Symantec 250-580 Exam Questions

Question 6 of 150

Which type of security threat continues to threaten endpoint security after a system reboot?

file-less

memory attack

script

Rootkit

Correct Answer: D

Question 7 of 150

An organization is considering a single site for their Symantec Endpoint Protection environment.
What are two reasons that the organization should consider? (Choose two.)

Organizational merger

Sufficient WAN bandwidth

Delay-free, centralized reporting

24x7 admin availability

Legal constraints

Correct Answer: B, C

Question 8 of 150

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk.
Which two factors should the administrator consider? (Choose two.)

The deleted file may still be in the Recycle Bin.

IT Analytics may keep a copy of the file for investigation.

False positives may delete legitimate files.

Insight may back up the file before sending it to Symantec.

A copy of the threat may still be in the quarantine.

Correct Answer: A, C

Question 9 of 150

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

LiveUpdate

Firewall

Network Intrusion Prevention

Intensive Protection

Correct Answer: A

Question 10 of 150

What is the purpose of a Threat Defense for Active Directory Deceptive Account?

It prevents attackers from reading the contents of the Domain Admins Group

It assigns a fake NTLM password hash value for users with an assigned AdminCount attribute.

It exposes attackers as they seek to gather credential information from workstation memory

It acts as a honeypot to expose attackers as they attempt to build their AD treasure map

Correct Answer: D