How does the Audit module get data?
- A . Firewalls and proxies
- B . Cloud application APIs
- C . CloudSOC gateway
- D . Manual uploads
Which detector will trigger if CloudSOC detects anomalously frequent sharing?
- A . Behavior based
- B . Threshold based
- C . Sequence based
- D . Threats based
Which are three (3) levels of data exposure?
- A . Public, external, and internal
- B . Public, confidential, and company confidential
- C . Public, semi-private, and private
- D . Public, confidential, and private
Refer to the exhibit.
Which CloudSOC module(s) use firewalls and proxies as data sources?
- A . Detect, Protect, and Investigate
- B . Detect, Protect, Investigate, and Securlets
- C . Audit and Investigate
- D . Audit
C
Explanation:
Reference: https://www.niwis.com/downloads/Symantec/Symantec_CloudSOC.pdf
How should an administrator handle a cloud application that fails to meet compliance requirements, but the business need outweighs the risk?
- A . Sanction
- B . Monitor
- C . Block
- D . Review
Refer to the exhibit.
What modules are used in the use case “Protect information from accidental and intentional exposure within cloud applications”?
- A . Protect and Investigate
- B . Protect, Investigate, and Securlets
- C . Protect and Audit
- D . Protect and Securlets
What type of policy should an administrator use to prevent a user that is behaving in anomalous ways from sharing public links while you monitor them?
- A . Access monitoring
- B . File transfer
- C . Data exposure
- D . Access enforcement
What is the objective of File Sharing policies?
- A . To restrict the direct sharing of documents from cloud applications based both on their content and the characteristics of the user.
- B . To prevent users from sharing documents, either publicly, externally, or internally.
- C . To notify an administrator when activities, such as objects being modified, are performed in a cloud application.
- D . To restrict the uploading and downloading of documents from the user’s computer to the cloud application, based both on the content of the documents, and the characteristics of the user.
Refer to the exhibit.
Which modules are used in the use case “Determine optimal cloud application adoption based on business risk and cost of ownership”?
- A . Audit and Protect
- B . Audit
- C . Detect, Protect, and Investigate
- D . Protect, Investigate, and Securlets
Refer to the exhibit.
An administrator found this incident in the Investigate module.
What type of policy should an administrator create to get email notifications if the incident happens again?
- A . File sharing policy
- B . File transfer policy
- C . Access monitoring policy
- D . Data exposure policy
Which CloudSOC module is similar to a Data Loss Prevention (DLP) system?
- A . Detect
- B . Investigate
- C . Audit
- D . Protect
What data source types does Audit support?
- A . SSH, FTP, Remote desktop
- B . Web upload, SFTP, S3
- C . PDF, DOC, XLS
- D . APIs
What module should an administrator use to create policies that restrict users from sharing data in unsafe ways?
- A . Securlets
- B . Audit
- C . Protect
- D . Detect
What compensatory control should an administrator implement if password quality rules of a cloud application has a low rating?
- A . Single Sign On (SSO)
- B . Block the application
- C . Role based access
- D . Biometric access
A
Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/solution-briefs/shadow-it-discoverybest-practices-guide-en.pdf
What CloudSOC module should an administrator use to identify and remediate malicious behavior within cloud applications?
- A . Audit
- B . Securlets
- C . Detect
- D . Investigate
What modules are used in the use case “Identify and remediate malicious behavior within cloud applications”?
- A . Detect, Protect, and Investigate
- B . Detect and Investigate
- C . Detect
- D . Detect and Securlets
Refer to the exhibit.
Which module(s) use the CloudSOC gateway as a data source?
- A . Audit
- B . Detect and Protect
- C . Detect, Protect, and Investigate
- D . Detect, Protect, Investigate, and Securlets
What type of policy should an administrator utilize to prevent the spread of malware through cloud applications?
- A . Access monitoring
- B . File transfer
- C . File sharing
- D . Access enforcement
Which type of a policy can perform a user log out from Single Sign On?
- A . Access Monitoring policy
- B . ThreatScore based policy
- C . Access enforcement policy
- D . None of the above
How does the Detect module get data?
- A . Firewalls and proxies
- B . CloudSOC gateway and cloud application APIs
- C . Firewalls and proxies, and CloudSOC gateway
- D . Cloud application APIs
What type of solution should an administrator implement to secure the way users interact with cloud applications?
- A . Intrusion Detection System/Intrusion Protection System (IDS/IPS)
- B . Cloud Access Security Broker (CASB)
- C . Web application firewalls
- D . Proxies
What policy should an administrator utilize to allow users access to Office 365, but prevent the extraction of files when their ThreatScore is higher than 30?
- A . File transfer
- B . Access enforcement
- C . ThreatScore based
- D . Data exposure
C
Explanation:
Reference: https://support.symantec.com/en_US/article.ALERT2395.html
What Business Readiness Rating (BRR) category does the subcategory “Password Quality Rules” belong to?
- A . Data
- B . Compliance
- C . Business
- D . Access
How does the Securlet module get data?
- A . Firewall and proxies
- B . CloudSOC gateway
- C . Cloud application APIs
- D . CloudSOC gateway and cloud application APIs
What module should an administrator use to identify anomalous user behavior such as large amounts of data being downloaded, too many files being shared, or logins from suspicious locations?
- A . Detect
- B . Protect
- C . Investigate
- D . Audit
A
Explanation:
Reference: http://www.arrowecs.pt/ficheros/ partners/211_ShadowDataReport_1H_2016_Digital_Screen_compressed.pdf
Which detector will trigger if a user attempts a series of invalid logins within a specific time period?
- A . Threats based
- B . Sequence based
- C . Threshold based
- D . Behavior based
What module should an administrator use to view all activities in cloud applications?
- A . Protect
- B . Audit
- C . Detect
- D . Investigate
What module should an administrator use to create policies with one click, and send them to the Protect Module?
- A . Detect
- B . Investigate
- C . Audit
- D . Securlet
What module can an administrator use to connect certain cloud applications to CloudSOC via APIs, and have complete visibility into the content being shared in those cloud applications?
- A . Investigate
- B . Detect
- C . Protect
- D . Securlets
Refer to the exhibit.
What modules are used by the use case “Identify and determine business risk of cloud applications being used within the organization”?
- A . Investigate
- B . Audit and Investigate
- C . Audit
- D . Audit and Securlets