An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.
What should the Incident Responder do to stop the traffic to the IRC channel?
A. Isolate the endpoint with a Quarantine Firewall policy
B. Blacklist the IRC channel IP
C. Blacklist the endpoint IP
D. Isolate the endpoint with an application control policy
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
A. Rejoin healthy endpoints back to the network
B. Blacklist any suspicious files found in the environment
C. Submit any suspicious files to Cynic
D. Isolate infected endpoints to a quarantine network
E. Delete threat artifacts from the environment
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?
A. The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
B. The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
C. The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
D. The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?
A. Exfiltration
B. Incursion
C. Capture
D. Discovery
An Incident Responder wants to investigate whether msscrt.pdf resides on any systems. Which search query and type should the responder run?
A. Database search filename "msscrt.pdf"
B. Database search msscrt.pdf
C. Endpoint search filename like msscrt.pdf
D. Endpoint search filename ="msscrt.pdf"
Where can an Incident Responder view Cynic results in ATP?
A. Events
B. Dashboard
C. File Details
D. Incident Details
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?
A. Throughput
B. Bandwidth
C. Link speed
D. Number of users
An Incident Responder wants to run a database search that will list all client named starting with SYM. Which syntax should the responder use?
A. hostname like "SYM"
B. hostname "SYM"
C. hostname "SYM*"
D. hostname like "SYM*"
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?
A. SEPM embedded database name
B. SEPM embedded database type
C. SEPM embedded database version
D. SEPM embedded database password
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?
A. Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
B. Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain
C. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
D. Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 250-441 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.