250-438 Online Practice Questions and Answers

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a "copy to USB device" operation?

A. Add a "Limit Incident Data Retention" response rule with "Retain Original Message" option selected.

B. Modify the agent config.db to include the file

C. Modify the "Endpoint_Retain_Files.int" setting in the Endpoint server configuration

D. Modify the agent configuration and select the option "Retain Original Files"

Under the "System Overview" in the Enforce management console, the status of a Network Monitor detection server is shown as "Running Selected." The Network Monitor server's event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

A. There is insufficient disk space on the Network Monitor server.

B. The Network Monitor server's certificate is corrupt or missing.

C. The Network Monitor server's license file has expired.

D. The Enforce and Network Monitor servers are running different versions of DLP.

Which option correctly describes the two-tier installation type for Symantec DLP?

A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate this report?

A. Custom attributes

B. Status attributes

C. Sender attributes

D. User attributes

What detection technology supports partial contents matching?

A. Indexed Document Matching (IDM)

B. Described Content Matching (DCM)

C. Exact Data Matching (EDM)

D. Optical Character Recognition (OCR)

A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

A. Change the "Ignore requests Smaller Than" value to 1

B. Add the filename to the Inspect Content Type field

C. Change the "PacketCapture.DISCARD_HTTP_GET" value to "false"

D. Uncheck trial mode under the ICAP tab

Which action is available for use in both Smart Response and Automated Response rules?

A. Log to a Syslog Server

B. Limit incident data retention

C. Modify SMTP message

D. Block email message

A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards.

Which feature should a third party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

A. Export incidents using the CSV format

B. Incident Reporting and Update API

C. Incident Data Views

D. A Web incident extraction report

What detection technology supports partial row matching?

A. Vector Machine Learning (VML)

B. Indexed Document Matching (IDM)

C. Described Content Matching (DCM)

D. Exact Data Matching (EDM)

Which service encrypts the message when using a Modify SMTP Message response rule?

A. Network Monitor server

B. SMTP Prevent

C. Enforce server

D. Encryption Gateway