Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)

A.

Configure a SIEM feed from the portal to the ATP environment

B.

Configure email reports on convictions

C.

Submit false positive and false negative files

D.

Query hashes

E.

Submit hashes to Insight

An Incident Responder observers and incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization suppliers. The organization to the site to continue placing orders. Network is configured in Inline Block mode?

How should the Incident responder proceed?

A.

Whitelist the domain and close the incident as a false positive

B.

Identify the pieces of malware and blacklist them, then notify the supplier

C.

Blacklist the domain and IP of the attacking site

D.

Notify the supplier and block the site on the external firewall

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

A.

Exfiltration

B.

Incursion

C.

Capture

D.

Discovery

An Incident Responder needs to remediate a group of endpoints but also wants to copy a potentially suspicious file to the ATP file store.

In which scenario should the Incident Responder copy a suspicious file to the ATP file store?

A.

The responder needs to analyze with Cynic

B.

The responder needs to isolate it from the network

C.

The responder needs to write firewall rules

D.

The responder needs to add the file to a whitelist

Which National Institute of Standards and Technology (NIST) cybersecurity function is defined as “finding

incursions”?

A.

Protect

B.

Identify

C.

Respond

D.

Detect

Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details

page? (Choose two.)

A.

Affected Endpoints

B.

Dashboard

C.

Incident Graph

D.

Events View

E.

Actions Bar

How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?

A.

Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP

B.

Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain

C.

Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain

D.

Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain

An Incident Responder launches a search from ATP for a file hash. The search returns the results

immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and

does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

A.

The search runs and returns results in ATP and then displays them in SEPM.

B.

This is only an endpoint search.

C.

This is a database search; a command is NOT sent to SEPM for this type of search.

D.

The browser cached result from a previous search with the same criteria.

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

A.

Close any open shares

B.

Identify the threat and understand how it spreads

C.

Create subnets or VLANs and configure the network devices to restrict traffic

D.

Set executables on network drives as read only

E.

Identify affected clients

Which service is the minimum prerequisite needed if a customer wants to purchase ATP: Email?

A.

Email Protect (antivirus and anti-spam)

B.

Email Safeguard (antivirus, anti-spam, encryption, data protection and image control)

C.

Symantec Messaging Gateway

D.

Skeptic