In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose two.)
A. Policies page
B. Action Manager
C. Syslog
D. Incident Manager
E. Indicators of compromise (IOC) search
Which action should an Incident Responder take to remediate false positives, according to Symantec best practices?
A. Blacklist
B. Whitelist
C. Delete file
D. Submit file to Cynic
Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details page? (Choose two.)
A. Affected Endpoints
B. Dashboard
C. Incident Graph
D. Events View
E. Actions Bar
Which threat is an example of an Advanced Persistent Threat (APT)?
A. Loyphish
B. Aurora
C. ZeroAccess
D. Michelangelo
Which threat is an example of an Advanced Persistent Threat (APT)?
A. Zeus
B. Melissa
C. Duqu
D. Code Red
How can an Incident Responder generate events for a site that was identified as malicious but has NOT triggered any events or incidents in ATP?
A. Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).
B. Run an indicators of compromise (IOC) search in ATP manager.
C. Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.
D. Add the site to a blacklist in ATP manager.
An Incident Responder observes an incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization's suppliers. The organization needs access to the site to continue placing orders. ATP: Network is configured in Inline Block mode.
How should the Incident Responder proceed?
A. Whitelist the domain and close the incident as a false positive
B. Identify the pieces of malware and blacklist them, then notify the supplier
C. Blacklist the domain and IP of the attacking site
D. Notify the supplier and block the site on the external firewall
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?
A. Email Security.cloud
B. Web security.cloud
C. Skeptic
D. Symantec Messaging Gateway
What does a Quarantine Firewall policy enable an ATP Administrator to do?
A. Isolate a computer while it is manually being remediated
B. Submit files to a Central Quarantine server
C. Filter all traffic leaving the network
D. Intercept all traffic entering the network
Which threat is an example of an Advanced Persistent Threat (APT)?
A. Koobface
B. Brain
C. Flamer
D. Creeper
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.