1. Home
  2. Symantec
  3. ST0-237

Symantec Data Loss Prevention 12 Technical Assessment

Exam Details

  • Exam Code
    :ST0-237
  • Exam Name
    :Symantec Data Loss Prevention 12 Technical Assessment
  • Certification
    :Symantec Certified Security program
  • Vendor
    :Symantec
  • Total Questions
    :237 Q&As
  • Last Updated
    :Apr 16, 2025

Symantec Symantec Certified Security program ST0-237 Questions & Answers

  • Question 311:

    An administrator needs to remove an agent and its associated events from a specific Endpoint Server. Which Agent Task does the administrator need to perform to disable its visibility in the Enforce UI?

    A. Delete action from the Agent Summary page

    B. Disable action from Symantec Management Console

    C. Change Endpoint Server action from the Agent Overview page

    D. Delete action from the Agent Health dashboard

  • Question 312:

    An administrator pulls the Services and Operation logs off of a DLP Agent by using the Pull Logs action. What happens to the log files after the administrator performs the Pull Logs action?

    A. they are stored directly on the Enforce server

    B. they are transferred directly to the Enforce Server and deleted from the DLP Agent

    C. they are created on the DLP Agent then pulled down to the Enforce server

    D. they are temporarily stored on the DLP Agent's Endpoint server

  • Question 313:

    Which command attempts to find the name of the drive in the private region and to match it to a disk media record that is missing a disk access record?

    A. vxdisk

    B. vxdctl

    C. vxreattach

    D. vxrecover

  • Question 314:

    What is the correct configuration for BoxMonitor.Channels that will allow the server to start as a Network Monitor server?

    A. Packet Capture, Span Port

    B. Packet Capture, Network Monitor

    C. Packet Capture, Network Tap

    D. Packet Capture, Copy Rule

  • Question 315:

    Refer to the exhibit.

    An administrator is testing the DLP installation by placing .EML files into the drop folder, but has been unsuccessful in generating any incidents. The administrator is checking the Advanced Server Settings page to see if it can help diagnose

    the issue.

    What could be causing this problem?

    A. BoxMonitor.IncidentWriter setting needs to be set to Test

    B. BoxMonitor.FileReader needs to be set to default

    C. BoxMonitor.IncidentWriterMemory is set too high

    D. BoxMonitor.Channels contains an incompatible entry

  • Question 316:

    A network administrator needs to be notified if someone attempts to tamper with or shut down the VPN connection on an iPad or iPhone. Which product should the administrator use to configure the notification alert?

    A. Mobile Email Monitor

    B. Mobile Device Management

    C. Network Prevent

    D. Mobile Prevent

  • Question 317:

    Which option should be used to optimize the performance of a network share Discover scan?

    A. Ensure that the target file system is defragmented regularly

    B. Use an incremental scan to only include previously unscanned items

    C. Configure credential prefetching to reduce delay in authentication

    D. Disable antivirus scanning for network shares on the detection server

  • Question 318:

    What is the most efficient method for designing filters to remove unwanted traffic?

    A. policy-based exceptions

    B. IP-based filtering per protocol

    C. L7 filtering per protocol

    D. sampling per protocol

  • Question 319:

    An administrator running a company's first Discover scan needs to minimize network load. The duration of the scan is unimportant. Which method should the administrator use to run the Discover scan?

    A. ignore smaller than

    B. ignore larger than

    C. throttling

    D. date last accessed

  • Question 320:

    An incident response team has determined that multiple incidents are resulting from the same user action of copying sensitive data to USB devices.

    Which action should the incident response team take to fix this issue so only one incident per action is detected?

    A. Create separate policies for the different detection methods

    B. Combine multiple conditions into one compound rule

    C. Change which 'Endpoint Destinations' are monitored

    D. Change the monitor/ignore filters in the agent configuration

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Symantec exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ST0-237 exam preparations and Symantec certification application, do not hesitate to visit our Vcedump.com to find your solutions here.