth?

A. a SEP package using Basic content

B. a SEP package using a policy defined Single Group Update Provider (GUP)

C. a SEP package using a policy defined Multiple Group Update Provider (GUP) list

D. a SEP package using the Install Packages tab

A company deploys Symantec Endpoint Protection (SEP) to 50 virtual machines running on a single ESXi host.

Which configuration change can the administrator make to minimize sudden IOPS impact on the ESXi server while each SEP endpoint communicates with the Symantec Endpoint Protection Manager?

A. increase Download Insight sensitivity level

B. reduce the heartbeat interval

C. increase download randomization window

D. reduce number of content revisions to keep

A company has a small number of systems in their Symantec Endpoint Protection Manager (SEPM) group with federal mandates that AntiVirus definitions undergo a two week testing period. After being loaded on the client, the tested virus definitions must remain unchanged on the client systems until the next set of virus definitions have completed testing. All other clients must remain operational on the most recent definition sets. An internal LiveUpdate Server has been considered as too expensive to be a solution for this company.

What should be modified on the SEPM to meet this mandate?

A. The LiveUpdate Settings policy for this group should be modified to use an Explicit Group Update Provider.

B. The LiveUpdate Content policy for this group should be modified to use a specific definition revision.

C. The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 1.

D. The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 14.

What is an appropriate use of a file fingerprint list?

A. allow unknown files to be downloaded with Insight

B. prevent programs from running

C. prevent AntiVirus from scanning a file

D. allow files to bypass Intrusion Prevention detection

Which technology can prevent an unknown executable from being downloaded through a browser session?

A. Insight

B. Advanced Machine Learning

C. Application Control

D. Intrusion Prevention

What are two methods the SEP Administrator can use for gathering a fingerprint list? (Choose two.)

A. GatherSymantecInfo

B. DevViewer

C. Checksum

D. DeviceInf

E. Get File Fingerprint list command

An organization is considering multiple sites for their Symantec Endpoint Protection environment.

What are two reasons that the organization should consider? (Choose two.)

A. Legal constraints

B. Control your hardware and administration costs

C. Content distribution

D. Tolerable downtime

E. Control when your WAN links are used