ST0-192 - Symantec Tech. Found.: Security Solutions 2.0 Tech. Assmt.
Go back to Symantec
Which two events could potentially be seen by a network monitoring solution in the context of information protection? (Select two.)
a hacker exfiltrating data out of an organization
an employee emailing data out of an organization
Which two pieces of information from a customer will help to uncover a need for the Altiris IT Management Suite? (Select two.)
whether the customer is planning to migrate to Windows 7
whether the customer needs to prioritize and quickly deploy patches
Which two questions are appropriate to ask a customer in order to uncover a need for Symantec Control Compliance Suite? (Select two.)
Have you recently gone through a merger or acquisition, requiring new entitlements and controls?
Is your operations team struggling to keep on top of IT audit-related tasks?
In which two cases will the agent status remain green (good) on the Agent Events page? (Select two.)
The agent closed the connection to the Endpoint Server.
There was an agent service shutdown during machine shutdown.
Which component of Symantec Security Information Manager (SSIM) helps companies determine a potential threat in real-time?
What is a likely outcome of filtering network traffic in Network Monitor?
monitoring of traffic important to the customer
Why is security configuration management important to business leaders, according to the Security Solutions 2.0 course?
It drives down costs and improves efficiencies.
What is global reputation analysis ineffective against?
small targeted spam attacks
What is the primary benefit of network intrusion prevention on the host?
blocks threats before any files are written to the hard drive
An administrator wants to identify and monitor systems with weak or static passwords. Which Symantec solution can help collect this information?
Control Compliance Suite
A cybercriminal wants to break into an organization using a SQL injection attack. What will the cybercriminal do to start the attack?
locate a user input field on the company's web page
How does patch management enhance security within an environment?
It identifies software and operating system vulnerabilities and provides remediation.
What is the default incident data retention behavior for Network Monitor and Network Prevent?
Messages and attachments are retained.
By default, which port does the Enforce Server use to connect to all detection servers?
On which protocols does Symantec Data Loss Prevention 9.0 use port-based protocol recognition?
user-configured TCP protocols
What is the purpose of defining a technical standard?
to identify minimum system configuration requirements for assets
What is the link between information security and operational performance?
What information does IT asset management (ITAM) provide?
owners of laptops within the environment
During a discussion with a customer, it is identified that they need better awareness of their hardware and software inventory. For example, they have a security policy to disallow DVD burners in their end-user workstations, yet they are lacking centralized inventory and reporting software to see if any endpoints have a DVD burner. Which Symantec suite is the most appropriate for this customer?
IT Management Suite
When should blocking of network transmissions and quarantining of exposed confidential files begin?
after policies have been tuned for several months
Which Network incident report indicates where employees are most often sending emails in violation of policies?
Top Recipient Domains
Which plug-in can connect to Microsoft Active Directory (AD)?
Live LDAP Lookup
Malware that contains a backdoor is placed on a system that will later be used by the cybercriminal to gain access to the system. Which phase of the breach does this represent?
Which two core processes can a workflow solution manage to help mitigate security risks? (Select two.)
Which endpoint protection strategy uses rulesets to block or allow network traffic going to or coming from the endpoint?
What must a policy manager do when working with Exact Data Matching (EDM) indexes?
create a new data profile if data source schema changes
What is an example of monitoring the usage of confidential data?
inspecting data being emailed out of an organization
What are the benefits of log management?
root cause analysis and regulatory compliance
What makes a security policy effective and functional?
support from management
How does a system administrator verify that a Network Monitor Server is healthy?
by checking Incident Queue and Message Wait Time on the System Overview page
An organization has a requirement to ensure they are meeting industry best practices for securing their IT environment. Which strategy is appropriate for this organization?
What is the cybercriminal hoping to accomplish during the incursion phase?
gain unauthorized access to data or a system
A customer is experiencing image-based spam and phishing attacks that are negatively impacting messaging flow. Which Symantec solution should be recommended to this customer?
Backup Exec System Recovery
What are two types of targets that should be scanned to see if they contain confidential information at rest? (Select two.)
A cybercriminal wants to maintain future access to a compromised system. Which tool would the cybercriminal use to accomplish this?
Why do companies deploy data loss prevention solutions? (Select two.)
to prevent employee access to undesirable websites
Which endpoint protection strategy uses system-level control of applications, processes, and hardware devices to prevent inappropriate software from running on a system?
host intrusion prevention
Which condition would require performing a remote exploit on a machine?
Which two products are required for quarantining confidential files residing inappropriately on a public file share? (Select two.)
What does Endpoint Prevent do?
stops confidential data from being sent over the network or copied to removable media
An Internet user is able to download files via FTP but is unable to communicate over instant messaging. Which web gateway protection technology enforces this type of web usage policy?
web application control
A malicious insider was identified and recently terminated, and the organization wants to confirm that all company-owned hardware was returned by the employee. Which Symantec solution will help accomplish this?
IT Management Suite
What are the benefits of security information and event management?
quickly identifying security breaches and reducing vulnerabilities
What additional benefit will a patch management strategy provide?
increase availability of endpoint systems
How does a workflow solution work with collaborative applications, according to the Security Solutions 2.0 course?
It streamlines tasks and connects independent business applications.
What are two benefits of hardware device control? (Select two.)
prevents propagation of malicious code
reduces the risk of confidential data loss
How can a system administrator obtain the log files for a detection server? (Select three.)
run the Log Collection Utility (LCU)
navigate to the logs directory
click Fetch Latest on the Server Detail page
Why would a cybercriminal avoid using a trojan in a widespread attack?
trojans only infect one system at a time
An end-user has mistakenly copied sensitive data into an email and attempted to send it outside the company. The email is quarantined, and the user's immediate manager receives a notification detailing the policy violation. An additional notification is sent to IT Security, and an investigation is initiated. What does this scenario describe?
incident response workflow
What is the goal of a denial of service attack?
to exploit a weakness in the TCP/IP stack 8 / 20