Symantec Certified Specialist (SCS) 250-428 Real Exam Questions

1. After several failed logon attempts, the Symantec Endpoint Protection Manager (SEPM) has locked the default admin account. An administrator needs to make system changes as soon as possible to address an outbreak, but the admin account is the only account.

Which action should the administrator take to correct the problem with minimal impact to the existing environment?

2. In which two areas can host groups be used? (Select two.)

3. Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?

4. Which Symantec Endpoint Protection defense mechanism provides protection against threats that propagate from system to system through the use of autorun.inf files?

5. An administrator uses the search criteria displayed in the image below.

Which results are returned from the query?

6. Which action should an administrator take to prevent users from using Windows Security Center?

7. Which two options are supported Symantec Endpoint Manager authentication types? (Select two.)

8. A Symantec Endpoint Protection (SEP) client uses a management server list with three management servers in the priority 1 list.

Which mechanism does the SEP client use to select an alternate management server if the currently selected management server is unavailable?

9. A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SET Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process.

What is the most likely reason?

10. Which setting can an administrator configure in the LiveUpdate policy?

11. A Symantec Endpoint Protection Manager (SEPM) administrator notices performance issues with the SEPM server. The Client tab becomes unresponsive in the SEPM console and .DAT files accumulate in the “agentinfo” folder.

Which tool should the administrator use to gather log files to submit to Symantec Technical Support?

12. Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

13. Which task should an administrator perform to troubleshoot operation of the Symantec Endpoint Protection embedded database?

14. An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto-Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct.

However, Auto-Protect is still enabled on the client system.

Which action should the administrator take to ensure that the desired setting is in place on the client?

15. What does SONAR use to reduce false positives?

16. Which option is a characteristic of a Symantec Endpoint Protection (SEP) domain?

17. An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

18. An administrator reports that the Home, Monitors, and Report pages are absent in the Symantec Endpoint Protection Management console when the administrator logs on.

Which action should the administrator perform to correct the problem?

19. An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the files, the infection continues to display in the logs.

Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)

20. A company deploys Symantec Endpoint Protection (SEP) to50 virtual machines running on a single ESXi host.

Which configuration change can the administrator make to minimize sudden IOPS impact on the ESXi server while each SEP endpoint communicates with the Symantec Endpoint Protection Manager?

21. An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.

What is the likely problem?

22. An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to minimize the amount of traffic from content passing through the firewall.

Which source must the administrator avoid using?

23. DRAG DROP

Match the following list of ports used by Symantec Endpoint Protection (SEP) to the defining characteristics by clicking and dragging the port on the left to the corresponding description on the right.

24. The security status on the console home page is failing to alert a Symantec Endpoint Protection (SEP) administrator when virus definitions are out of date.

How should the SEP administrator enable the Security Status alert?

25. A company receives a high number of reports from users that files being downloaded from internal web servers are blocked. The Symantec Endpoint Protection administrator verifies that the Automatically trust any file downloaded from an intranet website option is enabled.

Which configuration can cause Insight to block the files being downloaded from the internal web servers?

26. An administrator is using the SylinkDrop tool to update a Symantec Endpoint Protection client install on a system. The client fails to migrate to the new Symantec Endpoint Protection Manager (SEPM), which is defined correctly in the Sylink.xml file that was exported from the SEPM.

Which settings must be provided with SylinkDrop to ensure the successful migration to a new Symantec Endpoint Protection environment with additional Group Level Security Settings?

27. Which protection engine should an administrator enable in order to drop malicious vulnerability scans against a client system?

28. Which two settings does an administrator enable to use the Risk Tracer Feature in the Virus and Spyware Protection policy? (Select two.)

29. Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

30. Which two criteria should an administrator use when defining Location Awareness for the Symantec Endpoint Protection (SEP) client? (Select two.)

31. An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

32. What is a function of Symantec Insight?

33. Which two options are available when configuring DNS change detections for SONAR? (Select two.)

34. How are Insight results stored?

35. Which option is unavailable in the Symantec Endpoint Protection console to run a command on the group menu item?

36. A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.

Where should the administrator adjust the time to block the attacking computer?

37. Which option is a function of the Symantec Endpoint Protection client?

38. Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

39. A company has 10,000 Symantec Endpoint Protection (SEP) clients deployed using two Symantec Endpoint Protection Managers (SEPMs).

Which configuration is recommended to ensure that each SEPM is able to effectively handle the communications load with the SEP clients?

40. An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi­national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.

How should the administrator architect this organization?

41. A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen about the same time as the scheduled LiveUpdate.

Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

42. Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

43. Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade according to best practices?

44. A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

45. Which action does SONAR take before convicting a process?

46. An administrator is re-adding an existing Replication Partner to the local Symantec Endpoint Protection Manager site.

Which two parameters are required to re-establish this replication partnership? (Select two.)

47. A company uses a remote administration tool that is detected and quarantined by Symantec Endpoint Protection (SEP).

Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

48. A Symantec Endpoint Protection (SEP) administrator performed a disaster recovery without a database backup.

In which file should the SEP administrator add “scm.agent.groupcreation=true” to enable the automatic creation of client groups?

49. Why does Power Eraser need Internet access?

50. Why is Notepad unable to save the changes to the file in the image below?

51. Which package type should an administrator use to reduce a SEP environment’s footprint when considering that new SEP 14 clients will be installed on point of sale terminals?

52. CORRECT TEXT

An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP) deployment. The administrator needs to determine whether replication is viable without having to make network firewall changes or change defaults in SEP.

Which port should the administrator verify is open on the path of communication between the two proposed sites? (Type the port number.)

53. A company needs to configure an Application and Device Control policy to block read/write access to all USB removable media on its Symantec Endpoint Protection (SEP) systems.

Which tool should an administrator use to format the GUID and device IDs as required by SEP?

54. An administrator is recovering from a Symantec Endpoint Manager (SEPM) site failure.

Which file should the administrator use during an install of SEPM to recover the lost environment according to Symantec Disaster Recovery Best Practice documentation?