250-315 - Administration of Symantec Endpoint Protection 12.1
Go back to Symantec
Which two Symantec Endpoint Protection 12.1 (SEP) standalone tools are available for malware scanning and remediation? (Select two.)
Symantec Power Eraser
Symantec Endpoint Recovery Tool
A company has three groups of clients: Laptops, Desktops, and Servers. Administrators must have the ability to perform manual scans for these clients from the Symantec Endpoint Protection Manager. In addition, the manual scans need to be customized according to the different clients, for example by customizing whether memory is scanned and which folder locations are scanned. How can the environment be configured to provide this ability while minimizing management overhead?
Configure a different Virus and Spyware Protection policy for each group with customized On- Demand scans.
In addition to adding exceptions directly into an Exceptions policy, what is another method of adding exceptions?
adding the exception to a policy from the Application Control log
A company is running the Symantec Endpoint Protection 12.1 firewall with the default policy. At the bottom of the ruleset, there is a rule called "Block all other IP traffic and log" which will block all IP traffic. A financial application is being blocked by this rule. What should be changed to allow the application without sacrificing security?
A new rule should be created.
By default, the Client User Interface control is set to Server Control. Which two actions will the user who is logged in as a Windows administrator be able to perform? (Select two.)
Change Virus and Spyware Protection settings.
Disable Tamper Protection.
Which two are optional when replicating between Symantec Endpoint Protection Managers? (Select two.)
In which two situations would Symantec Endpoint Protection 12.1 (SEP) generate a Left Alone action? (Select two.)
The detected file is in use.
There are limited permissions to the file on the system.
Which Symantec Endpoint Protection 12.1 component provides services to improve the performance of virtual client scanning?
Shared Insight Cache server
In which client management log can an administrator identify when the client last connected to the Symantec Endpoint Protection Manager?
Which command line syntax invokes the Symantec Endpoint Protection Client Service to determine whether a more recent copy of the configuration file is available on the management server?
How can a Symantec Endpoint Protection 12.1 client on a Macintosh system get updates?
using a LiveUpdate server
A customer is downloading newly-created company files from an internal website and is being blocked by Download Insight based on reputation. How can the customer prevent this?
Enable the option to trust files downloaded from an intranet website in the Download Insight settings.
Which two actions can a user take during an in-progress scheduled scan? (Select two.)
A company wants to reduce or eliminate the HelpDesk calls they receive due to end users modifying, moving, or deleting configuration files. Which component of Symantec Endpoint Protection will allow the IT administrator to prevent users from altering configuration files?
How can an administrator manage multiple, independent companies from one database while maintaining independent groups, computers, and policies?
Set up separate domains.
Which Symantec Endpoint Protection 12.1 component provides single-sign-on to the Symantec Endpoint Protection Manager and other products, along with cross-product reporting?
Symantec Protection Center
A company is transitioning from using policies based on the individual that logs in to the client machine to policies based only on the client machine. Which Symantec Endpoint Protection 12.1 change will the organization need to perform?
Move from User mode to Computer mode.
An administrator needs to check when and by which account a policy was modified. Which log query should the administrator use?
Which Intrusion Prevention feature is updated automatically?
Generic Exploit Blocking
A company suffered a catastrophic hardware failure on the Symantec Endpoint Protection Manager (SEPM) which was using a remote Microsoft SQL Server. The administrator has all required backups. The administrator restores the hardware and the operating system with the required software (including SEPM). What is the next step in the recovery procedure?
Customize the SEPM configuration using the recovery file.
An administrator is in the process of recovering from a disaster and needs the keystore password to update the certificate on the Symantec Endpoint Protection Manager (SEPM). From which two locations can the administrator obtain this information? (Select two.)
disaster recovery file
Which type of email does Internet Email Auto-Protect support?
SMTP based email
An administrator set the remediation options for Security Risks to the defaults (Quarantine, then Delete). However, the security team is the only team authorized to have Hack Tools on their systems. Which two steps must the administrator complete to accomplish this? (Select two.)
Create a specific group for Security Team.
Assign a Virus and Spyware Protection policy with customized remediation options set.
Which statement describes a difference between Virtual Image Exceptions (VIE) and Shared Insight Cache (SIC)?
VIE data is stored on the local system, whereas SIC data is placed in a shared location.
A LiveUpdate policy allows for configuring single Group Update Providers (GUPs) or multiple GUPs from a list. What is a limitation when using multiple GUPs?
They can only communicate with clients in the same local subnet.
A Symantec Endpoint Protection 12.1 (SEP) administrator discovers that a firewall is blocking Windows file sharing. Which method can bypass the firewall and allow the SEP clients to be installed with a minimum amount of effort?
Web Link and Email
All email Auto-Protect options are disabled, and an administrator receives an email from an associate with a .zip file attached. There are three files in the .zip file that are needed for the administrator's presentation the next day. What neither of them realize is that one of the files is infected with a 64 virus. When will File System Auto-Protect detect this infected file?
when the email is closed
In addition to performance improvements, which two benefits does Insight provide? (Select two.)
zero-day threat detection
false positive mitigation
Immediately after installation, what does a managed client do to contact the Symantec Endpoint Protection Manager (SEPM)?
Initiate communication on port 8014.
What could be an adverse effect of activating aggressive mode on the SONAR policy?
A company has deployed Symantec Endpoint Protection 12.1 in their corporate environment using a multi-site design. If an administrator makes policy changes in the United States site, when will the changes appear in the European site?
after the next replication interval
How does the Intrusion Prevention System add an additional layer of protection to Network Threat Protection?
It performs deep packet inspection, reading the packet headers, and data portion.
Acrobat Reader is being targeted by a threat using process injection. Which feature of SONAR is sandboxing Acroread32.exe so that the threat is prevented from dropping its payload?
Suspicious Behavior Detection
A Symantec Endpoint Protection 12.1 client is running a user-defined scan when a scheduled, administrator-defined scan is scheduled to launch. What is the effect on the client?
The administrator-defined scan will launch after the user-defined scan completes.
An exception needs to be created for a file named "RunMe.exe" in a user's Windows 7 "My Documents" folder. The user's login name is Bob. Which method should be used?
Create a file exception for "C:\Users\Bob\My Documents\RunMe.exe".
What are two responsibilities associated with the Limited Administrator account type in Symantec Endpoint Protection Manager? (Select two.)
create location specific policies
remotely run commands on client computers
An administrator wants to make sure users are warned when they decide to download potentially malicious files. Which option should the administrator configure?
the Notifications tab under Download Insight settings
Which technology does the Symantec Endpoint Protection Firewall use?
application gateway proxy
An administrator has defined a rule to allow traffic to and from a specific server by its Fully Qualified Domain Name (FQDN), because the server's IP address varies based on the office in which a client is located. The administrator attempts to verify the rule and finds that the traffic is being blocked. The logs list the IP address of the server instead of its FQDN. What does the administrator need to do within the firewall policy to allow the rule to work correctly?
Enable reverse DNS lookup.
According to Symantec best practices, which two tasks should be completed after creating file fingerprint lists, but prior to enabling System Lockdown? (Select two.)
Add any approved applications.
Log unapproved applications. D. Run the checksum.exe command on the clients.
An administrator created a Symantec Endpoint Protection 12.1 (SEP) installation package without specifying the group to which the SEP clients should belong. What will happen when the administrator tries to install a SEP client using the installation package?
The SEP client will be installed into a default group.
A company recently purchased the Symantec Endpoint Protection 12.1 (SEP) product. It has two datacenters and wants to configure SEP for high availability, so that if one datacenter goes down, the SEP clients can smoothly fail over to the other datacenter. What should be done to allow SEP clients to fail over from one datacenter to the next?
Install a Symantec Endpoint Protection Manager at each datacenter and configure replication.
A Symantec Endpoint Protection 12.1 group has two defined locations based on whether clients are attached to the local network or are remote. The local network location has an administrator- defined scan scheduled to begin each Monday at 09:00. The remote location has an administrator- defined scan scheduled to begin each Wednesday night at 21:00. All systems are used daily and remain powered on all night. Some users in the group have laptops, while the other users have standard desktops. Assuming the laptops are taken home and used each night, what is the effect?
The laptops will run scans both the Monday and Wednesday, while the desktops will run scans only on Monday.
An administrator enables the "Learn applications that run on the client computers" setting for a group of clients. Later, when using the Search for Applications function, the administrator is unable to find results. What is the cause of the problem?
Application learning is disabled under communication settings at the site level.
A company with one site has a factory with computers in the manufacturing area. Both factory managers and operators need to log in to these shared computers. Different policies will be applied depending on whether the individual logging in to the machine is a manager or an operator. Which Symantec Endpoint Protection 12.1 feature provides this ability?
Which operation can be performed using the Database Back Up and Restore utility found in the Windows Start menu?
on-demand backup of the database
When the Symantec Endpoint Protection 12.1 client firewall defends against a MAC spoof attack, what does it drop?
An administrator needs to customize the Application and Device Control policy to exclude all USB devices except for a specific, company-issued USB thumb drive. Which function or program, provided with the Symantec Endpoint Protection 12.1 software, should the administrator use to customize the environment?
A large enterprise plans to deploy Symantec Endpoint Protection 12.1 (SEP) on 36,000 virtual endpoints distributed across 1,800 VMware ESX servers in a single datacenter. A system administrator needs to optimize endpoint scanning 58 performance by enabling Shared Insight Cache (SIC) server functionality. Which two configuration changes should the administrator make to minimize the number of SIC servers that need to be deployed? (Select two.)
Enable scanning randomization across all SEP endpoints.
Enable virtual image exceptions across all SEP endpoints.
An administrator wants to ensure that all clients consider the content from the website www.symantec.com as safe. Where can the administrator configure this?