ST0-134 - Symantec EndPoint Protection 12.1 Tcehnical Assessment

Go back to Symantec

Example Questions

An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP) deployment. The administrator needs to determine whether replication is viable without needing to make network firewall changes or change defaults in SEP. Which port should the administrator verify is open on the path of communication between the two proposed sites? Which type of email does Internet Email Auto-Protect support? An administrator wants to make sure users are warned when they decide to download potentially malicious files. Which option should the administrator configure? A company recently purchased the Symantec Endpoint Protection 12.1 (SEP) product. It has two datacenters and wants to configure SEP for high availability, so that if one datacenter goes down, the SEP clients can smoothly fail over to the other datacenter. What should be done to allow SEP clients to fail over from one datacenter to the next? An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear. What is the likely problem? Which Symantec Endpoint Protection Management (SEPM) database option is the default for deployments of fewer than 1,000 clients? Which two should be considered when enabling Application Learning in an environment? (Select two.) A company is experiencing a malware outbreak. The company deploys Symantec Endpoint Protection 12.1, with only Virus and Spyware Protection, Application and Device Control, and Intrusion Prevention technologies. Why would Intrusion Prevention be unable to block all communications from an attacking host? A Symantec Endpoint Protection 12.1 administrator has the Virus and Spyware Protection policy configured with Auto-Protect enabled. The administrator is confronted with computer performance issues. Which two options can the administrator use to improve performance? (Select two.) Which technology uses heuristics to scan outbound email? Which two can be used when defining location switching criteria for the Symantec Endpoint Protection 12.1 client? (Select two.) An administrator needs to learn the applications running on a computer. Which step should the administrator take to configure functionality? A company is setting up a new environment with three Symantec Endpoint Protection Managers (SEPM) and wants to set one SEPM to act as the primary reporting server. Where in the SEPM should the administrator configure the priority reporting server to be used for running scheduled reports and notifications? Which Symantec Endpoint Protection client component must be installed to enable Unmanaged Detector mode? In which client management log can an administrator identify when the client last connected to the Symantec Endpoint Protection Manager? Which Symantec Endpoint Protection 12.1 defense mechanism provides protection against worms like W32.Silly.FDC, which propagate from system to system through the use of autorun.inf files? What is the likely impact of increasing the Download Insight sensitivity? An administrator has defined a rule to allow traffic to and from a specific server by its Fully Qualified Domain Name (FQDN), because the server's IP address varies based on the office in which a client is located. The administrator attempts to verify the rule and finds that the traffic is being blocked. The logs list the IP address of the server instead of its FQDN. What does the administrator need to do within the firewall policy to allow the rule to work correctly? A LiveUpdate policy allows for configuring single Group Update Providers (GUPs) or multiple GUPs from a list. What is a limitation when using multiple GUPs? Drive-by downloads are a common vector of infections. Some of these attacks use encryption to bypass traditional defense mechanisms. Which Symantec Endpoint Protection 12.1 protection technology blocks such obfuscated attacks? Which two items are stored in the Symantec Endpoint Protection database? (Select two.) Company A acquires Company B. Company B has 200 employees. Multiple firewall rules, based on collections of client addresses, are required to allow the new employees access to Company A's resources and permissions to use approved network applications. Which feature should be used to minimize the amount of time needed to create rules for these new clients? In addition to adding exceptions directly into an Exceptions policy, what is another method of adding exceptions? In Symantec Endpoint Protection 12.1 Enterprise Edition (SEP), what happens when the Soft Enforcement license expires? According to Symantec, what is a botnet? An administrator notices that the Symantec Endpoint Protection Manager (SEPM) embedded database is growing large and is taking longer to back up than desired. How can backup performance of the database be improved? Which two are policy types within the Symantec Endpoint Protection Manager? (Select two.) A user added a daily 10:00 scheduled scan to their Symantec Endpoint Protection 12.1 client. After reviewing the logs, the user confirms that the scan failed to start at 10:00. Why did the scan fail to start? What is a valid Symantec Endpoint Protection (SEP) single site design? An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies. Which two actions occur when a virus is detected? (Select two.) Which two Symantec Endpoint Protection components are used to distribute content updates? (Select two.) An administrator configures the scan duration for a scheduled scan.? The scan fails to complete in the specified time period. When will the next schedule scan occur on the computer? An organization employs laptop users who travel frequently. The organization needs to acquire log data from these Symantec Endpoint Protection clients periodically. This must happen without the use of a VPN. Internet routable traffic should be allowed to and from which component? An administrator gets a browser certificate warning when accessing the Symantec Endpoint Protection Manager (SEPM) Web console. Where can the administrator obtain a self-signed certificate to prevent this warning from appearing? Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality? Which Symantec Endpoint Protection 12.1 feature allows an administrator to prevent users from downloading files that are unsafe? An administrator needs to ensure that a specific network threat can be detected. The attack signatures for this threat may be found across multiple packets. What can the administrator do to ensure the best chance of detecting this threat? A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country. Which deployment method should the company use to notify its sales staff to install the client? In addition to performance improvements, which two benefits does Insight provide? (Select two.) A company needs to prevent users from modifying files in a specific program folder that is on all client machines. What needs to be configured? A company has a firewall policy with a rule that allows all applications on all ports. An administrator needs to modify the policy so that it allows Internet Explorer to communicate to any website, but only on port 80 and 443. In addition, the company only wants this modification to affect traffic from Internet Explorer. The administrator created a new rule at the top of the ruleset that allows Internet Explorer on port 80 and 443. Which step should the administrator take next? A company is concerned that its clients may be out-of-date and it wants to ensure that all running applications are protected with Symantec's latest definitions, even if they are unavailable on the Symantec Endpoint Protection 12.1 (SEP) client. How could the company configure SEP to achieve this goal? Which two items should an administrator enter?in the License Activation Wizard to activate a license? (Select two.) Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade as a Symantec Best Practice? Where are directory servers added before importing Organizational Units (OU) or adding administrators to the Symantec Endpoint Protection Manager? Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine? According to Symantec best practices, which two tasks should be completed after creating file fingerprint lists, but prior to enabling System Lockdown? (Select two.) A company has deployed Symantec Endpoint Protection 12.1 in their corporate environment using a multi-site design. If an administrator makes policy changes in the United States site, when will the changes appear in the European site? A large software company has a small engineering department that is remotely located over a slow WAN connection. Which method will deploy the Symantec Endpoint Protection 12.1 (SEP) clients to the remote site using the smallest amount of network bandwidth? A company is currently testing Symantec Endpoint Protection 12.1 on 100 clients. The company has decided to deploy SEP to an additional 20,000 clients. They are concerned about the number of clients supported on a single Symantec Endpoint Protection Manager (SEPM). What should the company do to ensure that the SEPM can support the clients?