Practice Test: Symantec 250-311

Symantec 250-311
250-311 Admin for Symantec Endpoint Protection 11.0 for windows
Practice Test
Updated: Sep 30, 2009 Version 1.0
Symantec 250-311: Practice Exam QUESTION NO: 1 Which installation type options are available when defining Client Install Settings? A. Interactive, Silent, and Unattended B. Interactive, Restart, and Silent C. Restart, Silent, and Unmanaged D. Enable, Log, and Silent Answer: A
QUESTION NO: 2 In which Client Management Log can you identify when the client last connected to the Symantec Endpoint Protection Manager? A. Control B. Security C. System D. Compliance Answer: C
QUESTION NO: 3
Which log type displays configured firewall connections? A. Compliance B. System C. Traffic D. Audit Answer: C
QUESTION NO: 4 What are the three configurable actions in TruScan Proactive Threat Scan? (Choose three.) A. log suspect process only B. set a public SNMP trap C. quarantine suspect process D. terminate the suspect process "Pass Any Exam. Any Time." - www.actualtests.com 2
Ac
tua
lTe
sts
.co
Symantec 250-311: Practice Exam E. generate dump of system state F. suspend the suspect process Answer: A,C,D
QUESTION NO: 5 Which firewall technique helps prevent OS fingerprinting? A. randomize TTL value B. close the IDENT port C. use varying ranges of ephemeral ports D. set QOS values to 0
QUESTION NO: 6
Answer: B,C
QUESTION NO: 7
Which statement is true about the Database Backup and Restore utility? A. It only backs up an embedded database. B. It allows you to define the backup location. C. It saves database backups to the local computer. D. It is run from the Symantec Endpoint Protection Manager console. Answer: C
"Pass Any Exam. Any Time." - www.actualtests.com
Ac
tua
A. protocol anomaly based engine B. stream based engine C. packet based engine D. inference based engine E. reputation based engine
lTe
sts
Which two engines does Symantec Intrusion Prevention contain that identify attack signatures? (Choose two.)
.co
Answer: A
Symantec 250-311: Practice Exam QUESTION NO: 8 In which order are exceptions processed? A. antispyware then antivirus B. administrator then user C. Intrusion Prevention then firewall D. Computer mode then User mode Answer: B
QUESTION NO: 9 What is a possible use for a Custom IPS signature? A. to send a TCP reset B. to detect connected USB devices C. to identify Internet Relay Chat (IRC) D. to identify presence of a file on a local hard drive Answer: C
QUESTION NO: 10
A. Desktops B. Laptops C. Group 1 D. Group A Answer: C
QUESTION NO: 11 When a security-related condition is met, which notification action can be performed? A. send an SNMP trap B. alert with a GUI popup on the admin console C. run a batch file or another executable file "Pass Any Exam. Any Time." - www.actualtests.com 4
Ac
tua
Inheritance is turned on for groups LLSCO, Group A, Laptops, and Group 2 (outlined). Without turning inheritance off, which top level group must be modified to affect users in the Laptop group?
lTe
sts
.co
Symantec 250-311: Practice Exam D. send an alert to a client Answer: C
QUESTION NO: 12 When a Group Update Provider (GUP) goes offline, what provides definition updates to the GUP's clients? A. Symantec LiveUpdate Servers B. Internal LiveUpdate Server C. Symantec Endpoint Protection Manager D. A different Group Update Provider
QUESTION NO: 13
Answer: A,B,D
QUESTION NO: 14
On which Symantec Endpoint Protection Manager console page are notifications configured? A. Home B. Monitors C. Reports D. Admin Answer: B
Ac
tua
A. wildcards B. drive type C. username D. regular expressions E. port used by process
lTe
sts
Which criteria can be used to define a process when creating an Application Control rule? (Choose three.)
.co
Answer: C
Symantec 250-311: Practice Exam QUESTION NO: 15 What can you select when defining a new administrator account? A. a minimum and maximum password length B. a logon attempt threshold C. a specific management server D. a domain Answer: B
QUESTION NO: 16 Which three communication options can client communication to an internal LiveUpdate server use? (Choose three.) A. HTTP B. SSH C. UNC D. FTP E. TFTP Answer: A,C,D
What are two possible reasons that the scan failed to start? (Choose two.) A. The user was logged off of the computer. B. Delay scheduled scans when running on battery was enabled. C. Scan Progress options were set to not show progress. D. Auto-Protectwas disabled. E. Auto-Protectwas unlocked. Answer: A,B
QUESTION NO: 18 "Pass Any Exam. Any Time." - www.actualtests.com 6
Ac
A user of the Lifeline Supply Company added a daily 10:00 am scheduled scan to their Symantec Endpoint Protection Client. After reviewing the logs, the user confirms that the scan failed to start at 10:00 am.
tua
QUESTION NO: 17
lTe
sts
.co
Symantec 250-311: Practice Exam The administrator enabled the upload of a list of applications that clients ran, however, the list is empty. What is the cause of the problem? A. The administrator lacks the necessary domain credentials to view applications on the clients. B. The administrator disabled application learning at the site level. C. The endusers disabled learned applications. D. he end users moved the applications to hidden folders. Answer: B
QUESTION NO: 19 Using the Migration and Deployment Wizard, how can you identify computers for deployment? A. by defining the appropriate management server list B. by selecting the IP addresses from a domain server C. by importing a text file of computer names D. by importing a text file of computer IP addresses Answer: D
A. configure Proxy Settings at the site level B. configure Proxy Settings at the server level C. configure Proxy settings on the LiveUpdate Client on the manager D. configure a Group Update Provider Answer: B
QUESTION NO: 21 Where do you configure the LiveUpdate schedule for a client? A. LiveUpdate Settings policy
Ac
Which step must be taken on the Symantec Endpoint Protection Manager to receive updates?
tua
Lifeline Supply Company recently installed a proxy server and configured firewall rules to only allow HTTP traffic through the perimeter firewall. Since the change, Symantec Endpoint Protection is unable to receive updates.
lTe
QUESTION NO: 20
sts
.co
Symantec 250-311: Practice Exam B. LiveUpdate Content policy C. Push or Pull heartbeat settings D. Antivirus and Antispyware policy Answer: A
QUESTION NO: 22 What is always replicated when replicating data between Symantec Endpoint Protection Managers? A. policies, domains, install packages B. content,install packages, logs C. administrators, groups, policies D. groups, logs, policies Answer: C
Which two types of firewall settings are found in Symantec Endpoint Protection? (Choose two.) A. stealth B. address transforms C. protocol abnormality detection D. smart traffic filters E. VPN tunneling Answer: A,D
QUESTION NO: 24 Which statement is true about Intrusion Prevention? A. It must be managed from the policies applied only to the Global group. B. It is a line of network defense after the firewall processes. C. It is unavailable for use in an unmanaged client. D. It provides secure tunneling for replication content. Answer: B
Ac
tua
lTe
sts
QUESTION NO: 23
.co
Symantec 250-311: Practice Exam QUESTION NO: 25 An administrator wants to create an Application Control rule that prevents notepad.exe from being executed from the command prompt, but allows the command prompt to remain running. Which action must be used? A. Continue Processing B. Allow Access C. Block Access D. Terminate Process Answer: C
Answer: C
QUESTION NO: 27 Refer to the exhibit.
Based on the rules in the exhibit, what happens if the rule set is applied? A. All computers can access the website www.symantec.com. B. All computers can surf the Internet using Port 80. C. All computers will have all communications blocked. D. All computers will have all communications allowed. Answer: C
QUESTION NO: 28 An administrator believes that client computers are running different software versions of Symantec Endpoint Protection. "Pass Any Exam. Any Time." - www.actualtests.com 9
Ac
tua
lTe
sts
A. Intrusion Prevention settings B. Antivirus and Antispyware settings C. General settings for that group D. Application and Device Control settings
.co
Where is Tamper Protection enabled or disabled?
QUESTION NO: 26
Symantec 250-311: Practice Exam Which report type shows which client computers are running different software versions? A. Application and Device Control Report B. System Report C. Compliance Report D. Computer Status Report Answer: D
QUESTION NO: 29 You trigger on "Services" in a firewall rule.
Answer: C
QUESTION NO: 30
What happens when you mark the "Enable NetBIOS Protection" checkbox? A. verifies remote computer identity using WINS server lookup B. blocks NetBIOS requests on all NetBIOS potts C. permits NetBIOS connections from local subnet only D. dynamically adds an allow rule for NetBIOS Answer: C
QUESTION NO: 31 Lifeline Supply Company employs 900 individuals at their location. Their data center is running Microsoft Exchange 2007 and an Oracle database. They are currently running different versions of Symantec Antivirus Corporate Edition managed through the Symantec System Center. They plan to migrate to Symantec Endpoint Protection and the IT director has to consider cost to benefit ratios given budgetary restrictions. "Pass Any Exam. Any Time." - www.actualtests.com 10
Ac
tua
lTe
sts
A. physical B. network C. transport D. presentation
.co
Which layer of the OSI model does this trigger analyze?
Symantec 250-311: Practice Exam Which site design best fits this company's cost to benefit ratio requirements? A. single site design with the embedded database and one Symantec Endpoint Protection Manager B. single site design with clustered Microsoft SQL databases and multiple Symantec Endpoint Protection Managers C. single site design with one Microsoft SQL database and multiple Symantec Endpoint Protection Managers D. single site design with the embedded database and multiple Symantec Endpoint Protection Managers Answer: A
QUESTION NO: 32
Answer: D
QUESTION NO: 33
From which location in the Symantec Endpoint Protection Manager console is a Group Update Provider configured? A. Policies page > LiveUpdate Settings policy > Server Settings B. Policies page > LiveUpdate Settings policy > Advanced Settings C. Policies page > LiveUpdate Content policy D. Clients page > Policies tab > Settings > LiveUpdate Content policy Answer: A
QUESTION NO: 34 A group is configured for Pull communication. New policies become available on the Symantec Endpoint Protection Manager that manages the clients within this group. A. at the scheduled LiveUpdate time
Ac
tua
lTe
sts
A. Learned applications can often expose usernames and passwords. B. Learned applications require promiscuous mode. C. Learned applications are often legitimate programs D. Learned applications are illegal in some countries
.co
What is one reason for disabling learned applications?
11
Symantec 250-311: Practice Exam B. as soon as the policies are saved C. on the next connection to the Group Update Provider D. at the scheduled heartbeat interval Answer: D
QUESTION NO: 35 If configured correctly, which statement is true about Location Awareness? A. The locations will switch at the next heartbeat interval when in Push Mode. B. The locations will switch at the next heartbeat interval when in Pull Mode. C. The locations will switch automatically when a new connection is detected. D. The locations will only switch when connected to the corporate network. Answer: C
QUESTION NO: 36
Which label is given to a program or algorithm that replicates itself over a computer network and usually performs malicious actions? A. virus B. zero-dayexploit C. spam D. worm Answer: D
QUESTION NO: 37
Which statement is true about the default Antivirus and Antispyware policy setting for TruScan Proactive Threat Scan Sensitivity? A. Default Sensitivity level is set to 50. B. Default Sensitivity is locked. C. Default Sensitivity level is unlocked D. Default Sensitivity level is client configurable. Answer: B
Ac
tua
lTe
sts
.co
12
Symantec 250-311: Practice Exam QUESTION NO: 38 Which Network Threat Protection technologies of the Symantec Endpoint Protection client provide the primary protection layers against network attacks? A. Proactive Threat Protection and Network Access Control B. Proactive Threat Protection and Client Firewall C. Intrusion Prevention and Client Firewall D. Client Firewall and Network Access Control Answer: C
QUESTION NO: 39
Which feature has the administrator failed to activate? A. System Lockdown B. Client Password Protection C. Network Threat Protection D. Tamper Protection Answer: D
QUESTION NO: 40
Which five components are incorporated in Symantec Endpoint Protection 11.0? (Choose five.) A. antispam B. application and device control C. full disk encryption D. host integrity E. antivirus F. antispyware G. content filtering H. intrusion prevention I. client firewall J. asset management Answer: B,E,F,H,I
Ac
tua
lTe
sts
.co
An administrator discovers that several critical Symantec Endpoint Protection processes are being stopped on a nightly basis.
13
Symantec 250-311: Practice Exam
QUESTION NO: 41 What effects does lowering the TruScan Proactive Threat Scan sensitivity level have? A. lower false positive, lower false negative B. higher false positive, higher false negative C. higher false positive, lower false negative D. lower false positive, higher false negative Answer: D
QUESTION NO: 42 Which criteria is used to define a Tamper Protection exception? A. process ID B. file name C. user account D. process owner Answer: B
Which three authentication methods are supported with Symantec Endpoint Protection? (Choose three.) A. LDAP Authentication B. Symantec Endpoint Protection C. Kerberos D. SecurlD E. Biometric Answer: A,B,D
QUESTION NO: 44 What are three valid actions for an Antivirus and Antispyware policy when a Security Risk (e.g., spyware, adware, hacking tools, remote control) is detected? (Choose three.)
Ac
tua
QUESTION NO: 43
lTe
sts
.co
14
Symantec 250-311: Practice Exam A. quarantine the suspect code B. block the source IP C. delete the suspect file D. log the detection only E. repair the infected file Answer: A,C,D
QUESTION NO: 45 In the Symantec Endpoint Protection Manager console, where do you modify replication? A. Admim > Servers > Server Properties > Directory Servers B. Admin > Servers > Local Site > Replication Partner C. Policies > Management Server Lists > Replication D. Admin > Servers > Database > Tasks Answer: B
QUESTION NO: 46
Answer: D
QUESTION NO: 47 How do you configure Symantec Endpoint Protection to load balance clients between multiple Symantec Endpoint Protection Managers (SEPMs)? A. locate the clients in the same subnet as the SEPMs B. assign clients to Group Update Providers C. set the same priority for each SEPM in the Management Server List D. enable directory synchronization
Ac
A. Local Administrator B. Administrator C. Domain Administrator D. System Administrator
tua
lTe
Which account type has full access and permissions for all areas of Symantec Endpoint Protection Manager?
sts
.co
15
Symantec 250-311: Practice Exam Answer: C
QUESTION NO: 48 Which default port does the Group Update Provider use? A. 636 B. 1433 C. 2967 D. 9090 Answer: C
QUESTION NO: 49
A Centralized Exception Policy can be created for which items? A. folders, files, and registry entries B. folders, extensions, and known risks C. files, extensions, and registry entries D. files, known risks, and devices Answer: B
QUESTION NO: 51 Which file type would you acquire from Symantec to manually update the Symantec Endpoint Protection Manager? "Pass Any Exam. Any Time." - www.actualtests.com 16
Ac
QUESTION NO: 50
tua
Answer: A,C,D
lTe
A. It can export to a syslog server. B. It can export by scheduled task. C. It can filter by log type. D. It can filter by log severity E. It can encrypt. F. It can compress.
sts
.co
What are three characteristics of external logging? (Choose three.)
Symantec 250-311: Practice Exam A. .XML B. .JDB C. .XDB D. .GRD Answer: B
QUESTION NO: 52 You have created a firewall policy that allows certain applications and blocks others. However, some applications are being blocked that should be allowed. Which log should you view to troubleshoot this issue? A. System log B. Packet log C. Traffic log D. Client log Answer: C
QUESTION NO: 53
A. when you open the email from your associate B. when the .ZIP file is opened C. when the .ZIP file is saved to your desktop D. when you close the email from your associate Answer: B
QUESTION NO: 54 When using location awareness, when will the default location be used? (Choose two.) A. when no location conditions meet the criteria "Pass Any Exam. Any Time." - www.actualtests.com 17
Ac
When will Auto-Protect detect this infected file?
tua
You receive an email from an associate with a .ZIP file attached. Your associate informs you there are three files in the .ZIP file you need for your presentation tomorrow. What neither you nor your associate realize is one of the files is infected with a virus.
lTe
sts
.co
Symantec 250-311: Practice Exam B. when there is only one location C. when the group is Temporary D. when the client is at a Wi-Fi hotspot E. when it is the most restrictive policy Answer: A,B
QUESTION NO: 55 You can export a client package as a single __________. A. .ZIP file B. .EXE file C. .RAR file D. TAR file Answer: C
Answer: B
QUESTION NO: 57 Which feature can be configured to increase or decrease resource consumption of scheduled scans? A. scan frequency B. scan progress options C. heartbeat interval "Pass Any Exam. Any Time." - www.actualtests.com 18
Ac
A. 1443 B. 2967 C. 8443 D. 9090
tua
For the Group Update Provider to communicate with the Symantec Endpoint Protection Manager, the administrator must ensure the client firewall policy permits traffic on which default port?
lTe
The Symantec Endpoint Protection administrator is configuring a client as a Group Update Provider. The Symantec Endpoint Protection client firewall is enabled on this client.
sts
QUESTION NO: 56
.co
Symantec 250-311: Practice Exam D. tuning options Answer: D
QUESTION NO: 58 On which two ports can the LDAP query run when Symantec Endpoint Protection Manager connects to the LDAP server? (Choose two.) A. 80 B. 139 C. 389 D. 443 E. 636 Answer: C,E
QUESTION NO: 59
Which page is used to create login accounts to the Symantec Endpoint Protection Manager console? A. Policies B. Home C. Admin D. Clients Answer: A
QUESTION NO: 60
A company installed two Symantec Endpoint Protection Managers in one site. ServerA was installed first followed by ServerB. Later, administrators replaced ServerA with a new server, ServerC. Since ServerA was replaced, email notifications have ceased functioning. Which two steps are needed to repair email notifications? (Choose two.) A. in Site Properties, configure ServerC to provide the notifications B. in ServerC Server Properties, configure ServerC to provide the notifications C. in ServerC Server Properties, configure the SMTP Server settings D. in Site Properties, configure the SMTP Server settings "Pass Any Exam. Any Time." - www.actualtests.com 19
Ac
tua
lTe
sts
.co
Symantec 250-311: Practice Exam E. restore the site certificate to ServerC Answer: A,C
QUESTION NO: 61 On which Symantec Endpoint Protection Manager console pages can you directly view summary risk data that is displayed in a graph? A. Monitors and Reports B. Home and Monitors C. Home and Reports D. Logs and Reports
QUESTION NO: 62
Answer: D
QUESTION NO: 63 When Auto-Protect is enabled, protection is optional for which type of file access? A. Write B. Delete C. Backup D. Restore Answer: C
Ac
tua
A. give the person access to the report directory B. give the person access to the database directory C. assign the person Limited Administrator rights with Print Only D. assign the person Limited Administrator rights and View Reports
lTe
How can they accomplish this?
sts
A company has multiple Symantec Endpoint Protection administrators. They want to prevent one of the administrators from making any changes to the policies, yet still print reports.
.co
Answer: B
20
Symantec 250-311: Practice Exam QUESTION NO: 64 Which command set can you locate in the Internet Information Service (IIS) logs to verify that the client is communicating with the Symantec Endpoint Protection Manager? A. OPEN and READ B. READ and CLOSE C. GET and POST D. GET and PUT Answer: C
QUESTION NO: 65
Which protection technology in Symantec Endpoint Protection could remediate these rootkits? A. Host Integrity B. Antivirus and Antispyware Protection C. Network Threat Protection D. Application and Device Control Answer: B
QUESTION NO: 67
Ac
Lifeline Supply Company found during a recent audit that the current security solution for their desktops and servers missed several rootkits within their environment. These rootkits have compromised several company computers.
tua
QUESTION NO: 66
lTe
Answer: B,D
sts
A. Security logs B. Traffic logs C. System logs D. Packet logs E. Audit logs
.co
When creating a firewall rule, which two logging options are allowed? (Choose two.)
21
Symantec 250-311: Practice Exam Lifeline Supply Company wants to reduce or eliminate the HelpDesk calls they receive due to end users modifying, moving, or deleting configuration files. Which component of Symantec Endpoint Protection will allow the IT administrator to prevent users from altering configuration files? A. TruScan Proactive Threat Scan B. Device Control C. Application Control D. Host Integrity Answer: C
QUESTION NO: 68 Which log can have the most significant performance impact on Symantec Endpoint Protection Manager? A. Traffic B. Audit C. Packet D. System Answer: C
QUESTION NO: 69
A. by site B. by location C. on a per user basis D. on a per computer basis Answer: B
QUESTION NO: 70 Where can you edit a non-shared policy? A. Clients
Ac
How does an administrator manage Client User Interface Control settings?
tua
lTe
sts
.co
22
Symantec 250-311: Practice Exam B. Monitors C. Home D. Admin Answer: A
QUESTION NO: 71 Centralized Exceptions are exported as which file type? A. .DAT b. .zip C. .EXE D. .XML Answer: A
QUESTION NO: 72 On what can administrator authentication be based?
Answer: C
QUESTION NO: 73
What is the maximum number of Symantec Endpoint Protection Managers that can be implemented within a site that is deployed with the embedded database component? A. 1 B. 2 C. 3 d. 5 Answer: A
Ac
tua
A. Symantec Management Server authentication only B. Symantec Management Server, PEAP, or RSA SecurlD authentication C. Symantec Management Server, LDAP, or RSA SecurlD authentication D. Symantec Management Server, LDAP, RSA SecurlD, or PEAP authentication
lTe
sts
.co
23
Symantec 250-311: Practice Exam QUESTION NO: 74 What is the function of DHCP smart traffic filtering? A. checks for IP spoofing B. defines permitted DHCP servers C. allows DHCP commands and responses D. adds a DHCP rule above the blue line Answer: C
QUESTION NO: 75 A new employee with Lifeline Supply Company has just been placed in the Symantec Endpoint Protection Manager group. The employee has been granted limited administrator access to the Symantec Endpoint Protection Manager computer. All credentials have been set up by the security teams for network and system access via the directory server. Which password must the employee use to log in to the Symantec Endpoint Protection Manager once the account is created? A. the password associated with the directory server domain administrator account B. the password established in Symantec Endpoint Protection Manager C. the password associated with the Active Directory user account D. the password associated with the limited administrator account Answer: C
QUESTION NO: 76
What are two uses of Application Control? (Choose two.) A. prevents registry access B. prevents file creation C. blocks applications from accessing ports D. buffer overflow protection E. checks for OS patches Answer: A,B
QUESTION NO: 77 "Pass Any Exam. Any Time." - www.actualtests.com 24
Ac
tua
lTe
sts
.co
Symantec 250-311: Practice Exam A company has a large sales force who travel with laptops. They want to block USB access on the laptops when they are disconnected from the corporate network. Which two things are required to achieve this? (Choose two.) A. multiple sites B. multiple locations C. firewall policy D. device control policy E. host integrity policy Answer: B,D
QUESTION NO: 78 When can you delete a location? A. when the location is the default B. when the group has inheritance turned off C. when all client computers are disconnected D. when the policy has been withdrawn Answer: B
Which two tasks must be performed to replicate data between the regional centers? (Choose two.) A. manually synchronize the databases daily B. create separate sites for each SEPM C. define the replication partners for each site D. create two domains, each with its own System Administrator E. use backup and restore utilities to transfer databases between sites F. ensure each site defines unique groups, administrators, and policies Answer: B,C
Ac
Lifeline Supply Company plans to install a Symantec Endpoint Protection Manager (SEPM) in each of their two regional centers. Their plan defines that the SEPMs use the embedded database and each contains the same content.
tua
QUESTION NO: 79
lTe
sts
.co
25
Symantec 250-311: Practice Exam QUESTION NO: 80 Lifeline Supply Company has a number of sales people who travel with laptops. They have decided to put them into a single group named "Laptops" and implement location awareness. They have set up four locations A. the last edited location B. the default location C. the Global group location D. the first alphabetically listed location Answer: B
QUESTION NO: 81 The administrator at Lifeline Supply Company wants to use the Symantec Endpoint Protection Manager to upgrade clients to the latest Maintenance Release. What must be done to distribute the delta install packages to the client. A. export new install packages to deploy with the Altiris Integration Component B. deploy the maintenance release with the Migration and Deployment tools C. add a new Client Install Package with the maintenance release D. enable the product update settings in the LiveUpdate Policy Answer: C
The administrators at Lifeline Supply Company have a manufacturing facility that runs three shifts. Employees at the facility must share computers. The administrators want the ability to apply different policies/configurations for each shift. A. create one group for all computers in the facility B. create one group for all users in the facility C. create one group for all computers on each shift D. create one group for all users on each shift E. switch the clients to computer mode F. switch the clients to user mode Answer: D,F
Ac
QUESTION NO: 82
tua
lTe
sts
.co
26
Symantec 250-311: Practice Exam QUESTION NO: 83 Which type of backup file does the Symantec Endpoint Protection Manager database backup create? A. .TXT file B. TAR file C. .ZIP file D. .DAT file Answer: C
QUESTION NO: 84
Which statement is true about Device Control when creating installation packages? A. If you disable Network Threat Protection, Device Control is automatically disabled. B. If you disable Device Control, Network Threat Protection is automatically disabled. C. If you disable Proactive Threat Protection, Device Control is automatically disabled. D. If you disable Device Control, Proactive Threat Protection is automatically disabled. Answer: A
QUESTION NO: 86 The Symantec Endpoint Protection Manager supports the use of which database solutions? (Choose two.) A. Microsoft SQL Server 2000 B. MySQL Server 2005 "Pass Any Exam. Any Time." - www.actualtests.com 27
Ac
tua
QUESTION NO: 85
lTe
Answer: C,D,E
sts
A. policies B. firewall rules C. non-malware commercial applications D. IPS signatures E. decomposer
.co
Which three types of content are updated through LiveUpdate? (Choose three.)
Symantec 250-311: Practice Exam C. Microsoft SQL Server 2005 D. Oracle Database 11 g E. Oracle Database 9i Answer: A,C
QUESTION NO: 87 How can an administrator permit a user to configure options for their Symantec Endpoint Protection client? A. set Client User Interface Control Settings to Computer mode B. add the user as a client administrator C. assign a policy that permits Client Configuration D. set Client User Interface Control settings to Client control Answer: D
A. user accounts B. security groups C. organizational units D. computers E. security policies F. resources Answer: A,C,D
QUESTION NO: 89 An administrator wants to minimize the time it takes to create application specific firewall rules. Which method of tracking applications results in the fewest configuration changes to ease firewall rule creation?
Ac
tua
Which three objects are imported into Symantec Endpoint Protection Manager from Active Directory? (Choose three.)
lTe
As the Symantec Endpoint Protection Manager administrator, you are importing from an Active Directory environment. Your director wants to know which object types are being imported.
sts
QUESTION NO: 88
.co
28
Symantec 250-311: Practice Exam A. tracking applications on the Site Properties B. tracking applications in the Intrusion Prevention policy C. tracking applications in the Host Integrity policy D. tracking applications through Management Server Lists Answer: A
QUESTION NO: 90 When must a Symantec Endpoint Protection client reboot during or after installation in order to be fully functional? (Choose three.) A. when MSI 3.0 is installed on the client B. when only Antivirus and Antispyware have been installed on the client C. when only Network Threat Protection has been installed on the client D. when Antivirus, Antispyware, and Proactive Threat Protection have been installed on the client E. when all features of Symantec Endpoint Protection have been installed on the client Answer: A,C,E
QUESTION NO: 91
The IT administrator needs to provide a monthly report to management that shows the viruses that have been detected on the network. Which action achieves this with the least amount of work? A. create a New Risk Detected notification under Monitors > Notifications, using the past month as the time range B. create a Scheduled Risk Report to run monthly, which automatically emails to selected users C. run an Update Status and Scan command on clients and check the Command status monthly D. run a compliance report and export the Home page dashboard into a report application monthly Answer: B
QUESTION NO: 92 What does a LiveUpdate Content policy define? A. maximum size of a content update sent to clients B. version of content updates to use "Pass Any Exam. Any Time." - www.actualtests.com 29
Ac
tua
lTe
sts
.co
Symantec 250-311: Practice Exam C. file format of content updates D. LiveUpdate communication method Answer: B
QUESTION NO: 93 What controls access from one network segment to another? A. hub B. MTA C. sensor D. firewall
QUESTION NO: 94
Answer: D
QUESTION NO: 95
For which two items can users create exceptions? (Choose two.) A. TruScan Proactive Threat Scan B. Client Firewall C. Tamper Protection D. Security Risks E. Quarantine Answer: A,D
QUESTION NO: 96
Ac
tua
lTe
A. keeps a constant connection to the Symantec Endpoint Protection Manager B. connects at the LiveUpdate interval C. operates exclusively in client mode D. connects based on a heartbeat interval
sts
What does a client do when communicating in Pull Mode?
.co
Answer: D
30
Symantec 250-311: Practice Exam Which three items can be used when creating Symantec Endpoint Protection firewall rules? (Choose three.) A. User ID B. Subnet Mask C. Network Adapter D. Network Service E. Application Answer: C,D,E
QUESTION NO: 97 Lifeline Supply Company deploys a freeware application, EasyWealherView, that is funded by advertising. It is detected by Symantec Endpoint Protection as Adware.WeatherBorg because it includes banner advertisements in its client interface. The company accepts the risk and treats EasyWeatherView as an undetected application and bypasses the standard adware policy actions. How can this best be configured in Symantec Endpoint Protection? A. edit the Antivirus and Antispyware policy and set the Primary Action for security risks to "Leave Alone" B. edit the Exclusion policy to exclude Adware.WeatherBorg from detection by marking the "Exclude" checkbox in the threat list and clearing the "Log Option" checkbox C. edit the Application and Device Control policy and clear the EasyWeatherView checkbox in the Security Risk list for exclusions D. edit the Antivirus and Antispyware policy and set both the Primary and Secondary actions for Adware to "Ignore" Answer: B
QUESTION NO: 98 Lifeline Supply Company is upgrading to the latest version of Symantec Endpoint Protection. Some managers want you to provide daily reports on the migration process by the close-ofbusiness. What are two methods that can be used to provide the daily progress reports? (Choose two.) A. save daily reports as csv files and email to the managers B. save daily reports as Word files and email to the managers
Ac
tua
lTe
sts
.co
31
Symantec 250-311: Practice Exam C. save daily reports as *.mht files and email to the managers D. set up a scheduled report and import csv list of recipients email addresses E. set up a scheduled report and enter the managers' email addresses manually F. set up a scheduled report and use the Outlook plug-in to email the managers Answer: C,E
QUESTION NO: 99 How do administrators back up the embedded database using the tools provided with the Symantec Endpoint Protection Manager? A. select Start > Programs > Accessories > System Tools > Backup B. select Start > Programs > Symantec Endpoint Protection Manager > Database Backup and Restore C. launch Symantec Endpoint Protection Manager Console > Admin page > Database Backup and Restore D. launch Symantec Endpoint Protection Manager Console > Admin page > launch Backup and Restore Wizard Answer: B
QUESTION NO: 100
A. how and where clients receive updates B. the specific update revisions the clients can download C. whether clients are able to download updates manually D. how often clients are able to receive updates E. which types of updates clients can download Answer: B,E
QUESTION NO: 101 An administrator wants to hide the Symantec Endpoint Protection client on certain computers. Which action should the administrator take to permit this configuration? A. mark the "Hide client" checkbox for Client User Interface Settings B. set Client User Interface Settings to Client mode "Pass Any Exam. Any Time." - www.actualtests.com 32
Ac
tua
LiveUpdate Content policies provide control over which two types of settings? (Choose two.)
lTe
sts
.co
Symantec 250-311: Practice Exam C. set Client User Interface Settings to Mixed mode D. clear the "Display client" checkbox for Client User Interface Settings Answer: D
QUESTION NO: 102 A manager complains that a specific Windows 2003 server slows down everyday at 10:00 am. You decide to review the logs from the Symantec Endpoint Protection Manager. Which three log filters can help narrow the search for this issue? (Choose three.) A. Filter by Time range B. Filter by Computer C. Filter by Server D. Filter by Policy version E. Filter by Online status F. Filter by Product version G. Filter by IP address Answer: A,B,G
QUESTION NO: 103
Answer: B
QUESTION NO: 104 How can you verify that the client is receiving the latest policy updates from the Symantec Endpoint Protection Manager (SEPM)? A. by comparing the client's software version to the version on the SEPM B. by comparing the client's policy package size to the SEPM's policy package size C. by comparing the client's policy serial number to the SEPM's policy serial number "Pass Any Exam. Any Time." - www.actualtests.com 33
Ac
A. System Administrators, Partial Administrators, and Limited Administrators B. System Administrators, Administrators, and Limited Administrators C. Administrators, Partial Administrators, and Limited Administrators D. Administrators, Limited Administrators, and Report Administrators
tua
What are valid Symantec Endpoint Protection administrator types?
lTe
sts
.co
Symantec 250-311: Practice Exam D. by comparing the client's policy file permissions to the SEPM's policyfile permissions Answer: C
QUESTION NO: 105 When a firewall defends against a MAC spoof attack, what does it drop? A. ICMP response B. IP redirect C. gratuitous ARP D. trace route Answer: C
What is the function of WINS smart traffic filtering?
Answer: C
QUESTION NO: 107
The Symantec Endpoint Protection client creates a file or directory exclusion for all scans when it detects _________. A. Microsoft Exchange 2000 is installed B. Microsoft Outlook is installed C. Microsoft Vista is installed D. SQL Server is installed Answer: A
QUESTION NO: 108
Ac
tua
lTe
A. enables NetBIOS B. defines permitted WINS servers C. allows clients to access known WINS servers D. defines IP address range for permitted WINS servers
sts
.co
QUESTION NO: 106
34
Symantec 250-311: Practice Exam To enable TruScan Proactive Threat Scans, which Symantec Endpoint Protection technology must be installed? A. Network Access Control B. Network Threat Protection C. Antivirus and Antispyware D. Device Control Answer: C
QUESTION NO: 109 Lifeline Supply Company acquired a small company with two hundred employees. Multiple firewall rules, based on collections of client addresses, are required to allow the new organization access to company resources. What should be created to minimize the amount of time needed to create rules? A. a new Centralized Exception B. a new Host Group C. a new Network Service D. a new Management Server List Answer: B
QUESTION NO: 110
A. Application and Device Control B. LiveUpdate C. Centralized Exceptions D. Antivirus and Antispyware E. Intrusion Prevention Answer: B,C,D
QUESTION NO: 111 What is the purpose of the Group Update Provider? "Pass Any Exam. Any Time." - www.actualtests.com 35
Ac
Which three policies are created when you migrate from Symantec Antivirus Corporate Edition (SAVCE)? (Choose three.)
tua
lTe
sts
.co
Symantec 250-311: Practice Exam A. to conserve bandwidth when updating clients to the current Symantec Endpoint Protection client version B. to conserve bandwidth when updating Antivirus and Antispyware definitions C. to simplify administration when updating clients to current policies D. to simplify log file collection from clients when forwarding the latest client event logs Answer: B
QUESTION NO: 112 Which type of firewall is in Symantec Endpoint Protection? A. stateful B. proxy C. circuit level D. packet filtering Answer: A
QUESTION NO: 113
Answer: C
QUESTION NO: 114 An administrator creates an Application Control policy that prevents notepad.exe from being executed. After verifying the policy has been applied to the client, the administrator notices that the client can still execute notepad.exe. What is the most likely reason notepad.exe continues to start? A. Antivirus is disabled. B. The policy is configured in Test Mode. C. The policy is configured in Production Mode. "Pass Any Exam. Any Time." - www.actualtests.com 36
Ac
tua
A. applications spawned by a specific process B. applications running on a specific collision domain C. applications run by a specific client D. applications running on a specific port
lTe
Which criteria can be used when searching for an application?
sts
.co
Symantec 250-311: Practice Exam D. The firewall policy is unassigned. Answer: B
QUESTION NO: 115 When is a Group Update Provider helpful? A. when several clients at a location are unmanaged and have no local LiveUpdate server B. when there are more than 1,000 users connecting to a Symantec Endpoint Protection Manager in Pull Mode C. when several clients are located at a remote site with a slow WAN connection D. when you have more than 101 groups in the Symantec Endpoint Protection Manager
QUESTION NO: 116
Answer: B,E
QUESTION NO: 117
What are the three actions a user can take during an in-progress scheduled scan? (Choose three.) A. sleep B. stop C. pause D. wait E. snooze Answer: B,C,E
Ac
tua
A. It inspects encrypted network traffic. B. It evaluates process behavior. C. It uses malicious code detection signatures. D. It blocks attackers' IP addresses. E. It detects unknown threats
lTe
sts
Which two statements are true about Symantec Endpoint Protection TruScan Proactive Threat Scan? (Choose two.)
.co
Answer: C
37
Symantec 250-311: Practice Exam QUESTION NO: 118 Symantec Endpoint Protection Intrusion Prevention signatures are based on which standard? A. Digital Signature Standard B. Authenticode C. Regular Expressions D. SecurelD Answer: C
QUESTION NO: 119 By default, which three ports are used by the Symantec Endpoint Protection Manager? (Choose three.) A. 80 B. 443 C. 8080 D. 8443 E. 8636 F. 9090 Answer: A,D,F
QUESTION NO: 120
A. IP Address B. Domain C. Username D. BaseDN E. Password Answer: A,C,E
QUESTION NO: 121 Which group must you select within the Symantec Endpoint Protection Manager console to manually import an organizational unit structure from Active Directory? "Pass Any Exam. Any Time." - www.actualtests.com 38
Ac
When adding an Active Directory server to the Directory Servers tab in the Symantec Endpoint Protection Manager, which three parameters are required? (Choose three.)
tua
lTe
sts
.co
Symantec 250-311: Practice Exam A. Global B. Temporary C. Clients D. Sites Answer: A
QUESTION NO: 122 Lifeline Supply Company is upgrading to the latest version of Symantec Endpoint Protection. Management wants regular status reports on the clients deployed. How would you provide the reports on this progress? A. run a daily report using Audit Reports B. run a daily report using Computer Status Reports C. run a daily report using System Reports D. run a daily report using Scan Reports Answer: B
QUESTION NO: 123
Which firewall trigger can be used to allow access only for the approved vendor VPN? A. Service B. Host C. Adapter D. Application Answer: C
QUESTION NO: 124 You need to create a firewall rule that allows Internet Explorer to communicate to any website, but only on port 80 or 443. Which two triggers in the firewall rule should be used? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 39
Ac
tua
Lifeline Supply Company mandates that all employees use VPN connections from one vendor. Previously there were several different vendor VPNs used throughout the company.
lTe
sts
.co
Symantec 250-311: Practice Exam A. Adapter B. Application C. Logging D. Host E. Service Answer: B,E
QUESTION NO: 125 In Symantec Endpoint Protection, which default action is taken when security risks such as spyware, adware, hacking tools, remote access programs, and trackware are detected? A. log the detection event only B. delete the infected file C. block the source IP address D. quarantine the file locally Answer: D
QUESTION NO: 126
What is a valid option for a Symantec Endpoint Protection database backup? A. remote B. synthetic C. scheduled D. incremental Answer: C
QUESTION NO: 127 In the firewall included in Symantec Endpoint Protection, which methodology does the firewall use to determine precedence in rule evaluation? A. The rule with the most matched criteria receives priority. B. Priority is determined by the rule order. C. Rules with block actions receive priority. D. Rules with allow actions receive priority.
Ac
tua
lTe
sts
.co
40
Symantec 250-311: Practice Exam Answer: B
QUESTION NO: 128 Smart Filters for DHCP and DNS have been enabled on all clients. The administrator creates and assigns a firewall policy that blocks DNS for computers in the Sales Group. A. Both DHCP and DNS are blocked for Sales. B. Both DHCP and DNS are allowed for Sales. C. DHCP is allowed and DNS is blocked for Sales. D. DHCP is blocked and DNS is allowed for Sales. Answer: B
QUESTION NO: 129
Which traffic flow behavior should be expected on the local computer? A. Both FTP and LDAP traffic are allowed. B. Both FTP and LDAP traffic are blocked C. FTP is blocked and LDAP is allowed. D. FTP is allowed and LDAP is blocked Answer: A
QUESTION NO: 130 In the Symantec Endpoint Protection client interface, where can the user find the configuration options for TruScan Proactive Threat Scan? A. Advanced Protection Settings > TruScan > Options B. Network Threat Protection > TruScan > Change Settings C. Proactive Threat Protection > Options > Change Settings D. Antivirus and Antispyware Protection > Options > TruScan Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 41
Ac
tua
lTe
sts
A computer is configured in Mixed Control mode. The administrator creates and applies a firewall policy to the computer that has a rule that allows FTP traffic above the blue line and another rule that blocks LDAP traffic below the blue line. On the computer, local rules are created to allow LDAP traffic and block FTP.
.co
Symantec 250-311: Practice Exam
QUESTION NO: 131 Management wants to audit the network and report on infected computers. Which report type would you generate? A. Scan B. Audit C. Compliance D. Risk Answer: D
QUESTION NO: 132
You have tested your firewall rules and now want to turn off notifications for blocked applications.
Answer: B
Ac
tua
lTe
A. Monitors > Notifications B. Policies > Firewall policy C. Clients > Details tab D. Reports > Quick Reports
sts
Where can you do this?
.co
42

Practice Test: Symantec 250-311

Uploaded by

Copyright:

Available Formats

You might also like

Practice Test: Symantec 250-311

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Practice Test: Symantec 250-311

Uploaded by

Copyright:

Available Formats

Symantec 250-311

250-311 Admin for Symantec Endpoint Protection 11.0 for windows

"Pass Any Exam. Any Time." - www.actualtests.com

A. Desktops B. Laptops C. Group 1 D. Group A Answer: C

Symantec 250-311: Practice Exam D. send an alert to a client Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com

A. wildcards B. drive type C. username D. regular expressions E. port used by process

QUESTION NO: 18 "Pass Any Exam. Any Time." - www.actualtests.com 6

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 27 Refer to the exhibit.

Where is Tamper Protection enabled or disabled?

QUESTION NO: 29 You trigger on "Services" in a firewall rule.

A. physical B. network C. transport D. presentation

Which layer of the OSI model does this trigger analyze?

"Pass Any Exam. Any Time." - www.actualtests.com

What is one reason for disabling learned applications?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Symantec 250-311: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

A. Local Administrator B. Administrator C. Domain Administrator D. System Administrator

Symantec 250-311: Practice Exam Answer: C

What are three characteristics of external logging? (Choose three.)

Symantec 250-311: Practice Exam A. .XML B. .JDB C. .XDB D. .GRD Answer: B

When will Auto-Protect detect this infected file?

A. 1443 B. 2967 C. 8443 D. 9090

Symantec 250-311: Practice Exam D. tuning options Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

How can they accomplish this?

"Pass Any Exam. Any Time." - www.actualtests.com

A. by site B. by location C. on a per user basis D. on a per computer basis Answer: B

QUESTION NO: 70 Where can you edit a non-shared policy? A. Clients

"Pass Any Exam. Any Time." - www.actualtests.com

How does an administrator manage Client User Interface Control settings?

Symantec 250-311: Practice Exam B. Monitors C. Home D. Admin Answer: A

QUESTION NO: 72 On what can administrator authentication be based?

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 77 "Pass Any Exam. Any Time." - www.actualtests.com 24

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

A. policies B. firewall rules C. non-malware commercial applications D. IPS signatures E. decomposer

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

What does a client do when communicating in Pull Mode?

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 100

QUESTION NO: 103

What are valid Symantec Endpoint Protection administrator types?

What is the function of WINS smart traffic filtering?

QUESTION NO: 107

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 106

QUESTION NO: 110

QUESTION NO: 113