250-312 - Admin of Symantec Backup Exec 12 for Windows Servers
Go back to Symantec
How frequently does Symantec recommend that a Symantec Endpoint Protection Manager site check LiveUpdate for content updates?
every 4 hours
A company is transitioning from using policies based on the individual that logs in to the client machine to policies based only on the client machine. Which Symantec Endpoint Protection 12.1 change will the organization need to perform?
Move from User mode to Computer mode.
A company is setting up a new environment with three Symantec Endpoint Protection Managers (SEPM) and wants to set one SEPM to act as the primary reporting server. Where in the SEPM should the administrator configure the priority reporting server to be used for running scheduled reports and notifications?
Local Site properties
A company is currently testing Symantec Endpoint Protection 12.1 on 100 clients. The company has decided to deploy SEP to an additional 20,000 clients. They are concerned about the number of clients supported on a single Symantec Endpoint Protection Manager (SEPM). What should the company do to ensure that the SEPM can support the clients?
Configure the clients for Pull mode.
A company organizes its clients into two groups: the Symantec Endpoint Protection Manager (SEPM) group with all the SEPMs and a Desktops group with all other systems. An Application and Device Control policy is used with the "Block modifications to hosts file" rule set enabled. This policy is applied to all groups in the company. How can an administrator modify the hosts file on the SEPM systems, while minimizing risks posed to the company?
Withdraw the policy from the SEPM group, modify the hosts files, and reassign the policy.
An administrator makes a change in the Active Directory structure which has been imported into the Symantec Endpoint Protection Manager (SEPM). By default, when will the change automatically be reflected in the SEPM?
maximum 24 hours
Which two can be used when defining location switching criteria for the Symantec Endpoint Protection 12.1 client? (Select two.)
Which component is required in order to run Symantec Endpoint Protection 12.1 protection technologies?
Symantec Endpoint Protection client
A new installation of the Symantec Endpoint Protection 12.1 (SEP) is running on a trial license. For how long can managed SEP clients receive updates?
An administrator defines the Active Directory settings in the Symantec Endpoint Protection Manager (SEPM). The administrator adds an account named Sep_SysAdmin in the SEPM. This account is configured to use Active Directory Authentication. Which two settings can the administrator configure for the Sep_SysAdmin account? (Select two.)
Select the Directory Server
A large set of static PDF files stored on a single virtual client system, which is running on an ESX server, need to be scanned daily by a scheduled scan. Which two features should be employed to minimize performance impact on the client during scanning of these files? (Select two.)
Virtual Image exceptions
Shared Insight Cache
Which Symantec Endpoint Protection 12.1 component improves performance because known good files are skipped?
Shared Insight Cache server
Immediately after installation, what does a managed client do to contact the Symantec Endpoint Protection Manager (SEPM)?
Initiate communication on port 8014.
Which authentication method must be used to provide the ability to reset forgotten passwords?
Symantec Management Server Authentication
Which notification action can be performed when a security-related condition is met?
Run a batch file or another executable file.
Which command line syntax invokes the Symantec Endpoint Protection Client Service to determine whether a more recent copy of the configuration file is available on the management server?
A company is deploying Symantec Endpoint Protection 12.1 and configuring remediation options within the Virus and Spyware Protection policy. They are considering enabling "Terminate processes automatically" within the remediation options. If this feature is enabled, which two characteristics will the user see when the client must terminate a process to remove or repair a risk? (Select two.)
When this option is enabled, the client automatically takes the necessary action without notifying users.
When a restart is required, the user is allowed to save data and close open applications or to opt out of the restart.
Which Symantec Endpoint Protection 12.1 defense mechanism provides protection against worms like W32. Silly.FDC, which propagate from system to system through the use of autorun.inf files?
Which two criteria can be used to determine hosts in a host group? (Select two.)
Which Symantec Endpoint Protection 12.1 component provides services to improve the performance of virtual client scanning?
Shared Insight Cache server
For replication, Symantec recommends that the number of sites be kept to five for optimum performance. What can be done to reduce the number of sites?
Add Group Update Providers for content distribution.
A company creates free web access computers for use in public areas, such as airports. The software provided on the computers will be static and the systems must be secure. What should be used to restrict unauthorized applications from running on these computers?
file fingerprint list and System Lockdown
All email Auto-Protect options are disabled, and an administrator receives an email from an associate with a . zip file attached. There are three files in the .zip file that are needed for the administrator's presentation the next day. What neither of them realize is that one of the files is infected with a virus. When will File System Auto-Protect detect this infected file?
when the email is closed
A Symantec Endpoint Protection Manager (SEPM) administrator is importing from an Active Directory environment. The administrator needs to know which object types are being imported. Which two object types are imported into the SEPM from Active Directory? (Select two.)
An administrator is in the process of recovering from a disaster and needs the keystore password to update the certificate on the Symantec Endpoint Protection Manager (SEPM). From which two locations can the administrator obtain this information? (Select two.)
disaster recovery file
What could be an adverse effect of activating aggressive mode on the SONAR policy?
Which Intrusion Prevention feature is updated automatically?
Generic Exploit Blocking
How can an administrator proactively obtain information about unknown devices on a network?
Create an Unmanaged Computer notification.
A company suffered catastrophic hardware failure on the Symantec Endpoint Protection Manager (SEPM). The administrator restores the hardware and the operating system with the required software (including SEPM). The administrator then runs the SEPM Database Back Up and Restore utility. What is the most important consideration?
Ensure that the SEPM service is set to Automatic and Stopped.
Which two actions can a user take during an in-progress scheduled scan? (Select two.)
A company is running the Symantec Endpoint Protection 12.1 firewall with the default policy. At the bottom of the ruleset, there is a rule called "Block all other IP traffic and log" which will block all IP traffic. A financial application is being blocked by this rule. What should be changed to allow the application without sacrificing security?
A new rule should be created.
A company is running the Symantec Endpoint Protection 12.1 firewall and wants to ensure that DNS traffic is allowed. Which feature should be enabled in the firewall policy?
A Symantec Endpoint Protection 12.1 (SEP) administrator is remotely deploying SEP clients, but the clients are failing to install on Windows XP. Which two could be preventing installation? (Select two.)
Clients are members of a Windows domain and have Windows firewall enabled.
Clients are members of a workgroup and simple file sharing is enabled.
An administrator needs to ensure that a specific network threat can be detected. The attack signatures for this threat may be found across multiple packets. What can the administrator do to ensure the best chance of detecting this threat?
Ensure that Symantec IPS signatures are updated.
A company selected Opera 10 as its corporate browser. Drive-by downloads are occurring and SONAR intercepts the resulting scripts. How should the company proceed to minimize the occurrence of drive-by downloads?
Use Internet Explorer or Firefox.
Some customers report that when they run the command "smc -stop" on their clients, they are unable to connect to network resources. What is wrong?
The security option "Block all traffic until the firewall starts and after the firewall stops" is enabled.
An administrator needs to exclude some servers from an Intrusion Prevention System (IPS) policy. When specifying an excluded host in an IPS policy, which two methods can be used? (Select two.)
In Symantec Endpoint Protection 12.1 Enterprise Edition (SEP), what happens when the Soft Enforcement license expires?
Content updates are allowed.
Which statement describes a difference between Virtual Image Exceptions (VIE) and Shared Insight Cache (SIC)?
VIE data is stored on the local system, whereas SIC data is placed in a shared location.
A Symantec Endpoint Protection 12.1 client is running a user-defined scan when a scheduled, administrator-defined scan is scheduled to launch. What is the effect on the client?
The administrator-defined scan will launch after the user-defined scan completes.
Which two are optional when replicating between Symantec Endpoint Protection Managers? (Select two.)
A large software company has a small engineering department that is remotely located over a slow WAN connection. Which method will deploy the Symantec Endpoint Protection 12.1 (SEP) clients to the remote site using the smallest amount of network bandwidth?
Deploy the SEP clients using basic content.
An administrator gets a browser certificate warning when accessing the Symantec Endpoint Protection Manager (SEPM) Web console. Where can the administrator obtain a self-signed certificate to prevent this warning from appearing?
SEPM Web Access
Which Symantec Endpoint Protection client component must be installed to enable Unmanaged Detector mode?
Network Threat Protection
A company with one site has a factory with computers in the manufacturing area. Both factory managers and operators need to log in to these shared computers. Different policies will be applied depending on whether the individual logging in to the machine is a manager or an operator. Which Symantec Endpoint Protection 12.1 feature provides this ability?
A company has three groups of clients: Laptops, Desktops, and Servers. Administrators must have the ability to perform manual scans for these clients from the Symantec Endpoint Protection Manager. In addition, the manual scans need to be customized according to the different clients, for example by customizing whether memory is scanned and which folder locations are scanned. How can the environment be configured to provide this ability while minimizing management overhead?
Configure a different Virus and Spyware Protection policy for each group with customized On- Demand scans.
Which port is used by default for replication between sites?
A client is unable to communicate with the Symantec Endpoint Protection Manager (SEPM) Server. The administrator decides to replace the Sylink.xml file on the client using the SylinkDrop tool. Which two additional tasks can be accomplished by replacing the Sylink.xml file? (Select two.)
Convert an unmanaged client to a managed client.
Migrate or move clients to a new domain or management server.
Which step must be completed to set up two sites to replicate?
Install a Symantec Endpoint Protection Manager Server and database as a replication partner.
In addition to performance improvements, which two benefits does Insight provide? (Select two.)
zero-day threat detection
false positive mitigation