250-580 exam

What is the purpose of a Threat Defense for Active Directory Deceptive Account?A . It prevents attackers from reading the contents of the Domain Admins Group.B . It assigns a fake NTLM password hash value for users with an assigned AdminCount attribute.C . It exposes attackers as they seek to...

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?A . An email with the SES_setup.zip file attachedB . An email with a link to register on the ICDm user portalC . An email with a link to directly download the SES...

Which two (2) criteria are used by Symantec Insight to evaluate binary executables? (Select two.)A . SensitivityB . PrevalenceC . ConfidentialityD . ContentE . AgeView AnswerAnswer: BE Explanation: Symantec Insight uses Prevalence and Age as two primary criteria to evaluate binary executables. These metrics help determine the likelihood that a...

After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account. Which action should the administrator take to correct the problem...

Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?A . IPv6 TunnelingB . IPSC . FirewallD . VPNView AnswerAnswer: B Explanation: The Intrusion Prevention System (IPS) in Symantec Endpoint Security (SES) plays a crucial role in defending against data leakage during a man-in-the-middle...

Which type of event does operation:1 indicate in a SEDR database search?A . File Deleted.B . File Closed.C . File Open.D . File Created.View AnswerAnswer: C Explanation: In a Symantec Endpoint Detection and Response (SEDR) database search, an event labeled with operation:1 corresponds to a File Open action. This identifier...

What EDR function minimizes the risk of an endpoint infecting other resources in the environment?A . QuarantineB . BlockC . Deny ListD . FirewallView AnswerAnswer: A Explanation: The function of "Quarantine" in Endpoint Detection and Response (EDR) minimizes the risk of an infected endpoint spreading malware or malicious activities to...

The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?A . Enable port scan detectionB . Automatically block an...

Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?A . Intrusion PreventionB . SONARC . Application and Device ControlD . Tamper ProtectionView AnswerAnswer: C Explanation: The Application and Device Control technology within Symantec Endpoint Protection (SEP) is responsible for blocking unauthorized software behaviors, such as preventing...

If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?A . Navigate to ICDm > Enrollment and disable the settingB . Unenroll the SEPM > Disable the setting > Re-enroll the SEPMC . Revoke policies from ICDmD . Revoke...