1. Home
  2. Symantec
  3. 250-438

Administration of Symantec Data Loss Prevention 15

Exam Details

  • Exam Code
    :250-438
  • Exam Name
    :Administration of Symantec Data Loss Prevention 15
  • Certification
    :Symantec Certifications
  • Vendor
    :Symantec
  • Total Questions
    :70 Q&As
  • Last Updated
    :Mar 06, 2025

Symantec Symantec Certifications 250-438 Questions & Answers

  • Question 21:

    What detection server type requires a minimum of two physical network interface cards?

    A. Network Prevent for Web

    B. Network Prevent for Email

    C. Network Monitor

    D. Cloud Detection Service (CDS)

  • Question 22:

    Refer to the exhibit. Which type of Endpoint response rule is shown?

    A. Endpoint Prevent: User Notification

    B. Endpoint Prevent: Block

    C. Endpoint Prevent: Notify

    D. Endpoint Prevent: User Cancel

  • Question 23:

    An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization. Which detection method should the organization use to meet this requirement?

    A. Exact Data Matching (EDM)

    B. Indexed Document Matching (IDM)

    C. Described Content Matching (DCM)

    D. Vector Machine Learning (VML)

  • Question 24:

    Which detection server is available from Symantec as a hardware appliance?

    A. Network Prevent for Email

    B. Network Discover

    C. Network Monitor

    D. Network Prevent for Web

  • Question 25:

    Which action is available for use in both Smart Response and Automated Response rules?

    A. Log to a Syslog Server

    B. Limit incident data retention

    C. Modify SMTP message

    D. Block email message

  • Question 26:

    Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

    A. The OCR engine must be installed on detection server other than the Enforce server.

    B. The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

    C. The OCR engine must be directly on the Enforce server.

    D. The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

  • Question 27:

    A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger than 1MB are

    turning to .BAD files.

    What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

    A. A corrupted policy was deployed.

    B. The Enforce server's hard drive is out of space.

    C. A detection server has excessive filereader restarts.

    D. Tablespace is almost full.

  • Question 28:

    A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

    A. Apply a new global agent uninstall password in the Enforce management console.

    B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.

    C. Replace the PGPsdk.dll file on the agent's assigned Endpoint server with a copy from a different Endpoint server

    D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

  • Question 29:

    A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should be compliance officer generate to obtain the compliance information?

    A. Policy report, filtered on date and summarized by policy

    B. Policy Trend report, summarized by policy, then quarter

    C. Policy report, filtered on quarter and summarized by policy

    D. Policy Trend report, summarized by policy, then severity

  • Question 30:

    A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

    A. Change the "Ignore requests Smaller Than" value to 1

    B. Add the filename to the Inspect Content Type field

    C. Change the "PacketCapture.DISCARD_HTTP_GET" value to "false"

    D. Uncheck trial mode under the ICAP tab

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-438 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.