250-580 exam

If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?A . Navigate to ICDm > Enrollment and disable the settingB . Unenroll the SEPM > Disable the setting > Re-enroll the SEPMC . Revoke policies from ICDmD . Revoke...

What happens when an administrator adds a file to the deny list?A . The file is assigned to a chosen Deny List policyB . The file is assigned to the Deny List task listC . The file is automatically quarantinedD . The file is assigned to the default Deny List...

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?A . Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on...

What tool can administrators use to create custom behavioral isolation policies based on collected application behavior data?A . Behavioral Prevalence CheckB . Behavioral Heat MapC . Application CatalogD . Application Frequency MapView AnswerAnswer: C Explanation: Administrators can use the Application Catalog in Symantec Endpoint Security to create custom behavioral isolation...

Which Incident View widget shows the parent-child relationship of related security events?A . The Incident Summary WidgetB . The Process Lineage WidgetC . The Events WidgetD . The Incident Graph WidgetView AnswerAnswer: B Explanation: The Process Lineage Widget in the Incident View of Symantec Endpoint Security provides a visual representation...

A file has been identified as malicious. Which feature of SEDR allows an administrator to manually block a specific file hash?A . PlaybooksB . QuarantineC . Allow ListD . Block ListView AnswerAnswer: D Explanation: In Symantec Endpoint Detection and Response (SEDR), the Block List feature allows administrators to manually block...

Which SES feature helps administrators apply policies based on specific endpoint profiles?A . Policy BundlesB . Device ProfilesC . Policy GroupsD . Device GroupsView AnswerAnswer: D Explanation: In Symantec Endpoint Security (SES), Device Groups enable administrators to apply policies based on specific endpoint profiles. Device Groups categorize endpoints according to...

What information is required to calculate storage requirements?A . Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump sizeB . Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump sizeC . Number of endpoints, available bandwidth,...

What priority would an incident that may have an impact on business be considered?A . LowB . CriticalC . HighD . MediumView AnswerAnswer: C Explanation: An incident that may have an impact on business is typically classified with a High priority in cybersecurity frameworks and incident response protocols. Here’s a...

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?A . File DeletionB . Incident ManagerC . IsolationD . Endpoint Activity RecorderView AnswerAnswer: C Explanation: When an Incident Responder determines that an endpoint is compromised,...