ST0-134 - Symantec EndPoint Protection 12.1 Tcehnical Assessment
Go back to Symantec
An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP) deployment. The administrator needs to determine whether replication is viable without needing to make network firewall changes or change defaults in SEP. Which port should the administrator verify is open on the path of communication between the two proposed sites?
Which type of email does Internet Email Auto-Protect support?
SMTP based email
An administrator wants to make sure users are warned when they decide to download potentially malicious files. Which option should the administrator configure?
the Notifications tab under Download Insight settings
A company recently purchased the Symantec Endpoint Protection 12.1 (SEP) product. It has two datacenters and wants to configure SEP for high availability, so that if one datacenter goes down, the SEP clients can smoothly fail over to the other datacenter. What should be done to allow SEP clients to fail over from one datacenter to the next?
Install a Symantec Endpoint Protection Manager at each datacenter and configure replication.
An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear. What is the likely problem?
The Learn applications that run on the client computers setting is disabled.
Which Symantec Endpoint Protection Management (SEPM) database option is the default for deployments of fewer than 1,000 clients?
Embedded: Using the Sybase SQL Anywhere database that comes with the product
Which two should be considered when enabling Application Learning in an environment? (Select two.)
Application Learning should be deployed on a small group of systems in the enterprise.
Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.
A company is experiencing a malware outbreak. The company deploys Symantec Endpoint Protection 12.1, with only Virus and Spyware Protection, Application and Device Control, and Intrusion Prevention technologies. Why would Intrusion Prevention be unable to block all communications from an attacking host?
Intrusion Prevention needs the firewall component to block all traffic from the attacking host.
A Symantec Endpoint Protection 12.1 administrator has the Virus and Spyware Protection policy configured with Auto-Protect enabled. The administrator is confronted with computer performance issues. Which two options can the administrator use to improve performance? (Select two.)
Enable the option to Trust Files on Remote Computers Running Auto-Protect.
Enable the option of Network Cache.
Which technology uses heuristics to scan outbound email?
Internet Email Auto-Protect
Which two can be used when defining location switching criteria for the Symantec Endpoint Protection 12.1 client? (Select two.)
An administrator needs to learn the applications running on a computer. Which step should the administrator take to configure functionality?
enable application tracking under communication settings at the site level
A company is setting up a new environment with three Symantec Endpoint Protection Managers (SEPM) and wants to set one SEPM to act as the primary reporting server. Where in the SEPM should the administrator configure the priority reporting server to be used for running scheduled reports and notifications?
Local Site properties
Which Symantec Endpoint Protection client component must be installed to enable Unmanaged Detector mode?
Network Threat Protection
In which client management log can an administrator identify when the client last connected to the Symantec Endpoint Protection Manager?
Which Symantec Endpoint Protection 12.1 defense mechanism provides protection against worms like W32.Silly.FDC, which propagate from system to system through the use of autorun.inf files?
What is the likely impact of increasing the Download Insight sensitivity?
It would allow only files that trend toward a good reputation and increases false positives.
An administrator has defined a rule to allow traffic to and from a specific server by its Fully Qualified Domain Name (FQDN), because the server's IP address varies based on the office in which a client is located. The administrator attempts to verify the rule and finds that the traffic is being blocked. The logs list the IP address of the server instead of its FQDN. What does the administrator need to do within the firewall policy to allow the rule to work correctly?
Enable reverses DNS lookup.
A LiveUpdate policy allows for configuring single Group Update Providers (GUPs) or multiple GUPs from a list. What is a limitation when using multiple GUPs?
They can only communicate with clients in the same local subnet.
Drive-by downloads are a common vector of infections. Some of these attacks use encryption to bypass traditional defense mechanisms. Which Symantec Endpoint Protection 12.1 protection technology blocks such obfuscated attacks?
Browser Intrusion Prevention
Which two items are stored in the Symantec Endpoint Protection database? (Select two.)
Device Hardware IDs
Symantec Endpoint Protection Client for Macintosh
Company A acquires Company B. Company B has 200 employees. Multiple firewall rules, based on collections of client addresses, are required to allow the new employees access to Company A's resources and permissions to use approved network applications. Which feature should be used to minimize the amount of time needed to create rules for these new clients?
In addition to adding exceptions directly into an Exceptions policy, what is another method of adding exceptions?
adding the exception to a policy from the Application Control log
In Symantec Endpoint Protection 12.1 Enterprise Edition (SEP), what happens when the Soft Enforcement license expires?
Content updates are allowed.
According to Symantec, what is a botnet?
groups of systems performing remote tasks without the users' knowledge
An administrator notices that the Symantec Endpoint Protection Manager (SEPM) embedded database is growing large and is taking longer to back up than desired. How can backup performance of the database be improved?
Reduce the number of log entries under Log Settings.
Which two are policy types within the Symantec Endpoint Protection Manager? (Select two.)
A user added a daily 10:00 scheduled scan to their Symantec Endpoint Protection 12.1 client. After reviewing the logs, the user confirms that the scan failed to start at 10:00. Why did the scan fail to start?
"Delay scheduled scans when running on battery" was enabled.
What is a valid Symantec Endpoint Protection (SEP) single site design?
multiple MySQL databases
An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies. Which two actions occur when a virus is detected? (Select two.)
store in Quarantine folder
encrypt the file
Which two Symantec Endpoint Protection components are used to distribute content updates? (Select two.)
Group Update Provider (GUP)
Symantec Endpoint Protection Manager
An administrator configures the scan duration for a scheduled scan.? The scan fails to complete in the specified time period. When will the next schedule scan occur on the computer?
at the next scheduled scan period
An organization employs laptop users who travel frequently. The organization needs to acquire log data from these Symantec Endpoint Protection clients periodically. This must happen without the use of a VPN. Internet routable traffic should be allowed to and from which component?
Symantec Endpoint Protection Manager (SEPM)
An administrator gets a browser certificate warning when accessing the Symantec Endpoint Protection Manager (SEPM) Web console. Where can the administrator obtain a self-signed certificate to prevent this warning from appearing?
SEPM Web Access
Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?
Virus and Spyware Protection Policy
Which Symantec Endpoint Protection 12.1 feature allows an administrator to prevent users from downloading files that are unsafe?
An administrator needs to ensure that a specific network threat can be detected. The attack signatures for this threat may be found across multiple packets. What can the administrator do to ensure the best chance of detecting this threat?
Ensure that Symantec IPS signatures are updated.
A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country. Which deployment method should the company use to notify its sales staff to install the client?
Client Deployment Wizard
In addition to performance improvements, which two benefits does Insight provide? (Select two.)
zero-day threat detection
false positive mitigation
A company needs to prevent users from modifying files in a specific program folder that is on all client machines. What needs to be configured?
an application rule set in the Application and Device Control policy
A company has a firewall policy with a rule that allows all applications on all ports. An administrator needs to modify the policy so that it allows Internet Explorer to communicate to any website, but only on port 80 and 443. In addition, the company only wants this modification to affect traffic from Internet Explorer. The administrator created a new rule at the top of the ruleset that allows Internet Explorer on port 80 and 443. Which step should the administrator take next?
Create a new rule above the Allow All Applications rule to block Internet Explorer.
A company is concerned that its clients may be out-of-date and it wants to ensure that all running applications are protected with Symantec's latest definitions, even if they are unavailable on the Symantec Endpoint Protection 12.1 (SEP) client. How could the company configure SEP to achieve this goal?
Enable Insight Lookup as part of a daily scheduled scan.
Which two items should an administrator enter?in the License Activation Wizard to activate a license? (Select two.)
Symantec License file
Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade as a Symantec Best Practice?
Where are directory servers added before importing Organizational Units (OU) or adding administrators to the Symantec Endpoint Protection Manager?
Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?
According to Symantec best practices, which two tasks should be completed after creating file fingerprint lists, but prior to enabling System Lockdown? (Select two.)
Add any approved applications.
Log unapproved applications. D. Run the checksum.exe command on the clients.
A company has deployed Symantec Endpoint Protection 12.1 in their corporate environment using a multi-site design. If an administrator makes policy changes in the United States site, when will the changes appear in the European site?
after the next replication interval
A large software company has a small engineering department that is remotely located over a slow WAN connection. Which method will deploy the Symantec Endpoint Protection 12.1 (SEP) clients to the remote site using the smallest amount of network bandwidth?
Deploy the SEP clients using basic content.
A company is currently testing Symantec Endpoint Protection 12.1 on 100 clients. The company has decided to deploy SEP to an additional 20,000 clients. They are concerned about the number of clients supported on a single Symantec Endpoint Protection Manager (SEPM). What should the company do to ensure that the SEPM can support the clients?
Configure the clients for Pull mode.