• Home
  • Articles
  • Latest Symantec 250-561 Exam questions and answers [Q32-Q55]

Latest Symantec 250-561 Exam questions and answers [Q32-Q55]

Share

Latest Symantec 250-561 Exam questions and answers

TestPDF 250-561 Exam Practice Test Questions (Updated 72 Questions)


Symantec 250-561 (Endpoint Security Complete - Administration R1) Certification Exam is designed to test the knowledge and skills of professionals who are responsible for the administration and management of Symantec Endpoint Protection. Endpoint Security Complete is a comprehensive security solution that provides protection against malware, viruses, spyware, and other threats. Endpoint Security Complete - Administration R1 certification exam validates the candidate's knowledge of the Endpoint Security Complete solution and their ability to administer and manage it effectively.

 

NEW QUESTION # 32
Which rule types should be at the bottom of the list when an administrator adds device control rules?

  • A. Specific "device model" rules
  • B. General "catch all" rules
  • C. General "brand defined" rules
  • D. Specific "device type" rules

Answer: A


NEW QUESTION # 33
What must an administrator check prior to enrolling an on-prem SEPM infrastructure into the cloud?

  • A. Clients are running SEP 14.2 or later
  • B. Clients are running SEP 14.0.1 or late
  • C. Clients are running SEP 14.1.0 or later
  • D. Clients are running SEP 12-6 or later

Answer: B


NEW QUESTION # 34
Which option should an administrator utilize to temporarily or permanently block a file?

  • A. Blacklist
  • B. Encrypt
  • C. Delete
  • D. Hide

Answer: A


NEW QUESTION # 35
An administrator is evaluating an organization's computers for an upcoming SES deployment. Which computer meets the pre-requisites for the SES client?

  • A. A computer running Windows 8 with 380 MB of disk space, 2 GB of RAM, and a 2.8 GHz Intel Pentium 4 processor
  • B. A computer running Mac OS X 10.8 with 500 MB of disk space, 4 GB of RAM, and an Intel Core 2 Duo 64-bit processor
  • C. A computer running Windows 10 with 400 MB of disk space, 2 GB of RAM, and a 2.4 GHz Intel Pentium 4 processor
  • D. A computer running Mac OS X 10.14 with 400 MB of disk space, 4 GB of RAM, and an Intel Core 2 Duo 64-bit processor

Answer: C


NEW QUESTION # 36
Which term or expression is utilized when adversaries leverage existing tools in the environment?

  • A. file-less attack
  • B. living off the land
  • C. opportunistic attack
  • D. script kiddies

Answer: D


NEW QUESTION # 37
Which report template type should an administrator utilize to create a daily summary of network threats detected?

  • A. Intrusion Prevention Report
  • B. Network Risk Report
  • C. Blocked Threats Report
  • D. Access Violation Report

Answer: D


NEW QUESTION # 38
Which two (2) scan range options are available to an administrator for locating unmanaged endpoints? (Select two)

  • A. IP range within network
  • B. IP range within subnet
  • C. Entire Subnet
  • D. Subnet Range
  • E. Entire Network

Answer: A,D


NEW QUESTION # 39
What happens when an administrator blacklists a file?

  • A. The file is assigned to the Blacklist task list
  • B. The file is assigned to the default Blacklist policy
  • C. The file is automatically quarantined
  • D. The file is assigned to a chosen Blacklist policy

Answer: A


NEW QUESTION # 40
Which two (2) steps should an administrator take to guard against re-occurring threats? (Select two)

  • A. Confirm that daily active and weekly full scans take place on all endpoints
  • B. Add endpoints to a high security group and assign a restrictive Antimalware policy to the group
  • C. Verify that all endpoints receive scheduled Live-Update content
  • D. Quarantine affected endpoints
  • E. Use Power Eraser to clean endpoint Windows registries

Answer: D,E


NEW QUESTION # 41
What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

  • A. An email with the SES_setup.zip file attached
  • B. An email with link to register on the ICDm user portal
  • C. An email with a link to directly download the SES client
  • D. An email with a link to a KB article explaining how to install the SES Agent

Answer: B


NEW QUESTION # 42
Which two (2) options is an administrator able to use to prevent a file from being fasely detected (Select two)

  • A. Add the file to a Whitelist policy
  • B. Reduce the Intensive Protection setting of the Antimalware policy
  • C. Assign the file a SHA-256 cryptographic hash
  • D. Register the file with Symantec's False Positive database
  • E. Rename the file

Answer: A,D


NEW QUESTION # 43
Which SES advanced feature detects malware by consulting a training model composed of known good and known bad fries?

  • A. Reputation
  • B. Artificial Intelligence
  • C. Signatures
  • D. Advanced Machine Learning

Answer: D


NEW QUESTION # 44
Which SES feature helps administrator apply policies based on specific endpoint profiles?

  • A. Device Profiles
  • B. Device Groups
  • C. Policy Groups
  • D. Policy Bundles

Answer: C


NEW QUESTION # 45
Which file should an administrator create, resulting Group Policy Object (GPO)?

  • A. Symantec__Agent_package_x64.exe
  • B. Symantec__Agent_package_x64.zip
  • C. Symantec__Agent_package_x64.msi
  • D. Symantec__Agent_package__32-bit.msi

Answer: D


NEW QUESTION # 46
Which framework, open and available to any administrator, is utilized to categorize adversarial tactics and for each phase of a cyber attack?

  • A. MITRE ADV&NCE
  • B. MITRE ATT&CK
  • C. MITRE RESPONSE
  • D. MITRE ATTACK MATRIX

Answer: A


NEW QUESTION # 47
Which SES security control protects against threats that may occur in the Impact phase?

  • A. Device Control
  • B. Antimalware
  • C. IPS
  • D. Firewall

Answer: D


NEW QUESTION # 48
Which communication method is utilized within SES to achieve real-time management?

  • A. Long polling
  • B. Push Notification
  • C. Standard polling
  • D. Heartbeat

Answer: B


NEW QUESTION # 49
The ICDm has generated a blacklist task due to malicious traffic detection. Which SES component was utilized to make that detection?

  • A. Firewall
  • B. Reputation
  • C. Antimalware
  • D. IPS

Answer: C


NEW QUESTION # 50
A user downloads and opens a PDF file with Adobe Acrobat. Unknown to the user, a hidden script in the file begins downloading a RAT.
Which Anti-malware engine recognizes that this behavior is inconsistent with normal Acrobat functionality, blocks the behavior and kills Acrobat?

  • A. Sapient
  • B. IPS
  • C. SONAR
  • D. Emulator

Answer: A


NEW QUESTION # 51
Which dashboard should an administrator access to view the current health of the environment?

  • A. The Security Control Dashboard
  • B. The Device Integrity Dashboard
  • C. The Antimalware Dashboard
  • D. The SES Dashboard

Answer: A


NEW QUESTION # 52
Which type of organization is likely to be targeted with emerging threats?

  • A. Large organizations with dedicated security teams
  • B. Large organization with high turnover
  • C. Small organization with little qualified staff
  • D. Small organization with externalized managed security

Answer: C


NEW QUESTION # 53
An administrator learns of a potentially malicious file and wants to proactively prevent the file from ever being executed.
What should the administrator do?

  • A. Add the filename and SHA-256 hash to a Blacklist policy
  • B. Add the file SHA1 to a blacklist policy
  • C. Increase the Antimalware policy Intensity to Level 5
  • D. Adjust the Antimalware policy age and prevalence settings

Answer: D


NEW QUESTION # 54
In the ICDm, administrators are assisted by the My Task view. Which automation type creates the tasks within the console?

  • A. Administrator defined rules
  • B. Artificial Intelligence
  • C. Machine Learning
  • D. Advanced Machine Learning

Answer: B


NEW QUESTION # 55
......


Symantec 250-561 Exam is a vendor-specific certification exam that is recognized by Symantec Corporation. Endpoint Security Complete - Administration R1 certification is intended for IT security professionals who want to demonstrate their expertise in managing and administering Symantec Endpoint Protection solutions. Endpoint Security Complete - Administration R1 certification is also useful for professionals who want to enhance their career prospects and improve their earning potential.


Symantec 250-561 (Endpoint Security Complete - Administration R1) Exam is a certification exam that tests the skills and knowledge of professionals who are responsible for administering endpoint security solutions in their organization. 250-561 exam is designed to validate the expertise of individuals in configuring and managing Symantec Endpoint Protection technologies, including Symantec Endpoint Protection Cloud, Symantec Endpoint Protection Small Business Edition, and Symantec Endpoint Protection.

 

Pass Your Symantec Exam with 250-561 Exam Dumps: https://pass4sure.testpdf.com/250-561-practice-test.html

Related Articles

more
Symantec 250-561 Certification Practice Exam