250-561 Online Practice Questions and Answers

Which URL is responsible for notifying the SES agent that a policy change occurred in the cloud console?

A. spoc.norton.com

B. stnd-ipsg.crsi-symantec.com

C. ent-shasta.rrs-symantec.com

D. ocsp.digicert.com

What characterizes an emerging threat in comparison to traditional threat?

A. Emerging threats use new techniques and 0-day vulnerability to propagate.

B. Emerging threats requires artificial intelligence to be detected.

C. Emerging threats are undetectable by signature based engines.

D. Emerging threats are more sophisticated than traditional threats.

Which Firewall Stealth setting prevents OS fingerprinting by sending erroneous OS information back to the attacker?

A. Disable OS fingerprint profiling

B. Disable OS fingerprint detection

C. Enable OS fingerprint masqueradi

D. Enable OS fingerprint protection

Which device page should an administrator view to track the progress of an issued device command?

A. Command Status

B. Command History

C. Recent Activity

D. Activity Update

Which option should an administrator utilize to temporarily or permanently block a file?

A. Delete

B. Hide

C. Encrypt

D. Blacklist

An endpoint is offline, and the administrator issues a scan command. What happens to the endpoint when it restarts, if it lacks connectivity?

A. The system is scanning when started.

B. The system downloads the content without scanning.

C. The system starts without scanning.

D. The system scans after the content update is downloaded.

An administrator needs to create a new Report Template that will be used to track firewall activity. Which two (2) report template settings are optional? (Select 2)

A. Output format

B. Generation schedule

C. Email recipients

D. Time frame

E. Size restrictions

Which Symantec component is required to enable two factor authentication with VIP on the Integrated Cyber Defense manager (ICDm)?

A. A physical token or a software token

B. A software token and a VIP server

C. A software token and an active directory account

D. A physical token or a secure USB key

Which designation should an administrator assign to the computer configured to find unmanaged devices?

A. Discovery Broker

B. Discovery Agent

C. Discovery Manager

D. Discovery Device

An administrator suspects that several computers have become part of a botnet. What should the administrator do to detect botnet activity on the network?

A. Enable the Command and Control Server Firewall

B. Add botnet related signatures to the IPS policy's Audit Signatures list

C. Enable the IPS policy's Show notification on the device setting

D. Set the Antimalware policy's Monitoring Level to 4

Which security threat uses malicious code to destroy evidence, break systems, or encrypt data?

A. Execution

B. Persistence

C. Impact

D. Discovery

Which file should an administrator create, resulting Group Policy Object (GPO)?

A. Symantec__Agent_package_x64.zip

B. Symantec__Agent_package_x64.msi

C. Symantec__Agent_package__32-bit.msi

D. Symantec__Agent_package_x64.exe

What happens when an administrator blacklists a file?

A. The file is assigned to the Blacklist task list

B. The file is automatically quarantined

C. The file is assigned to a chosen Blacklist policy

D. The file is assigned to the default Blacklist policy

The ICDm has generated a blacklist task due to malicious traffic detection. Which SES component was utilized to make that detection?

A. Antimalware

B. Reputation

C. Firewall

D. IPS

Which term or expression is utilized when adversaries leverage existing tools in the environment?

A. opportunistic attack

B. script kiddies

C. living off the land

D. file-less attack