Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)
Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)A . Rejoin healthy endpoints back to the networkB . Blacklist any suspicious files found in the environmentC . Submit any suspicious files to CynicD . Isolate infected endpoints to a quarantine networkE . Delete threat...
Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?
Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?A . System LockdownB . Intrusion Prevention SystemC . FirewallD . SONARView AnswerAnswer: A
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?
What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?A . ExfiltrationB . IncursionC . CaptureD . DiscoveryView AnswerAnswer: B
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?
What is the role of Cynic within the Advanced Threat Protection (ATP) solution?A . Reputation-based securityB . Event correlationC . Network detection componentD . Detonation/sandboxView AnswerAnswer: D Explanation: Reference: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-advanced-threat-protectionÂemail-DS-21349610.pdf
What should the Incident Responder do to stop the traffic to the IRC channel?
An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode. What should the Incident Responder do to stop the traffic to the IRC channel?A . Isolate the endpoint with a Quarantine Firewall policyB ....
How does an attacker use a zero-day vulnerability during the Incursion phase?
How does an attacker use a zero-day vulnerability during the Incursion phase?A . To perform a SQL injection on an internal serverB . To extract sensitive information from the targetC . To perform network discovery on the targetD . To deliver malicious code that breaches the targetView AnswerAnswer: D Explanation:...
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?
What is the main constraint an ATP Administrator should consider when choosing a network scanner model?A . ThroughputB . BandwidthC . Link speedD . Number of usersView AnswerAnswer: B
What is the role of Insight within the Advanced Threat Protection (ATP) solution?
What is the role of Insight within the Advanced Threat Protection (ATP) solution?A . Reputation-based securityB . Detonation/sandboxC . Network detection componentD . Event correlationView AnswerAnswer: A Explanation: Reference: https://www.symantec.com/content/dam/symantec/docs/brochures/atp-brochure-en.pdf
Which threat is an example of an Advanced Persistent Threat (APT)?
Which threat is an example of an Advanced Persistent Threat (APT)?A . KoobfaceB . BrainC . FlamerD . CreeperView AnswerAnswer: C
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?
Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?A . SEPM embedded database nameB . SEPM embedded database typeC . SEPM embedded database versionD . SEPM embedded database passwordView AnswerAnswer: D Explanation: Reference: https://support.symantec.com/en_US/article.HOWTO125960.html