250-441 Online Practice Questions and Answers

Which SEP technologies are used by ATP to enforce the blacklisting of files?

A. Application and Device Control

B. SONAR and Bloodhound

C. System Lockdown and Download Insight

D. Intrusion Prevention and Browser Intrusion Prevention

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

A. Capture

B. Incursion

C. Discovery

D. Exfiltration

What is the main constraint an ATP Administrator should consider when choosing a network scanner model?

A. Throughput

B. Bandwidth

C. Link speed

D. Number of users

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Koobface

B. Brain

C. Flamer

D. Creeper

An Incident Responder observes an incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization's suppliers. The organization needs access to the site to continue placing orders. ATP: Network is configured in Inline Block mode.

How should the Incident Responder proceed?

A. Whitelist the domain and close the incident as a false positive

B. Identify the pieces of malware and blacklist them, then notify the supplier

C. Blacklist the domain and IP of the attacking site

D. Notify the supplier and block the site on the external firewall

Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager? (Choose two.)

A. Administrator

B. Controller

C. User

D. Incident Responder

E. Root

Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?

A. Recover

B. Protect

C. Respond

D. Identify

Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM) web services?

A. 8446

B. 8081

C. 8014

D. 1433

Which threat is an example of an Advanced Persistent Threat (APT)?

A. ILOVEYOU

B. Conficker

C. MyDoom

D. GhostNet

An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.

Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)

A. Report the users to their manager for unauthorized usage of company resources

B. Blacklist the domains and IP associated with the malicious traffic

C. Isolate the endpoints

D. Blacklist the endpoints

E. Find and blacklist the P2P client application