250-428 Practice Exam Questions with Answers Administration of Symantec Endpoint Protection 14 Certification

Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.

What is the quickest way an administrator can restore the environment to its original state?

Which two options are supported Symantec Endpoint Manager authentication types? (Select two.)

Which command attempts to find the name of the drive in the private region and to match it to a disk media record that is missing a disk access record?

A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A Symantec Endpoint Protection administrator has set a one hour damper period for that notification condition.

How many notifications does the administrator receive after 30 computers are infected in two hours?

Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to minimize the amount of traffic from content passing through the firewall.

Which source must the administrator avoid using?

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.

What is the likely cause of the problem?

What optional Symantec Endpoint Protection component could an administrator utilize if an organization requires custom reports and queries?

A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SET Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process.

What is the most likely reason?

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.

Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.

Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

When can an administrator add a new replication partner?

A company deploys Symantec Endpoint Protection (SEP) to50 virtual machines running on a single ESXi host.

Which configuration change can the administrator make to minimize sudden IOPS impact on the ESXi server while each SEP endpoint communicates with the Symantec Endpoint Protection Manager?

Which two options are available when configuring DNS change detections for SONAR? (Select two.)