Administration of Symantec Advanced Threat Protection 3.0 (250-441) Free Practice Test

Question 1

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

A. Delete threat artifacts from the environment

B. Blacklist any suspicious files found in the environment

C. Isolate infected endpoints to a quarantine network

D. Rejoin healthy endpoints back to the network

E. Submit any suspicious files to Cynic

Correct Answer: A,B

Question 2

A network control point discovered a botnet phone-home attempt in the network stream.
Which detection method identified the event?

A. Insight

B. Vantage

C. Cynic

D. Antivirus

Correct Answer: D

Question 3

What is the second stage of an Advanced Persistent Threat (APT) attack?

A. Capture

B. Incursion

C. Discovery

D. Exfiltration

Correct Answer: B

Question 4

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

A. Detonation/sandbox

B. Network detection component

C. Reputation-based security

D. Event correlation

Correct Answer: A

Question 5

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.
Which two objects in the STIX report will ATP search against? (Choose two.)

A. Registry entry

B. SHA-1 hash

C. SHA-256 hash

D. MD5 hash

E. MAC address

Correct Answer: C,D

Question 6

How does an attacker use a zero-day vulnerability during the Incursion phase?

A. To deliver malicious code that breaches the target

B. To perform a SQL injection on an internal server

C. To extract sensitive information from the target

D. To perform network discovery on the target

Correct Answer: A

Question 7

An Incident responder added a files NDS hash to the blacklist.
Which component of SEP enforces the blacklist?

A. System Lockdown

B. Bloodhound

C. Intrusion Prevention

D. SONAR

Correct Answer: A

Question 8

Which two questions can an Incident Responder answer when analyzing an incident in ATP? (Choose two.)

A. Is the organization being attacked by this external entity repeatedly?

B. Does the organization need to do a healthcheck in the environment?

C. Do ports need to be blocked or opened on the firewall?

D. Does a risk assessment need to happen in the environment?

E. Are certain endpoints being repeatedly attacked?

Correct Answer: D,E

Question 9

What is the minimum amount of RAM required for a virtual deployment of the ATP Manager in a production environment?

A. 64 GB

B. 32GB

C. 48 GB

D. 16 GB

Correct Answer: C

Question 10

Which two actions an Incident Responder take when downloading files from the ATP file store? (Choose two.)

A. Analyze suspicious code with Cynic

B. Double-click to open the files

C. Email the files to Symantec Technical Support

D. Submit the files to Security Response

E. Diagnose the files as a threat based on the file names

Correct Answer: A,B

Welcome to TestSimulate

Symantec Administration of Symantec Advanced Threat Protection 3.0 (250-441) Free Practice Test