Administration of Symantec Data Loss Prevention 15

Here you have the best Symantec 250-438 practice exam questions

You have 70 total questions to study from
Each page has 5 questions, making a total of 14 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 16, 2025
This site is not affiliated with or endorsed by Symantec.

Question 1 of 70

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a `copy to USB device` operation?

Add a ג€Limit Incident Data Retentionג€ response rule with ג€Retain Original Messageג€ option selected.

Modify the agent config.db to include the file

Modify the ג€Endpoint_Retain_Files.intג€ setting in the Endpoint server configuration

Modify the agent configuration and select the option ג€Retain Original Filesג€

Correct Answer: A

Question 2 of 70

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco's role has the `User Reporting` privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?

Only DLP administrators are permitted to access and view data for high risk users.

The Enforce server has insufficient permissions for importing user attributes.

User attribute data must be configured separately from incident data attributes.

User attributes have been incorrectly mapped to Active Directory accounts.

Correct Answer: D

Question 3 of 70

How should a DLP administrator exclude a custom endpoint application named `custom_app.exe` from being monitoring by Application File Access Control?

Add ג€custom_app.exeג€ to the ג€Application Whitelistג€ on all Endpoint servers.

Add ג€custom_app.exeג€ Application Monitoring Configuration and de-select all its channel options.

Add ג€custom_app_.exeג€ as a filename exception to the Endpoint Prevent policy.

Add ג€custom_app.exeג€ to the ג€Program Exclusion Listג€ in the agent configuration settings.

Correct Answer: B

Question 4 of 70

A software company wants to protect its source code, including new source code created between scheduled indexing runs.
Which detection method should the company use to meet this requirement?

Exact Data Matching (EDM)

Described Content Matching (DCM)

Vector Machine Learning (VML)

Indexed Document Matching (IDM)

Correct Answer: C

Question 5 of 70

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

To specify Wi-Fi SSID names

To specify an IP address or range

To specify the endpoint server

To specify domain names

To specify network card status (ON/OFF)

Correct Answer: B, D