ST0-093 - Symantec Data Loss Prevention 10.5 (STS)
Go back to Symantec
A Data Loss Prevention administrator needs to modify a policy to a Network Discover scan that has already started. For the remaining shares, files larger than 100 MB need to be ignored. How should this be accomplished?
pause the scan, edit the policy, and start the scan
According to Symantec best practices, which Exclude filter contains more file types that can be excluded in early scans?
*.mp3, *.dat, *.dll
A Data Loss Prevention administrator examines the results of a completed scan. Which information is available on a scan listing on the Discover Targets page? (Select two.)
elapsed time and total time for each scan
An organization needs to determine whether anyone other than the CEO is emailing PDF documents that contain the phrase "Revenue Operating Report". What is the most efficient way to write this policy?
one rule with two conditions and one exception rule
Where can a Data Loss Prevention administrator configure the throttling option for a DLP Agent?
Agent Configuration section
A policy template called Customer Credit Card Numbers is being imported into the system. What is the default result for the import of this policy template?
The policy template will be listed under Imported Templates.
Which detection method is used for fingerprinting and protecting unstructured data, such as merger and acquisition documents?
Indexed Document Matching (IDM)
Which two products are required for quarantining confidential files residing inappropriately on a public file share? (Select two.)
Which action is available for use in Smart Response rules and Automated Response rules?
log to asyslog server
What is the main benefit of installing and using the Symantec Management Platform for managing DLP Agents?
the ability to easily manage agents remotely
Which feature is a key benefit of on-screen notification?
notifies the user that the Endpoint Agent is active
Which component has an obfuscated (hidden) log?
When manually installing the Symantec DLP Agent, how can the Data Loss Prevention administrator hide the agent from registering itself in the Windows control panel?
add ARPSYSTEMCOMPONENT="1" to the installer batch file
How does a Data Loss Prevention administrator verify that a running Network Monitor Server is healthy?
by checking Incident Queue and Message Wait Time on the System Overview page
How is a policy applied to Network Discover scans?
by assigning policy groups to the scan target
Where are FlexResponse actions invoked?
within a Smart Response only
Where should the Network Discover detection server be placed in a typical corporate network architecture?
inside the corporate network
Why should an organization wait a few months before enabling auto notifications? (Select two.)
The SMTP server is configured in later phases of risk reduction.
It will take that long to gather email addresses for employees.
Which detection server can block file transfer protocol (FTP) requests?
Web Prevent Server
Which two are valid Scanned Content filter types for the Discover File System target? (Select two.)
File Size filter
Which feature should an incident responder use to begin to determine where an attachment has created other violations?
Which Automated Response rule is specific to Endpoint Prevent?
What is the function of the Remote Indexer?
to create Exact Data Matching (EDM) profiles on a remote server
What should a Data Loss Prevention administrator do to stop a detection server?
access the Server Detail page and select Stop
What are two examples of confidential data? (Select two.)
employee health information
What are two benefits that data loss prevention solutions provide? (Select two.)
identifies who has access to sensitive data
indicates where sensitive data is being sent
To which file system folder does PacketCapture write reconstructed SMTP messages?
Which server encrypts the message when using a Modify SMTP Message response rule?
What is the sequence of message processing for Network Monitor?
Packet Capture -> File Reader -> Detection -> Incident Writer
An incident responder can see basic incident data, but is unable to view any specific details of the incident. What is the configuration for this role?
The View option is selected, and all display attributes are deselected.
When a policy is applied for detection, how are exceptions evaluated?
exceptions then detection rules
How is the incident count for a new system managed in order to avoid overwhelming the incident response team?
Match count thresholds are set.
What is the primary function of Endpoint Prevent?
encrypts confidential data being sent over the network or copied to removable media
What is commonly observed during the notification phase of risk reduction?
a significant drop in incident volume
How should reports be configured in the system for secure distribution?
What is the correct syntax sequence when creating an IP filter for Network Monitor?
+/-, destination, source
If Endpoint Prevent and Endpoint Discover are competing for resources on an endpoint computer, how does the system resolve the conflict?
Endpoint Discoverpauses any scans if resources are needed.
What does Network Monitor use to identify network traffic going to a nonstandard port?
Which plug-in can connect to Microsoft Active Directory (AD)?
Live LDAP Lookup
When should blocking of network transmissions and quarantining of exposed confidential files begin?
after policies have been tuned for several months
Which roles configuration tab is used to set the custom attributes that a certain role can view or edit?
Where can a list of disconnected DLP Agents be found?
Which product can replace a confidential document residing on a share with a marker file explaining why the document was removed?
A company has created an Exact Data Matching profile and referenced it in a policy to protect customer credit card information. What should be created to protect new customers and credit card numbers that have been added since the profile was created?
a separate detection rule that uses a data identifier
What should be used to detect source code information for a customer concerned about securing their source code?
Index Document Matching (IDM)
Which situation can be monitored by both Network Monitor and Endpoint Prevent?
An employee uses a Chrome 2 browser to post confidential data to a newsgroup via http.
Which two statements describe an effective data loss prevention (DLP) program? (Select two.)
Employee education is important.
Business stakeholders are held accountable for risk reduction.
Which two components perform a scan of a workstation? (Select two.)
Which two conditions can be specified when creating an incident access condition in a role? (Select two.)
a custom attribute
Which two can a detection server match on with a recipient matches pattern rule? (Select two.)
IP address of a Web server
webmail server URL