Deck 1: Administration of Symantec Endpoint Protection 14 (Broadcom)

A) 25, 80, and 2967
B) 2967, 8014, and 8443
C) 21, 443, and 2967
D) 21, 80, and 443

A) The SIC server allocates additional memory for the whitelist as needed.
B) The SIC server will start writing the cache to disk.
C) The SIC server will remove the least recently used items based on the prune size.
D) The SIC server will remove items with the fewest number of votes.

A) Microsoft Active Directory
B) MS-CHAP
C) RSA SecurID
D) Biometrics
E) Network Access Control

A) Host Integrity Policy
B) Virus and Spyware Protection Policy
C) Exceptions Policy
D) Application and Device Control Policy

A) increase Download Insight sensitivity level
B) reduce the heartbeat interval
C) increase download randomization window
D) reduce number of content revisions to keep

A) vxdisk
B) vxdctl
C) vxreattach
D) vxrecover

A) Groups
B) Domains
C) Sites
D) Locations

A) specific content revision to download from a Group Update Provider (GUP)
B) specific content policies to download
C) Linux Settings
D) frequency to download content

A) Push mode
B) Client Deployment Wizard
C) Pull mode
D) Unmanaged Detector

A) set Disable antivirus alert within Windows Security Center to Disable
B) set Disable antivirus alert within Windows Security Center to Never
C) set Disable Windows Security Center to Disable
D) set Disable Windows Security Center to Always

A) all Windows 2012 Servers in the Default Group
B) only VMware Servers in the Default Group
C) all Windows 2012 Servers and all Virtualized Servers in the Default Group
D) only Windows 2012 Servers that are Virtualized in the Default Group

A) Intrusion Prevention is disabled.
B) Local intranet zone is configured incorrectly on the Windows clients browser settings.
C) Local intranet zone is configured incorrectly on the Mac clients browser settings.
D) Virus and Spyware Definitions are out of date.

A) The client chooses another server in the list randomly.
B) The client chooses a server based on the lowest server load.
C) The client chooses a server with the next highest IP address.
D) The client chooses the next server alphabetically by server name.

A) create a Tamper Protect exception for the tool
B) create an Application to Monitor exception for the tool
C) create a Known Risk exception for the tool
D) create a SONAR exception for the tool

A) Download randomization
B) Heartbeat interval
C) LiveUpdate scheduling frequency
D) Reconnection preferences

A) 10
B) 20
C) 30
D) 60

A) Windows firewall is enabled.
B) Internet Connection firewall is disabled.
C) Administrative file shares are enabled.
D) Simple file sharing is enabled.
E) Clients are configured for DHCP.

A) The Learn applications that run on the client computers setting is disabled.
B) The client computers already have exclusions for the applications.
C) The Symantec Endpoint Protection Manager is installed on a Domain Controller.
D) The clients are in a trusted Symantec Endpoint Protection domain.

A) Push mode
B) Client control mode
C) Server control mode
D) Pull mode

A) Subnet
B) Network Services
C) Application Protocol
D) DNS Domain
E) Network Adapters

A) encrypted on the Symantec Endpoint Protection Manager
B) unencrypted on the Symantec Endpoint Protection Manager
C) encrypted on the Symantec Endpoint Protection client
D) unencrypted on the Symantec Endpoint Protection client

A) The application has been upgraded.
B) The Application and Device Control policy is in test mode.
C) A file exception has been added to the Exceptions policy.
D) The Application and Device Control policy is allowing the file to execute.

A) Restart Client Computer
B) Update Content and Scan
C) Enable Network Threat Protection
D) Enable Download Insight

A) Download Insight, Firewall, IPS
B) Firewall, IPS, Download Insight
C) IPS, Firewall, Download Insight
D) Download Insight, IPS, Firewall

A) in the firewall policy, under Protection and Stealth
B) in the firewall policy, under Built in Rules
C) in the group policy, under External Communication Settings
D) in the group policy, under Communication Settings

A) replace the file with a place holder
B) check the reputation
C) store in Quarantine folder
D) send the file to Symantec Insight
E) encrypt the file

A) Enable Network Cache in the client's Virus and Spyware Protection policy
B) Add the applicable server to a trusted host group
C) Create a Firewall allow rule for the server's IP address
D) Enable download randomization in the client group's communication settings

A) a file and folder exception in the Exception policy
B) an application rule set in the Application and Device Control policy
C) a file fingerprint list and System Lockdown
D) the Tamper Protection settings for the client folder

A) remote server IP Address and port
B) remote site Encryption Password
C) remote site Domain ID
D) remote server Administrator credentials
E) remote SQL database account credentials

A) when the computer reboots
B) when the user restarts the scan
C) at the next scheduled scan period
D) within the next hour

A) TCP resequencing
B) Smart DHCP
C) Reverse DNS Lookup
D) Smart WINS

A) Tamper Protection is preventing Notepad from modifying the host file.
B) SONAR is set to block host file modifications.
C) System Lockdown is enabled.
D) SONAR High Risk detection is set to Block.

A) immediately following the first LiveUpdate session of the new site
B) during a Symantec Endpoint Protection Manager upgrade
C) during the initial install of the new site
D) immediately following a successful Active Directory sync

A) allow unknown files to be downloaded with Insight
B) prevent programs from running
C) prevent AntiVirus from scanning a file
D) allow files to bypass Intrusion Prevention detection

A) The block rule is below the blue line.
B) The server has an IPS exception for that traffic.
C) Peer-to-peer authentication is allowing the traffic.
D) The server is in the IPS policy excluded hosts list.

A) Change the LiveUpdate schedule
B) Change the Administrator-defined scan schedule
C) Disable Allow user-defined scans to run when the scan author is logged off
D) Disable Run an Active Scan when new definitions arrive

A) The deleted file may still be in the Recycle Bin.
B) IT Analytics may keep a copy of the file for investigation.
C) False positives may delete legitimate files.
D) Insight may back up the file before sending it to Symantec.
E) A copy of the threat may still be in the quarantine.

A) Block
B) Active Response
C) Quarantine
D) Log
E) Trace

A) sensitivity
B) prevalence
C) confidentiality
D) content
E) age

A) Insight
B) SONAR
C) Risk Tracer
D) Intrusion Prevention

A) Each domain has its own management server and database.
B) Every administrator from one domain can view data in other domains.
C) Data for each domain is stored in its own separate SEP database.
D) Domains share the same management server and database.

A) reset forgotten passwords
B) import organizational units (OU) from Active Directory
C) configure external logging
D) enable Session Based Authentication with Web Services

A) to leverage Symantec Insight
B) to validate root certificates on all portable executables (PXE) files
C) to ensure the Power Eraser tool is the latest release
D) to look up CVE vulnerabilities

A) build a new site and configure replication with the still functioning SEPM
B) install a new SEPM into the existing site
C) clone the still functioning SEPM and change the server.properties file
D) reinstall the entire SEPM environment

A) -s "silent"
B) -t "Tamper Protect"
C) -r "reboot"
D) -p "password"

A) Group
B) Computer
C) User
D) Client

A) collectLog.cmd
B) DBValidator.bat
C) LogExport.cmd
D) Upgrade.exe

A) EmbeddeD. Using the Sybase SQL Anywhere database that comes with the product
B) On SEPM: Installing Microsoft SQL on the same server as the SEPM
C) External to SEPM: Using a preexisting Microsoft SQL server in the environment
D) EmbeddeD. Using the Microsoft SQL database that comes with the product

A) wait 15 minutes and attempt to log on again
B) restore the SEPM from a backup
C) run the Management Server and Configuration Wizard to reconfigure the server
D) reinstall the SEPM

A) provides reputation ratings for structured data
B) enhances the capability of Group Update Providers (GUP)
C) increases the efficiency and effectiveness of LiveUpdate
D) provides reputation ratings for binary executables

A) SONAR
B) Intrusion Prevention
C) Tamper Protection
D) Application and Device Control

A) 1
B) 2
C) 6
D) 15

A) allow users to save credentials when logging on
B) delete clients that have not connected for specified time
C) lock account after the specified number of unsuccessful logon attempts
D) allow administrators to reset the passwords

A) Application Learning can generate increased false positives.
B) Application Learning should be deployed on a small group of systems in the enterprise.
C) Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.
D) Application Learning requires a file fingerprint list to be created in advance.
E) Application Learning is dependent on Insight.

A) Application and Device Control
B) SONAR
C) TruScan
D) Host Integrity

A) uploads logs to the Shared Insight Cache
B) sends and receives application reputation ratings from LiveUpdate
C) downloads virus content updates from Symantec Insight
D) provides a Lotus Notes email scanner

A) settings.conf
B) conf.properties
C) catalina.out
D) httpd.conf

A) Run Microsoft SysPrep and removes all AntiVirus/AntiSpyware definitions
B) Disable Tamper Protect and deploys a Sylink.xml
C) Add a new Extended File Attribute value to all existing files
D) Remove unique Hardware IDs and GUIDs from the system

A) lower the Security Status thresholds
B) raise the Security Status thresholds
C) change the Notifications setting to "Show all notifications"
D) change the Action Summary display to "By number of computers"

A) Client User Interface Control Settings
B) Overview in Firewall Policy
C) Settings in Intrusion Prevention Policy
D) System Lockdown in Group Policy

A) Restart the client system
B) Run a command on the computer to Update Content
C) Enable the padlock next to the setting in the policy
D) Withdraw the Virus and Spyware Protection policy

A) Symantec Endpoint Protection Manager
B) Group Update Provider (GUP)
C) Internal LiveUpdate server
D) Default Management server
E) Symantec LiveUpdate server

A) Virus and Spyware definitions
B) File Fingerprint list
C) Symantec Insight
D) Extended File Attributes (EFA) table

A) The LiveUpdate Settings policy for this group should be modified to use an Explicit Group Update Provider.
B) The LiveUpdate Content policy for this group should be modified to use a specific definition revision.
C) The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 1.
D) The SEPM site LiveUpdate settings should be modified so the Number of content revisions to keep is set to 14.

A) edit site.properties and change the port to 443
B) restart the Symantec Endpoint Protection Manager Webserver service
C) change the default certificates on the SEPM and reboot
D) change the Management Server List and enable HTTPs
E) change the port in Clients > Group > Policies > Settings > Communication Settings and force the clients to reconnect

A) SONAR settings in the Virus and Spyware Protection policy
B) System Lockdown Whitelist in the Application and Device Control policy
C) Insight settings in the Virus and Spyware Protection policy
D) File Cache settings in the Virus and Spyware Protection policy

A) Risk Tracer
B) Terminate Processes Automatically
C) Early Launch Anti-Malware Driver
D) Stop Service Automatically
E) Stop and Reload AutoProtect

A) Virtual Image exceptions
B) Centralized Scan exceptions
C) Download Insight
D) Tamper Protection

A) Parent Process
B) Browser Object
C) MAC Address
D) Trusted Web Domain

A) Tamper protection is enabled.
B) System Lockdown is enabled.
C) Application and Device Control is configured.
D) The padlock on the enable Auto-Protect option is locked.

A) Risk Log
B) System Log
C) SesmLu.log
D) Log.LiveUpdate

A) create a file exception for "RunMe.exe" with a Prefix Variable of [USERNAME]
B) create a file exception for "[Drive]:\Users\Bob\My Documents\RunMe.exe"
C) create a file exception for "*\RunMe.exe"
D) create a file exception for "RunMe.exe" with a Prefix Variable of %USERPROFILE%

A) -force
B) -k
C) -f
D) -assign

A) create three shift policies for the Bristol group
B) create a group for each shift of users in the Bristol group
C) turn on inheritance for all groups in England
D) turn on Active Directory integration
E) modify the B_Desktops policy

A) Unmanaged Detector
B) Client Deployment Wizard
C) Communication Update Package Deployment
D) Symantec Endpoint Discovery Tool

A) Application and Device Control
B) Firewall
C) Locations
D) IPS
E) Download Insight

A) quarantines the process
B) blocks suspicious behavior
C) reboots the system
D) checks the reputation of the process

A) Risk log
B) Computer Status report
C) Notifications
D) Infected and At Risk Computers report

A) Network Shared Insight Cache
B) Virtual Image Exception
C) Scan Randomization
D) Virtual Shared Insight Cache