- All Exams Instant Download
What EDR feature provides endpoint activity recorder data for a file hash?
What EDR feature provides endpoint activity recorder data for a file hash?A . Process DumpB . Entity DumpC . Hash DumpD . Full DumpView AnswerAnswer: B Explanation: In Symantec Endpoint Detection and Response (EDR), the Entity Dump feature provides detailed activity recorder data related to a specific file hash. This...
What should an administrator know regarding the differences between a Domain and a Tenant in ICDm?
What should an administrator know regarding the differences between a Domain and a Tenant in ICDm?A . A tenant can contain multiple domainsB . Each customer can have one domain and many tenantsC . A domain can contain multiple tenantsD . Each customer can have one tenant and no domainsView...
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?
The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM). How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?A . 10B . 20C ....
What must be entered before downloading a file from ICDm?
What must be entered before downloading a file from ICDm?A . NameB . PasswordC . HashD . DateView AnswerAnswer: C Explanation: Before downloading a file from the Integrated Cyber Defense Manager (ICDm), the hash of the file must be entered. The hash serves as a unique identifier for the file,...
Which action should the administrator take to ensure that the desired setting is in place for the client?
An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled...
How does IPS check custom signatures?
How does IPS check custom signatures?A . IPS checks for signatures listed in the table. When a detection matches an inbound or outbound traffic packet, the IPS engine continues checking for other signatures.B . IPS checks for signatures listed in the table. When a detection matches an inbound or outbound...
Which two (2) factors should the administrator consider?
In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk. Which two (2) factors should the administrator consider? (Select two.)A . The deleted file may still be in the Recycle Bin.B . IT Analytics may...
Which type of file attribute is valid for creating a block list entry with Symantec Endpoint Detection and Response (SEDR)?
Which type of file attribute is valid for creating a block list entry with Symantec Endpoint Detection and Response (SEDR)?A . SHA256B . TypeC . Date CreatedD . FilenameView AnswerAnswer: A Explanation: When creating a block list entry in Symantec Endpoint Detection and Response (SEDR), the SHA256 hash is a...
Why is it important for an Incident Responder to copy malicious files to the SEDR file store or create an image of the infected system during the Recovery phase?
Why is it important for an Incident Responder to copy malicious files to the SEDR file store or create an image of the infected system during the Recovery phase?A . To create custom IPS signaturesB . To test the effectiveness of the current assigned policy settings in the Symantec Endpoint...
What is the function of Symantec Insight?
What is the function of Symantec Insight?A . Provides reputation ratings for structured dataB . Enhances the capability of Group Update Providers (GUP)C . Increases the efficiency and effectiveness of LiveUpdateD . Provides reputation ratings for binary executablesView AnswerAnswer: D Explanation: Symantec Insight is a technology that delivers reputation ratings...
