What occurs when an endpoint fails its Host Integrity check and is unable to remediate?
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?A . The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.B . The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy...
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?A . It ensures that the Incident is resolved, and the responder can clean up the infection.B . It ensures that the Incident is resolved, and the responder...
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?
Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?A . Email Security.cloudB . Web security.cloudC . SkepticD . Symantec Messaging GatewayView AnswerAnswer: A Explanation: Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-detection-andĀresponse-atp-endpoint-en.pdf
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)A . Database versionB . Database IP addressC . Database domain nameD . Database hostnameE . Database nameView AnswerAnswer: BD
Which of the following Blue Prism guides would a Process Analyst complete?
Which of the following Blue Prism guides would a Process Analyst complete?A . Foundation TrainingB . Creating a Process Definition Document (PDD)C . Work Queues GuideView AnswerAnswer: B
What is the second stage of an Advanced Persistent Threat (APT) attack?
What is the second stage of an Advanced Persistent Threat (APT) attack?A . ExfiltrationB . IncursionC . DiscoveryD . CaptureView AnswerAnswer: B
How should you configure the query filter?
HOTSPOT Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain. You install the ATA Gateway on a server named Server1. To assist in detecting Pass-the-Hash attacks, you plan to configure ATA Gateway to collect events. You need to configure...
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?A . To determine the best plan of action for cleaning up the infectionB . To isolate infected computers on the network and remediate the threatC . To gather threat artifacts and review the malicious...
You are updating the inventory worksheet for a local tree farm
SIMULATION Project 3 of 7: Tree Inventory Overview You are updating the inventory worksheet for a local tree farm. Hide rows 29 and 30.View AnswerAnswer: See explanation below.
What are two reasons the responder should analyze the information using Syslog?
An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report. What are two reasons the responder should analyze the information using Syslog? (Choose two.)A . To have less raw data to analyzeB . To evaluate the data,...