ST0-093 - Symantec Data Loss Prevention 10.5 (STS)

Go back to Symantec

Example Questions

A Data Loss Prevention administrator needs to modify a policy to a Network Discover scan that has already started. For the remaining shares, files larger than 100 MB need to be ignored. How should this be accomplished? According to Symantec best practices, which Exclude filter contains more file types that can be excluded in early scans? A Data Loss Prevention administrator examines the results of a completed scan. Which information is available on a scan listing on the Discover Targets page? (Select two.) An organization needs to determine whether anyone other than the CEO is emailing PDF documents that contain the phrase "Revenue Operating Report". What is the most efficient way to write this policy? Where can a Data Loss Prevention administrator configure the throttling option for a DLP Agent? A policy template called Customer Credit Card Numbers is being imported into the system. What is the default result for the import of this policy template? Which detection method is used for fingerprinting and protecting unstructured data, such as merger and acquisition documents? Which two products are required for quarantining confidential files residing inappropriately on a public file share? (Select two.) Which action is available for use in Smart Response rules and Automated Response rules? What is the main benefit of installing and using the Symantec Management Platform for managing DLP Agents? Which feature is a key benefit of on-screen notification? Which component has an obfuscated (hidden) log? When manually installing the Symantec DLP Agent, how can the Data Loss Prevention administrator hide the agent from registering itself in the Windows control panel? How does a Data Loss Prevention administrator verify that a running Network Monitor Server is healthy? How is a policy applied to Network Discover scans? Where are FlexResponse actions invoked? Where should the Network Discover detection server be placed in a typical corporate network architecture? Why should an organization wait a few months before enabling auto notifications? (Select two.) Which detection server can block file transfer protocol (FTP) requests? Which two are valid Scanned Content filter types for the Discover File System target? (Select two.) Which feature should an incident responder use to begin to determine where an attachment has created other violations? Which Automated Response rule is specific to Endpoint Prevent? What is the function of the Remote Indexer? What should a Data Loss Prevention administrator do to stop a detection server? What are two examples of confidential data? (Select two.) What are two benefits that data loss prevention solutions provide? (Select two.) To which file system folder does PacketCapture write reconstructed SMTP messages? Which server encrypts the message when using a Modify SMTP Message response rule? What is the sequence of message processing for Network Monitor? An incident responder can see basic incident data, but is unable to view any specific details of the incident. What is the configuration for this role? When a policy is applied for detection, how are exceptions evaluated? How is the incident count for a new system managed in order to avoid overwhelming the incident response team? What is the primary function of Endpoint Prevent? What is commonly observed during the notification phase of risk reduction? How should reports be configured in the system for secure distribution? What is the correct syntax sequence when creating an IP filter for Network Monitor? If Endpoint Prevent and Endpoint Discover are competing for resources on an endpoint computer, how does the system resolve the conflict? What does Network Monitor use to identify network traffic going to a nonstandard port? Which plug-in can connect to Microsoft Active Directory (AD)? When should blocking of network transmissions and quarantining of exposed confidential files begin? Which roles configuration tab is used to set the custom attributes that a certain role can view or edit? Where can a list of disconnected DLP Agents be found? Which product can replace a confidential document residing on a share with a marker file explaining why the document was removed? A company has created an Exact Data Matching profile and referenced it in a policy to protect customer credit card information. What should be created to protect new customers and credit card numbers that have been added since the profile was created? What should be used to detect source code information for a customer concerned about securing their source code? Which situation can be monitored by both Network Monitor and Endpoint Prevent? Which two statements describe an effective data loss prevention (DLP) program? (Select two.) Which two components perform a scan of a workstation? (Select two.) Which two conditions can be specified when creating an incident access condition in a role? (Select two.) Which two can a detection server match on with a recipient matches pattern rule? (Select two.)