250-580 exam

What tool can administrators use to create custom behavioral isolation policies based on collected application behavior data?A . Behavioral Prevalence CheckB . Behavioral Heat MapC . Application CatalogD . Application Frequency MapView AnswerAnswer: C Explanation: Administrators can use the Application Catalog in Symantec Endpoint Security to create custom behavioral isolation...

Which Incident View widget shows the parent-child relationship of related security events?A . The Incident Summary WidgetB . The Process Lineage WidgetC . The Events WidgetD . The Incident Graph WidgetView AnswerAnswer: B Explanation: The Process Lineage Widget in the Incident View of Symantec Endpoint Security provides a visual representation...

A file has been identified as malicious. Which feature of SEDR allows an administrator to manually block a specific file hash?A . PlaybooksB . QuarantineC . Allow ListD . Block ListView AnswerAnswer: D Explanation: In Symantec Endpoint Detection and Response (SEDR), the Block List feature allows administrators to manually block...

Which SES feature helps administrators apply policies based on specific endpoint profiles?A . Policy BundlesB . Device ProfilesC . Policy GroupsD . Device GroupsView AnswerAnswer: D Explanation: In Symantec Endpoint Security (SES), Device Groups enable administrators to apply policies based on specific endpoint profiles. Device Groups categorize endpoints according to...

What information is required to calculate storage requirements?A . Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump sizeB . Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump sizeC . Number of endpoints, available bandwidth,...

What priority would an incident that may have an impact on business be considered?A . LowB . CriticalC . HighD . MediumView AnswerAnswer: C Explanation: An incident that may have an impact on business is typically classified with a High priority in cybersecurity frameworks and incident response protocols. Here’s a...

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?A . File DeletionB . Incident ManagerC . IsolationD . Endpoint Activity RecorderView AnswerAnswer: C Explanation: When an Incident Responder determines that an endpoint is compromised,...

How would an administrator specify which remote consoles and servers have access to the management server?A . Edit the Server Properties and under the General tab, change the Server Communication Permission.B . Edit the Communication Settings for the Group under the Clients tab.C . Edit the External Communication Settings for...

Why is Active Directory a part of nearly every targeted attack?A . AD administration is managed by weak legacy APIs.B . AD is, by design, an easily accessed flat file name space directory databaseC . AD exposes all of its identities, applications, and resources to every endpoint in the networkD...

What does a ranged query return or exclude?A . Data matching the exact field names and their valuesB . Data matching a regular expressionC . Data falling between two specified values of a given fieldD . Data based on specific values for a given fieldView AnswerAnswer: C Explanation: A ranged...