1. Home
  2. Symantec
  3. 250-441

Administration of Symantec Advanced Threat Protection 3.0

Exam Details

  • Exam Code
    :250-441
  • Exam Name
    :Administration of Symantec Advanced Threat Protection 3.0
  • Certification
    :Symantec Certifications
  • Vendor
    :Symantec
  • Total Questions
    :95 Q&As
  • Last Updated
    :Mar 10, 2025

Symantec Symantec Certifications 250-441 Questions & Answers

  • Question 51:

    Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization's network to deliver targeted malware?

    A. Incursion

    B. Discovery

    C. Capture

    D. Exfiltration

  • Question 52:

    Malware is currently spreading through an organization's network. An Incident Responder sees some detections in SEP, but there is NOT an apparent relationship between them.

    How should the responder look for the source of the infection using ATP?

    A. Check for the file hash for each detection

    B. Isolate a system and collect a sample

    C. Submit the hash to Virus Total

    D. Check of the threats are downloaded from the same domain or IP by looking at incidents

  • Question 53:

    An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager.

    Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)

    A. An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.

    B. A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.

    C. A network share is repeatedly accessed during and after an infection indicating a more targeted attack.

    D. A malicious file that was repeatedly downloaded by a Trojan or a downloader that infected multiple endpoints.

    E. An external website that was the source of many malicious files.

  • Question 54:

    Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization's defenses from the inside?

    A. Discovery

    B. Capture

    C. Exfiltration

    D. Incursion

  • Question 55:

    While filling out the After Actions Report, an Incident Response Team noted that improved log monitoring could help detect future breaches.

    What are two examples of how an organization can improve log monitoring to help detect future breaches? (Choose two.)

    A. Periodically log into the ATP manager and review only the Dashboard.

    B. Implement IT Analytics to create more flexible reporting.

    C. Dedicate an administrator to monitor new events as they flow into the ATP manager.

    D. Set email notifications in the ATP manager to message the Security team when a new incident is occurring.

    E. Implement Syslog to aggregate information from other systems, including ATP, and review log data in a single console.

  • Question 56:

    Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

    A. Close any open shares

    B. Identify the threat and understand how it spreads

    C. Create subnets or VLANs and configure the network devices to restrict traffic

    D. Set executables on network drives as read only

    E. Identify affected clients

  • Question 57:

    What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?

    A. ATP will continue to block previously blacklisted addresses but NOT new ones.

    B. ATP does NOT block access to blacklisted addresses unless block mode is enabled.

    C. ATP will clear the existing blacklists.

    D. ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.

  • Question 58:

    A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.

    Why does the company need more than one ATP manager?

    A. An ATP manager can only connect to a SQL backend

    B. An ATP manager can only support 30,000 SEP clients

    C. An ATP manager can only support 10 SEP site connections.

    D. An ATP manager needs to be installed at each location where a Symantec Endpoint Protection Manager (SEPM) is located.

  • Question 59:

    An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the responder sees the results for 90 endpoints.

    What is a possible reason for the search only returning results for 90 of 100 endpoints?

    A. The search expired after one hour

    B. 10 endpoints are offline

    C. The search returned 0 results on 10 endpoints

    D. 10 endpoints restarted and cancelled the search

  • Question 60:

    Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?

    A. ATP: Email

    B. ATP: Endpoint

    C. ATP: Network

    D. ATP: Roaming

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.