250-438 Online Practice Questions and Answers

DRAG DROP

What is the correct installation sequence for the components shown here, according to the Symantec Installation Guide?

Place the options in the correct installation sequence.

Select and Place:

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a "copy to USB device" operation?

A. Add a "Limit Incident Data Retention" response rule with "Retain Original Message" option selected.

B. Modify the agent config.db to include the file

C. Modify the "Endpoint_Retain_Files.int" setting in the Endpoint server configuration

D. Modify the agent configuration and select the option "Retain Original Files"

How should a DLP administrator exclude a custom endpoint application named "custom_app.exe" from being monitoring by Application File Access Control?

A. Add "custom_app.exe" to the "Application Whitelist" on all Endpoint servers.

B. Add "custom_app.exe" Application Monitoring Configuration and de-select all its channel options.

C. Add "custom_app_.exe" as a filename exception to the Endpoint Prevent policy.

D. Add "custom_app.exe" to the "Program Exclusion List" in the agent configuration settings.

Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)

A. Exchange

B. Jiveon

C. File store

D. SharePoint

E. Confluence

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate this report?

A. Custom attributes

B. Status attributes

C. Sender attributes

D. User attributes

What detection method utilizes Data Identifiers?

A. Indexed Document Matching (IDM)

B. Described Content Matching (DCM)

C. Directory Group Matching (DGM)

D. Exact Data Matching (EDM)

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans. When does the DLP agent stop scanning?

A. When the agent sends a report within the "Scan Idle Timeout" period

B. When the endpoint computer is rebooted and the agent is started

C. When the agent is unable to send a status report within the "Scan Idle Timeout" period

D. When the agent sends a report immediately after the "Scan Idle Timeout" period

What is required on the Enforce server to communicate with the Symantec DLP database?

A. Port 8082 should be opened

B. CryptoMasterKey.properties file

C. Symbolic links to .dbf files

D. SQL*Plus Client

A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

A. Change the "Ignore requests Smaller Than" value to 1

B. Add the filename to the Inspect Content Type field

C. Change the "PacketCapture.DISCARD_HTTP_GET" value to "false"

D. Uncheck trial mode under the ICAP tab

Which detection server is available from Symantec as a hardware appliance?

A. Network Prevent for Email

B. Network Discover

C. Network Monitor

D. Network Prevent for Web

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization. Which detection method should the organization use to meet this requirement?

A. Exact Data Matching (EDM)

B. Indexed Document Matching (IDM)

C. Described Content Matching (DCM)

D. Vector Machine Learning (VML)

A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information. What detection method should the company use?

A. Indexed Document Matching (IDM)

B. Vector Machine Learning (VML)

C. Exact Data Matching (EDM)

D. Described Content Matching (DCM)

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration. What is one possible reason that the agent fails to receive the new configuration?

A. The new agent configuration was saved but not applied to any endpoint groups.

B. The new agent configuration was copied and modified from the default agent configuration.

C. The default agent configuration must be disabled before the new configuration can take effect.

D. The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Which service encrypts the message when using a Modify SMTP Message response rule?

A. Network Monitor server

B. SMTP Prevent

C. Enforce server

D. Encryption Gateway

Where should an administrator set the debug levels for an Endpoint Agent?

A. Setting the log level within the Agent List

B. Advanced configuration within the Agent settings

C. Setting the log level within the Agent Overview

D. Advanced server settings within the Endpoint server