Symantec 250-580 Exam Questions

Question 6 of 150

Which type of security threat continues to threaten endpoint security after a system reboot?

A.

file-less

B.

memory attack

C.

script

D.

Rootkit

Question 7 of 150

An organization is considering a single site for their Symantec Endpoint Protection environment.
What are two reasons that the organization should consider? (Choose two.)

Question 8 of 150

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk.
Which two factors should the administrator consider? (Choose two.)

A.

The deleted file may still be in the Recycle Bin.

B.

IT Analytics may keep a copy of the file for investigation.

C.

False positives may delete legitimate files.

D.

Insight may back up the file before sending it to Symantec.

E.

A copy of the threat may still be in the quarantine.

Question 9 of 150

When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

A.

LiveUpdate

B.

Firewall

C.

Network Intrusion Prevention

D.

Intensive Protection

Question 10 of 150

What is the purpose of a Threat Defense for Active Directory Deceptive Account?

A.

It prevents attackers from reading the contents of the Domain Admins Group

B.

It assigns a fake NTLM password hash value for users with an assigned AdminCount attribute.

C.

It exposes attackers as they seek to gather credential information from workstation memory

D.

It acts as a honeypot to expose attackers as they attempt to build their AD treasure map