Filters
Question type
Study Flashcards

The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM) . How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive xdelta content packages instead of full content packages?


A) 10
B) 20
C) 30
D) 60

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

A Symantec Endpoint Protection 12.1 administrator has the Virus and Spyware Protection policy configured with Auto-Protect enabled. The administrator is confronted with computer performance issues. Which two options can the administrator use to improve performance? (Select two.)


A) Enable the option to Trust Files on Remote Computers Running Auto-Protect.
B) Enable the Risk Tracer option.
C) Edit the autoprotect.xml and increase the cache value.
D) Enable the option of Network Cache.
E) Enable the Preserve File Times option.

F) B) and D)
G) A) and E)

Correct Answer

verifed

verified

Which tool should an administrator use to discover and deploy the Symantec Endpoint Protection client to new computers?


A) Unmanaged Detector
B) Client Deployment Wizard
C) Communication Update Package Deployment
D) Symantec Endpoint Discovery Tool

E) B) and D)
F) B) and C)

Correct Answer

verifed

verified

A Symantec Endpoint Protection 12.1 (SEP) administrator suspects that newly arrived computers are infected with a virus. Which steps should the administrator take when installing the SEP client on the new computers?


A) Choose the Evaluate before installation SEP client feature set.
B) Install an unmanaged client first, then install a managed client after the virus is removed.
C) Install Norton Removal Tool, then install the SEP client.
D) Run Power Eraser, then install the SEP client.

E) A) and C)
F) B) and C)

Correct Answer

verifed

verified

A company is building a new Symantec Endpoint Protection Manager and is setting the remediation actions for threats in the Virus and Spyware Protection policy. For security risks, the first action is set to Repair and the second action is Quarantine. In this environment, Symantec Endpoint Protection 12.1 (SEP) has been deployed to a small group of clients for testing. Which condition would cause Auto-Protect to stop sending notifications and stop logging the event after three detections?


A) A client continuously downloads the same security risk.
B) File System Auto Protect is malfunctioning on the SEP Client.
C) SEP services on the client are stopped.
D) SEP is unable to read virus definitions.

E) C) and D)
F) B) and C)

Correct Answer

verifed

verified

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute. What is the likely cause of the problem?


A) The application has been upgraded.
B) The Application and Device Control policy is in test mode.
C) A file exception has been added to the Exceptions policy.
D) The Application and Device Control policy is allowing the file to execute.

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

A customer is downloading newly-created company files from an internal website and is being blocked by Download Insight based on reputation. How can the customer prevent this?


A) Change the minimum number of days in the Download Insight settings.
B) Change the minimum number of users in the Download Insight settings.
C) Increase the sensitivity slider in the Download Insight settings.
D) Enable the option to trust files downloaded from an intranet website in the Download Insight settings.

E) B) and D)
F) None of the above

Correct Answer

verifed

verified

D

Which object in the Symantec Endpoint Protection Manager console describes the most granular level to which a policy can be assigned?


A) Group
B) Computer
C) User
D) Client

E) None of the above
F) A) and B)

Correct Answer

verifed

verified

Immediately after installation, what does a managed client do to contact the Symantec Endpoint Protection Manager (SEPM) ?


A) Initiate communication on port 80.
B) Initiate communication on port 8014.
C) Initiate communication on port 8445.
D) Wait for the SEPM if in Push mode.

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment. What will the tool do when it is run on each system?


A) Run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions
B) Disable Tamper Protect and deploys a Sylink.xml
C) Add a new Extended File Attribute value to all existing files
D) Remove unique Hardware IDs and GUIDs from the system

E) B) and D)
F) B) and C)

Correct Answer

verifed

verified

A Symantec Endpoint Protection 12.1 (SEP) administrator is remotely deploying SEP clients, but the clients are failing to install on Windows XP. Which two could be preventing installation? (Select two.)


A) Clients are members of a Windows domain and have Windows firewall enabled.
B) Clients are members of a Windows domain and have Windows firewall disabled.
C) Clients are members of a workgroup and simple file sharing is disabled.
D) Clients are members of a workgroup and simple file sharing is enabled.
E) Clients are members of a Windows domain and have a DHCP address.

F) B) and E)
G) B) and C)

Correct Answer

verifed

verified

Which setting can an administrator change that will result in the greatest impact on the speed of delivery of Symantec Endpoint Protection policy changes to the endpoints?


A) Download randomization
B) Heartbeat interval
C) LiveUpdate scheduling frequency
D) Reconnection preferences

E) A) and C)
F) A) and D)

Correct Answer

verifed

verified

D

An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat. Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?


A) Risk log
B) Computer Status report
C) Notifications
D) Infected and At Risk Computers report

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

A company has multiple offices and is unsure whether to use the Symantec Endpoint Protection Manager (SEPM) or the Group Update Provider (GUP) at the offices. When should the company use the SEPM rather than the GUP?


A) when the site has a local Windows server
B) when the site has a large number of clients
C) when the site has a low bandwidth network connection
D) when the site has more than one subnet

E) C) and D)
F) B) and D)

Correct Answer

verifed

verified

The fake antivirus family "PC scout" infects systems with a similar method regardless of its variant.  Which SONAR sub-feature can block new variants of the same family, based on sequence of events?


A) artificial intelligence
B) behavioral heuristic
C) human authored signatures
D) behavioral policy lockdown

E) B) and C)
F) None of the above

Correct Answer

verifed

verified

Which command attempts to find the name of the drive in the private region and to match it to a disk media record that is missing a disk access record?


A) vxdisk
B) vxdctl
C) vxreattach
D) vxrecover

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

C

In which client management log can an administrator identify when the client last connected to the Symantec Endpoint Protection Manager?


A) Compliance
B) Audit
C) System
D) Event

E) None of the above
F) A) and C)

Correct Answer

verifed

verified

What is a function of Symantec Insight?


A) provides reputation ratings for structured data
B) enhances the capability of Group Update Providers (GUP)
C) increases the efficiency and effectiveness of LiveUpdate
D) provides reputation ratings for binary executables

E) B) and D)
F) A) and D)

Correct Answer

verifed

verified

When can an administrator add a new replication partner?


A) immediately following the first LiveUpdate session of the new site
B) during a Symantec Endpoint Protection Manager upgrade
C) during the initial install of the new site
D) immediately following a successful Active Directory sync

E) All of the above
F) None of the above

Correct Answer

verifed

verified

When can an administrator delete a location?


A) when location awareness has been turned off
B) when the group has inheritance turned off
C) when all clients are moved from the group
D) when the policy has been withdrawn

E) B) and D)
F) A) and D)

Correct Answer

verifed

verified

Showing 1 - 20 of 165

Related Exams

Exam 2

Administration of Symantec Email Security.cloud (v1)

113 Questions

Exam 3

Administration of Symantec Data Loss Prevention 12 (Broadcom)

98 Questions

Exam 4

Administration of Symantec ProxySG 6.7

138 Questions

Exam 5

Symantec Messaging Gateway 10.5 Technical Assessment (Broadcom)

409 Questions

Show Answer