250-441 Dumps Which Everyone In The Symantec 250-441 Industry Should Be Using

The certified candidate will demonstrate an understanding of the planning, designing, deploying and optimization of Symantec Advanced Threat Protection. This understanding serves as a basis of technical knowledge and competency for Symantec Advanced Threat Protection solutions in an enterprise environment.

For More Details:

https://www.certschief.com/exam/250-441/

Question: 1

How can an Incident Responder generate events for a site that was identified as malicious but has NOT

triggered any events or incidents in ATP?

A. Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

B. Run an indicators of compromise (IOC) search in ATP manager.

C. Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that

blocks traffic to the domain.

D. Add the site to a blacklist in ATP manager.

Answer: D

Explanation:

Reference: https://support.symantec.com/en_US/article.HOWTO126023.html

Question: 2

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Zeus

B. Melissa

C. Duqu

D. Code Red

Answer: C

Question: 3

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A. Capture

B. Incursion

C. Discovery

D. Exfiltration

Answer: D

Explanation:

Reference: https://www.symantec.com/content/en/us/enterprise/white_papers/badvanced_

persistent_threats_WP_21215957.en-us.pdf

Question: 4

Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?

(Choose two.)

A. Administrator

B. Controller

C. User

D. Incident Responder

E. Root

Answer: AB

Explanation:

Reference: https://support.symantec.com/en_US/article.HOWTO125620.html

Question: 5

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

Which step should the Incident Response team incorporate into their plan of action?

A. Perform a healthcheck of ATP

B. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

C. Use ATP to isolate non-SEP protected computers to a remediation VLAN

D. Rejoin the endpoints back to the network after completing a final virus scan

Answer: C

Question: 6

What should an Incident Responder do to mitigate a false positive?

A. Add to Whitelist

B. Run an indicators of compromise (IOC) search

C. Submit to VirusTotal

D. Submit to Cynic

Answer: B

For More Details:

https://www.certschief.com/exam/250-441/

Use Coupon code "20off2018" to enjoy 20% off.