Online Access Free 250-441 Practice Test

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?

• A.Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
• B.Perform a healthcheck of ATP
• C.Rejoin the endpoints back to the network after completing a final virus scan
• D.Use ATP to isolate non-SEP protected computers to a remediation VLAN

An ATP administrator is setting up an Endpoint Detection and Response connection.
Which type of authentication is allowed?

• A.SQL authentication
• B.LDAP authentication
• C.Symantec Endpoint Protection Manager (SEPM) authentication
• D.Active Directory authentication

What is the second stage of an Advanced Persistent Threat (APT) attack?

• A.Discovery
• B.Exfiltration
• C.Capture
• D.Incursion

How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?

• A.Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
• B.Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain
• C.Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
• D.Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain

Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.

Correct Answer: