Online Access Free 250-441 Practice Test

An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?

• A.Endpoint search filename ="msscrt.pdf"
• B.Database search msscrt.pdf
• C.Endpoint search filename like msscrt.pdf
• D.Database search filename "msscrt.pdf"

Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?

• A.ATP: Email
• B.ATP: Network
• C.ATP: Roaming
• D.ATP: Endpoint

Which threat is an example of an Advanced Persistent Threat (APT)?

• A.Koobface
• B.Brain
• C.Flamer
• D.Creeper

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

• A.Identify affected clients
• B.Create subnets or VLANs and configure the network devices to restrict traffic
• C.Set executables on network drives as read only
• D.Identify the threat and understand how it spreads
• E.Close any open shares

A medium-sized organization with 10,000 users at Site A and 20,000 users at Site B wants to use ATP:
Network to scan internet traffic at both sites.
Which physical appliances should the organization use to act as a network scanner at each site while using the fewest appliances and assuming typical network usage?

• A.Site A 8880 x1 - Site B 8840 x6
• B.Site A 8840 x4 - Site B 8880 x2
• C.Site A 8880 x2 - Site B 8840 x1
• D.Site A 8880 x1 - Site B 8880 x2