Administration of Symantec Data Loss Prevention 15

Here you have the best Symantec 250-438 practice exam questions

You have 70 total questions across 14 pages (5 per page)
These questions were last updated on February 18, 2026
This site is not affiliated with or endorsed by Symantec.

Question 1 of 70

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a `copy to USB device` operation?

Add a ג€Limit Incident Data Retentionג€ response rule with ג€Retain Original Messageג€ option selected.

Modify the agent config.db to include the file

Modify the ג€Endpoint_Retain_Files.intג€ setting in the Endpoint server configuration

Modify the agent configuration and select the option ג€Retain Original Filesג€

Question 2 of 70

What is the correct configuration for `BoxMonitor.Channels` that will allow the server to start as a Network Monitor server?

Packet Capture, Span Port

Packet Capture, Network Tap

Packet Capture, Copy Rule

Packet capture, Network Monitor

Question 3 of 70

Under the `System Overview` in the Enforce management console, the status of a Network Monitor detection server is shown as `Running Selected.` The Network
Monitor server's event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?

There is insufficient disk space on the Network Monitor server.

The Network Monitor server's certificate is corrupt or missing.

The Network Monitor server's license file has expired.

The Enforce and Network Monitor servers are running different versions of DLP.

Question 4 of 70

Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

Question 5 of 70

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco's role has the `User Reporting` privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?

Only DLP administrators are permitted to access and view data for high risk users.

The Enforce server has insufficient permissions for importing user attributes.

User attribute data must be configured separately from incident data attributes.

User attributes have been incorrectly mapped to Active Directory accounts.

About the Symantec 250-438 Certification Exam

About the Exam

The Symantec 250-438 (Administration of Symantec Data Loss Prevention 15) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 70 practice questions across 14 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our 250-438 questions are regularly updated to reflect the latest exam objectives.