ST0-237 - Symantec Data Loss Prevention 12 Technical Assessment
Go back to Veritas
The amount of discarded packets for a Network Monitor server is increasing throughout the day. Which Network Monitor configuration changes should be implemented to reduce the number of packets that are discarded?
Uncheck protocols from the Monitor configuration page that are unnecessary.
A policy template called Customer Credit Card Numbers is being imported into the system. What is the default result for the import of this policy template?
The policy template will be listed under Imported Templates.
An incident response team has determined that multiple incidents are resulting from the same user action of copying sensitive data to USB devices. Which action should the incident response team take to fix this issue so only one incident per action is detected?
Combine multiple conditions into one compound rule
Which Symantec Control Compliance Suite 9.0 component is responsible for most inter-component transactions?
Application Server Service
Which two database versions does Symantec Data Loss Prevention 11.5 support for incident and policy storage? (Select two.)
Oracle 10g version 10.2.0.4
Oracle 11g version 11.2
A DLP administrator needs to inspect HTTP traffic using a Network Monitor, including data pushed up to the web and data pulled down from the web. Which configuration changes should the administrator make under the advanced server settings to include all cases?
L7.processGets=true, PacketCapture.DISCARD_HTTP_GET=false, L7.minSizeofGetURL=10
An administrator is running a Discover Scanner target scan and the scanner is unable to communicate back to the Discover Server. Where will the files be stored?
scanner's outgoing folder
A Data Loss Prevention administrator notices that several errors occurred during a Network Discover scan. Which report can the administrator use to determine exactly which errors occurred and when?
Full Activity report for that particular scan
Which two benefits does the Policy Module provide? (Select two.)
determines coverage gaps for multiple, overlapped regulatory, industry-specific, or best practices frameworks
defines, reviews, and disseminates written policies to end users as mapped to specific measurable controls
Silent installation can be performed for which component of Symantec Control Compliance Suite 9.0?
Data Processing Service
How can an administrator validate that once a policy is updated and saved it has been enabled on a specific detection server?
Check to see whether the policy was loaded under System > Servers > Events
Where can a Data Loss Prevention administrator configure the throttling option for a DLP Agent?
Agent Configuration section
What must a policy manager do when working with Exact Data Matching (EDM) indexes?
Create a new data profile if data source schema changes
Which traffic type will be excluded from analysis?
The Symantec Control Compliance Suite 9.0 (CCS 9.0) stores large amounts of data in databases. The database administrator must perform tasks on the databases outside of CCS 9.0 to maintain the databases and to ensure that the databases are performing at an acceptable level. Which three tasks should be routinely scheduled in SQL Server Management Studio? (Select three.)
Back up the databases
Rebuild the indexes
Update the database statistics
Which traffic type is excluded from analysis when an administrator uses Network Monitor?
Which tool is provided by default to edit a database on an endpoint?
A user receives this error message in the Symantec event log: An error occurred while attempting to run a scheduled job; Reason for failure: Password doesn't exist for username. The Symantec Control Compliance Suite 9.0 is configured to store the user credentials for job runs. Where must the user supply the correct credentials?
Home > User Preferences
Which two dates must be selected when creating an exception request? (Select two.)
Which is the correct installation sequence?
Oracle > Enforce > Solution pack > detection server
What are two functions of the Enterprise Configuration Service? (Select two.)
It maintains a list of master and slave query engines.
It maintains rules for query engine data collection.
Which delimiter is acceptable in Exact Data Matching (EDM) data sources?
The terms Confidentiality, Integrity, and Availability refer to which aspect of an Evaluation of a Standard?
An administrator is configuring an approved Endpoint device and adding it as an exception to a policy that blocks the transfer of sensitive data. Data transfers to these approved Endpoint devices are still being blocked. Which action should the administrator take to prevent the data transfers from being blocked?
Verify that the proper device ID or class has been entered
Which two options are available when selecting an incident for deletion? (Select two.)
Delete the incident completely
Delete the original message and retain the incident
An administrator is applying a newly created agent configuration to an Endpoint server. Upon inspection, the new configuration is unassigned in the Endpoint Server Details. What is a possible cause for the new configuration failing to be assigned?
the new agent configuration was saved without applying it to the Endpoint server
You execute the qio_convertdbfiles command to convert the database files to use Quick I/O. The command results with an error that the database files are not on a VxFS file system. You need to convert the database files to use Quick I/O. What should you do?
Remove the files from the mkgio.dat file.
Which two protocols are available by default and recognized by Network Monitor by their individual signatures? (Select two.)
Which Network Discover option is used to determine whether confidential data exists without having to scan the entire target?
Inventory Mode Scanning
Which two detection condition types match on all Envelope, Subject, Body, and Attachment components? (Select two.)
How is data moved to the servers at Symantec when auto-transmission of Supportability Telemetry data is enabled?
HTTPS POST to Symantec from Enforce
A company needs to protect all Mergers and Acquisitions Agreements from leaving the organization. However, there is standard text that is included in all company literature that they would like to exclude. What should be done to make sure that this standard text is excluded from detection?
create a whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
The following steps have been taken: Which job will be executed?
Asset Import job
Which structures are parts of the Cross-platform Data Sharing (CDS) format?
An Operating System-reserved area
A private region
A public region
Which response rule condition allows a policy manager to configure an Automated Response rule to execute while a user is travelling?
Which command line diagnostic utilities would give a user the operating system version of the detection servers?
Environment Check Utility
You have executed the vxdg -g diskgroup adddisk disk_name= command. Which switch needs to be added to force VxVM to take the disk media name of the failed disk and assign it to the new replacement disk?
You have replaced disks on a system under the VxVM control and you get an error "VxVM vxconfigrestore ERROR V-5-1-6012 There are two backups that have the same disk group name with different disk group id". How will you resolve this error?
Specify the disk group by its ID rather than by its name.
You are turning on the quota on a file system for the first time. You want to ensure you are able to establish quota for a group of users named finance. What should you do?
Create a file named quota.grp that is owned by the root of the file system.
Which two Diagnostic Logging Settings can be configured under the Systems > Servers > Logs - Configuration tab in the Enforce UI? (Select two.)
Discover Trace Logging
Packet Capture Debug Logging
An administrator pulls the Services and Operation logs off of a DLP Agent by using the Pull Logs action. What happens to the log files after the administrator performs the Pull Logs action?
they are temporarily stored on the DLP Agent's Endpoint server
Which report helps a compliance officer understand how the company is complying with its data security policies over time?
Policy Trend report, summarized by policy, then quarter
What is required to assign permissions to the asset system?
role and user/group
Which Symantec Control Compliance Suite 9.0 components must be installed in the same domain?
application server and directory server
Which interface provides single sign-on access for the purpose of administering Data Loss Prevention servers, managing policies, and remediating incidents?
Symantec Protection Center
If a customer is running Enterprise Security Manager (ESM) 6.5.x in their environment, which two ESM components must be upgraded for it to work with Symantec Control Compliance Suite 9.0? (Select two.)
A Network Monitor server has been installed and the networking components configured accordingly. The server is receiving traffic, but fails to detect incidents. Running Wireshark indicates that the desired traffic is reaching the detection server. What is the most likely cause for this behavior?
The mirrored port is sending corrupted packets.
The business data owner is unavailable. Who can approve the entitlements in his absence?
Which three are valid Reconciliation Rule types in Symantec Control Compliance Suite 9.0? (Select three.)
How should an administrator determine which Database version is running?
Run the command select * from v$version;