Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A large company has 150,000 endpoints with 12 SEP sites across the globe. The company now wants to

implement ATP: Endpoint to improve their security. However, a consultant recently explained that the company needs to implement more than one ATP manager.

Why does the company need more than one ATP manager?

A.

An ATP manager can only connect to a SQL backend

B.

An ATP manager can only support 30,000 SEP clients

C.

An ATP manager can only support 10 SEP site connections.

D.

An ATP manager needs to be installed at each location where a Symantec Endpoint Protection Manager (SEPM) is located.

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

Which step should the Incident Response team incorporate into their plan of action?

A.

Perform a healthcheck of ATP

B.

Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall

C.

Use ATP to isolate non-SEP protected computers to a remediation VLAN

D.

Rejoin the endpoints back to the network after completing a final virus scan

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

A.

Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

B.

Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

C.

Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

D.

Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:

Network to scan internet traffic at both sites.

Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?

A.

Site A 8840 x4 – Site B 8880 x2

B.

Site A 8880 x2 – Site B 8840 x1

C.

Site A 8880 x1 – Site B 8840 x6

D.

Site A 8880 x1 – Site B 8880 x2

During a recent virus outlook, an Incident found that the incident Response team was successful in identifying malicious that were communicating with the infected endpoint.

Which two (2) options should be incident Responder select to prevent endpoints from communicating with malicious domains?

A.

Use the isolation command in ATP to move endpoint to quarantine network.

B.

Blacklist suspicious domain in the ATP manager.

C.

Deploy a high-Security antivirus and Antispyware policy in the Symantec Endpoint protection Manager (SEPM.)

D.

Create a firewall rule in the Symantec Endpoints Protection Manager (SEPM) or perimeter firewall that blocks

E.

traffic to the domain.

F.

Run a full system scan on all endpoints

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

A.

Reputation-based security

B.

Event correlation

C.

Network detection component

D.

Detonation/sandbox

An Incident Responder wants to use a STIX file to run an indicate of components (IOC) search.

Which format must the administrator use for the file?

A.

.csv

B.

.xml

C.

.mht

D.

.html

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)

web services?

A.

8446

B.

8081

C.

8014

D.

1433

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization’s network

to deliver targeted malware?

A.

Incursion

B.

Discovery

C.

Capture

D.

Exfiltration

Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?

A.

To have a copy of the file policy enforcement

B.

To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)

C.

To create custom IPS signatures

D.

To document and preserve any pieces of evidence associated with the incident