250-315 - Administration of Symantec Endpoint Protection 12.1

Go back to Symantec

Example Questions

Which two Symantec Endpoint Protection 12.1 (SEP) standalone tools are available for malware scanning and remediation? (Select two.) A company has three groups of clients: Laptops, Desktops, and Servers. Administrators must have the ability to perform manual scans for these clients from the Symantec Endpoint Protection Manager. In addition, the manual scans need to be customized according to the different clients, for example by customizing whether memory is scanned and which folder locations are scanned. How can the environment be configured to provide this ability while minimizing management overhead? In addition to adding exceptions directly into an Exceptions policy, what is another method of adding exceptions? A company is running the Symantec Endpoint Protection 12.1 firewall with the default policy. At the bottom of the ruleset, there is a rule called "Block all other IP traffic and log" which will block all IP traffic. A financial application is being blocked by this rule. What should be changed to allow the application without sacrificing security? By default, the Client User Interface control is set to Server Control. Which two actions will the user who is logged in as a Windows administrator be able to perform? (Select two.) Which two are optional when replicating between Symantec Endpoint Protection Managers? (Select two.) In which two situations would Symantec Endpoint Protection 12.1 (SEP) generate a Left Alone action? (Select two.) Which Symantec Endpoint Protection 12.1 component provides services to improve the performance of virtual client scanning? In which client management log can an administrator identify when the client last connected to the Symantec Endpoint Protection Manager? Which command line syntax invokes the Symantec Endpoint Protection Client Service to determine whether a more recent copy of the configuration file is available on the management server? How can a Symantec Endpoint Protection 12.1 client on a Macintosh system get updates? A customer is downloading newly-created company files from an internal website and is being blocked by Download Insight based on reputation. How can the customer prevent this? Which two actions can a user take during an in-progress scheduled scan? (Select two.) A company wants to reduce or eliminate the HelpDesk calls they receive due to end users modifying, moving, or deleting configuration files. Which component of Symantec Endpoint Protection will allow the IT administrator to prevent users from altering configuration files? How can an administrator manage multiple, independent companies from one database while maintaining independent groups, computers, and policies? Which Symantec Endpoint Protection 12.1 component provides single-sign-on to the Symantec Endpoint Protection Manager and other products, along with cross-product reporting? A company is transitioning from using policies based on the individual that logs in to the client machine to policies based only on the client machine. Which Symantec Endpoint Protection 12.1 change will the organization need to perform? An administrator needs to check when and by which account a policy was modified. Which log query should the administrator use? Which Intrusion Prevention feature is updated automatically? A company suffered a catastrophic hardware failure on the Symantec Endpoint Protection Manager (SEPM) which was using a remote Microsoft SQL Server. The administrator has all required backups. The administrator restores the hardware and the operating system with the required software (including SEPM). What is the next step in the recovery procedure? An administrator is in the process of recovering from a disaster and needs the keystore password to update the certificate on the Symantec Endpoint Protection Manager (SEPM). From which two locations can the administrator obtain this information? (Select two.) Which type of email does Internet Email Auto-Protect support? An administrator set the remediation options for Security Risks to the defaults (Quarantine, then Delete). However, the security team is the only team authorized to have Hack Tools on their systems. Which two steps must the administrator complete to accomplish this? (Select two.) Which statement describes a difference between Virtual Image Exceptions (VIE) and Shared Insight Cache (SIC)? A LiveUpdate policy allows for configuring single Group Update Providers (GUPs) or multiple GUPs from a list. What is a limitation when using multiple GUPs? A Symantec Endpoint Protection 12.1 (SEP) administrator discovers that a firewall is blocking Windows file sharing. Which method can bypass the firewall and allow the SEP clients to be installed with a minimum amount of effort? All email Auto-Protect options are disabled, and an administrator receives an email from an associate with a .zip file attached. There are three files in the .zip file that are needed for the administrator's presentation the next day. What neither of them realize is that one of the files is infected with a 64 virus. When will File System Auto-Protect detect this infected file? In addition to performance improvements, which two benefits does Insight provide? (Select two.) Immediately after installation, what does a managed client do to contact the Symantec Endpoint Protection Manager (SEPM)? What could be an adverse effect of activating aggressive mode on the SONAR policy? A company has deployed Symantec Endpoint Protection 12.1 in their corporate environment using a multi-site design. If an administrator makes policy changes in the United States site, when will the changes appear in the European site? How does the Intrusion Prevention System add an additional layer of protection to Network Threat Protection? Acrobat Reader is being targeted by a threat using process injection. Which feature of SONAR is sandboxing Acroread32.exe so that the threat is prevented from dropping its payload? A Symantec Endpoint Protection 12.1 client is running a user-defined scan when a scheduled, administrator-defined scan is scheduled to launch. What is the effect on the client? An exception needs to be created for a file named "RunMe.exe" in a user's Windows 7 "My Documents" folder. The user's login name is Bob. Which method should be used? What are two responsibilities associated with the Limited Administrator account type in Symantec Endpoint Protection Manager? (Select two.) An administrator wants to make sure users are warned when they decide to download potentially malicious files. Which option should the administrator configure? Which technology does the Symantec Endpoint Protection Firewall use? An administrator has defined a rule to allow traffic to and from a specific server by its Fully Qualified Domain Name (FQDN), because the server's IP address varies based on the office in which a client is located. The administrator attempts to verify the rule and finds that the traffic is being blocked. The logs list the IP address of the server instead of its FQDN. What does the administrator need to do within the firewall policy to allow the rule to work correctly? According to Symantec best practices, which two tasks should be completed after creating file fingerprint lists, but prior to enabling System Lockdown? (Select two.) An administrator created a Symantec Endpoint Protection 12.1 (SEP) installation package without specifying the group to which the SEP clients should belong. What will happen when the administrator tries to install a SEP client using the installation package? A company recently purchased the Symantec Endpoint Protection 12.1 (SEP) product. It has two datacenters and wants to configure SEP for high availability, so that if one datacenter goes down, the SEP clients can smoothly fail over to the other datacenter. What should be done to allow SEP clients to fail over from one datacenter to the next? A Symantec Endpoint Protection 12.1 group has two defined locations based on whether clients are attached to the local network or are remote. The local network location has an administrator- defined scan scheduled to begin each Monday at 09:00. The remote location has an administrator- defined scan scheduled to begin each Wednesday night at 21:00. All systems are used daily and remain powered on all night. Some users in the group have laptops, while the other users have standard desktops. Assuming the laptops are taken home and used each night, what is the effect? An administrator enables the "Learn applications that run on the client computers" setting for a group of clients. Later, when using the Search for Applications function, the administrator is unable to find results. What is the cause of the problem? A company with one site has a factory with computers in the manufacturing area. Both factory managers and operators need to log in to these shared computers. Different policies will be applied depending on whether the individual logging in to the machine is a manager or an operator. Which Symantec Endpoint Protection 12.1 feature provides this ability? Which operation can be performed using the Database Back Up and Restore utility found in the Windows Start menu? When the Symantec Endpoint Protection 12.1 client firewall defends against a MAC spoof attack, what does it drop? An administrator needs to customize the Application and Device Control policy to exclude all USB devices except for a specific, company-issued USB thumb drive. Which function or program, provided with the Symantec Endpoint Protection 12.1 software, should the administrator use to customize the environment? A large enterprise plans to deploy Symantec Endpoint Protection 12.1 (SEP) on 36,000 virtual endpoints distributed across 1,800 VMware ESX servers in a single datacenter. A system administrator needs to optimize endpoint scanning 58 performance by enabling Shared Insight Cache (SIC) server functionality. Which two configuration changes should the administrator make to minimize the number of SIC servers that need to be deployed? (Select two.) An administrator wants to ensure that all clients consider the content from the website www.symantec.com as safe. Where can the administrator configure this?