ST0-135 - Symantec Network Access Control 12.1 Technical Assessment

Go back to Symantec

Example Questions

How can devices, such as printers or IP telephones, be excluded from being blocked by the Symantec Network Access Control Integrated Enforcer? On which product can Symantec Network Access Control functionality be enabled? Which command parameter provides a valid method for establishing the shared secret between the Enforcer appliance and the Symantec Endpoint Protection Manager? An organization's security policy permits senior management members to defer Host Integrity remediation for up to four hours after logging in. Which two tasks should the administrator perform to ensure complete compliance with the security requirement? (Select two.) Which two enforcement modes can be configured on the Symantec 6100 appliance? (Select two.) Which policy type does Symantec Network Access Control client use? In addition to 802.1x Port Based Access Control, what is required from the switch configuration when creating a Quarantine VLAN environment for LAN Enforcement? How does a LAN Enforcer allow devices, such as IP phones, without a 802.1X supplicant running? Which two features are available only when multiple Symantec Network Access Control Managers are deployed? (Choose two.) An administrator has upgraded a Symantec Endpoint Protection Manager to include Symantec Network Access Control. How should the administrator deploy compliance checking to existing Symantec Endpoint Protection clients? Which two command line entries will register an Enforcer with the Symantec Endpoint Protection Manager? (Select two.) Which two methods are recommended by Symantec for backing up an embedded database? (Select two.) Which two are characteristics of the Gateway Enforcer? (Select two.) Which type of firewall is in Symantec Network Access Control? Which method can be used to upgrade a Symantec Endpoint Protection Manager to include Symantec Network Access Control functionality? An organization wants to block endpoints at the network ingress from communicating with internal resources unless an antivirus application and a firewall application are running. The organization will also offer a download location for Symantec Endpoint Protection client if the required security applications are missing. The client should also automatically be sent to the download location when attempting to browse to a website if the required security applications are missing on the endpoint. Which solution should be used? Which two are explanations of why auto-location switching may be useful for Host Integrity? (Select two.) A Centralized Exception Policy can be created for which items? Which common functions are available in an operating system requirement? Which two are purposes of a location-based Host Integrity policy? (Select two.) Where are Symantec Network Access Control client packages found on the Symantec Endpoint Protection Manager? When would the Enforcer need to be reset to factory defaults? Which tool is used to access the command line interface over the network? Which two considerations are important when implementing a Host Integrity policy to remediate operating system patch conditions? (Select two.) What effects does lowering the TruScan Proactive Threat Scan sensitivity level have? Lifeline Supply Company employs 900 individuals at their location. Their data center is running Microsoft Exchange 2007 and an Oracle database. They are currently running different versions of Symantec Antivirus Corporate Edition managed through the Symantec System Center. They plan to migrate to Symantec Network Access Control and the IT director has to consider cost to benefit ratios given budgetary restrictions. Which site design best fits this company's cost to benefit ratio requirements? Which custom requirement conditions can an administrator use to verify the integrity of a given executable? How can an administrator ensure that LAN Enforcer appliances have the same settings? Symantec Network Access Control can be implemented standalone or as an integrated module of Symantec Endpoint Protection. What is the only policy that exists in both standalone and integrated implementations What should be considered when developing a Host Integrity policy? The Symantec Network Access Control administrator wants end users to be notified when TruScan Proactive Threat Scan detects a potentially malicious application. Which action should be applied by the administrator so the end user will receive a single notification? When installing the Symantec Network Access Control with an external database, what needs to be installed on the Symantec Endpoint Protection Manager prior to installing the manager software? An organization applies a Host Integrity policy that runs a custom script to check for an application patch for its proprietary accounting software. The Help Desk technician receives reports from the accounting department that at regular intervals a command prompt appears briefly on users' desktops and then disappears. What is the most likely cause? When is Host Integrity checking enabled on a Symantec Network Access Control client? An organization's remediation process requires the installation of custom software. During the installation process the system prompts the user for input. What can the administrator do to ensure the remediation process completes if a user is logged out? What should an administrator do to ensure that the results of Host Integrity do not affect the traffic through Gateway Enforcer? Which command does an administrator use to halt On-Demand access after logging into a Gateway Enforcer? Which technology is contained in the Symantec Network Access Control agent? What is the default time interval for Host Integrity checks? How does the Gateway Enforcer function on the network? When testing 802.1x environments with LAN enforcement, where can an administrator confirm whether the user credentials provided by a client are accepted or rejected? Which log contains IP address, connection attempt, port information, and the direction of the connection? Which packets are periodically sent from an Enforcer to find other Enforcers on the network? What can Symantec Network Access Control do when Auto-Protect detects an Internet-based threat? Lifeline Supply Company mandates that all employees use VPN connections from one vendor. Previously there were several different vendor VPNs used throughout the company. Which firewall trigger can be used to allow access only for the approved vendor VPN? From which log can an administrator determine that the Enforcer has successfully registered with the Symantec Endpoint Protection Manager? When testing 802.1x environments, which logs can an administrator use to confirm whether the credentials provided by a user are accepted or rejected? What is a characteristic of the Symantec Network Access Control Integrated Enforcer for Integrated Enforcers? Where is failover configured to ensure LAN Enforcer High Availability? For which two items can users create exceptions? (Choose two.)