250-580 exam

How would an administrator specify which remote consoles and servers have access to the management server?A . Edit the Server Properties and under the General tab, change the Server Communication Permission.B . Edit the Communication Settings for the Group under the Clients tab.C . Edit the External Communication Settings for...

Why is Active Directory a part of nearly every targeted attack?A . AD administration is managed by weak legacy APIs.B . AD is, by design, an easily accessed flat file name space directory databaseC . AD exposes all of its identities, applications, and resources to every endpoint in the networkD...

What does a ranged query return or exclude?A . Data matching the exact field names and their valuesB . Data matching a regular expressionC . Data falling between two specified values of a given fieldD . Data based on specific values for a given fieldView AnswerAnswer: C Explanation: A ranged...

Which SES advanced feature detects malware by consulting a training model composed of known good and known bad files?A . SignaturesB . ReputationC . Artificial IntelligenceD . Advanced Machine LearningView AnswerAnswer: D Explanation: The Advanced Machine Learning feature in Symantec Endpoint Security (SES) uses a sophisticated model trained on a...

Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?A . Mismatched Port - Application TrafficB . Irregularities in Privileged User Account ActivityC . Surges in Database...

What is a feature of Cynic?A . Local SandboxingB . Forwarding event data to Security Information and Event Management (SIEM)C . Cloud SandboxingD . Customizable OS ImagesView AnswerAnswer: C Explanation: Cynic is a feature of Symantec Endpoint Security that provides cloud sandboxing capabilities. Cloud sandboxing allows Cynic to analyze suspicious...

Which report template type should an administrator utilize to create a daily summary of network threats detected?A . Intrusion Prevention ReportB . Blocked Threats ReportC . Network Risk ReportD . Access Violation ReportView AnswerAnswer: C Explanation: To create a daily summary of network threats detected, an administrator should use the...

What should an administrator utilize to identify devices on a Mac?A . Use DevViewer when the Device is connected.B . Use Devicelnfo when the Device is connected.C . Use Device Manager when the Device is connected.D . Use GatherSymantecInfo when the Device is connected.View AnswerAnswer: D Explanation: To identify devices...

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat. Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?A . Risk logB . Computer Status...

What is an appropriate use of a file fingerprint list?A . Allow unknown files to be downloaded with InsightB . Prevent programs from runningC . Prevent Antivirus from scanning a fileD . Allow files to bypass Intrusion Prevention detectionView AnswerAnswer: B Explanation: A file fingerprint list is used to prevent...