Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)A . Rejoin healthy endpoints back to the networkB . Blacklist any suspicious files found in the environmentC . Submit any suspicious files to CynicD . Isolate infected endpoints to a quarantine networkE . Delete threat...

September 16, 2019 No Comments READ MORE +

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?

Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?A . System LockdownB . Intrusion Prevention SystemC . FirewallD . SONARView AnswerAnswer: A

September 16, 2019 No Comments READ MORE +

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?A . ExfiltrationB . IncursionC . CaptureD . DiscoveryView AnswerAnswer: B

September 14, 2019 No Comments READ MORE +

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?A . Reputation-based securityB . Event correlationC . Network detection componentD . Detonation/sandboxView AnswerAnswer: D Explanation: Reference: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-advanced-threat-protection­email-DS-21349610.pdf

September 14, 2019 No Comments READ MORE +

What should the Incident Responder do to stop the traffic to the IRC channel?

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode. What should the Incident Responder do to stop the traffic to the IRC channel?A . Isolate the endpoint with a Quarantine Firewall policyB ....

September 14, 2019 No Comments READ MORE +

How does an attacker use a zero-day vulnerability during the Incursion phase?

How does an attacker use a zero-day vulnerability during the Incursion phase?A . To perform a SQL injection on an internal serverB . To extract sensitive information from the targetC . To perform network discovery on the targetD . To deliver malicious code that breaches the targetView AnswerAnswer: D Explanation:...

September 10, 2019 No Comments READ MORE +

What is the main constraint an ATP Administrator should consider when choosing a network scanner model?

What is the main constraint an ATP Administrator should consider when choosing a network scanner model?A . ThroughputB . BandwidthC . Link speedD . Number of usersView AnswerAnswer: B

September 9, 2019 No Comments READ MORE +

What is the role of Insight within the Advanced Threat Protection (ATP) solution?

What is the role of Insight within the Advanced Threat Protection (ATP) solution?A . Reputation-based securityB . Detonation/sandboxC . Network detection componentD . Event correlationView AnswerAnswer: A Explanation: Reference: https://www.symantec.com/content/dam/symantec/docs/brochures/atp-brochure-en.pdf

September 2, 2019 No Comments READ MORE +

Which threat is an example of an Advanced Persistent Threat (APT)?

Which threat is an example of an Advanced Persistent Threat (APT)?A . KoobfaceB . BrainC . FlamerD . CreeperView AnswerAnswer: C

August 27, 2019 No Comments READ MORE +

Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?

Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?A . SEPM embedded database nameB . SEPM embedded database typeC . SEPM embedded database versionD . SEPM embedded database passwordView AnswerAnswer: D Explanation: Reference: https://support.symantec.com/en_US/article.HOWTO125960.html

August 25, 2019 No Comments READ MORE +