Deck 5: Symantec Messaging Gateway 10.5 Technical Assessment (Broadcom)

A) Set the "Ownership Rule" to "Department Precedence"
B) Set the "Automatic Updating" of the Organizational Hierarchies
C) Set the "Ownership Style" to "Multiple" or "Multiple with Warning"
D) Set the "Ownership Details" to the "Edit View" for each asset type

A) Shut down computer after remediation
B) Allow immediate restart if required
C) Delay until the next software update cycle
D) Log off user after remediation

A) Configure and run the Software Portal Settings policy to update existing Managed Software Delivery policies with default settings
B) Configure the Software Catalog Item task to specify standardized settings for newly created Managed Software Delivery policies
C) Update the Managed Delivery Settings policy to define standard default settings for new Managed Delivery policies
D) Enable the Software Product Recalculation Schedule task to update existing Managed Software Delivery policies with predefined settings

A) User
B) Report
C) Policy
D) Data class

A) Four site servers
B) Two site servers
C) One site server
D) Three site servers

A) Contract's Assigned User
B) Covered Hardware
C) Contract's Location
D) Start and End Date
E) Internal Reference

A) Agent Registration policy
B) Global Agent Settings policy
C) Maintenance Window policy
D) Targeted Agent Settings policy

A) Notification Server and Symantec Management Agent
B) Symantec Management Console and Internet Gateway
C) Symantec Management Console and Symantec Management Agent
D) Notification Server and Internet Gateway

A) https://SiteServer/Altiris/ClientTaskServer/
B) https://SiteServer/Symantec/TaskServer/
C) https://SiteServer/Altiris/TaskServer/
D) https://SiteServer/ClientTaskServer/

A) Internal Reference
B) Start Date and End Date
C) Covered Hardware
D) Contract's Assigned User
E) Contract's Location

A) Configure SQL database privileges for the role.
B) Configure Notification Server permissions for the role.
C) Configure SQL database permissions for the role.
D) Configure Notification Server privileges for the role.

A) Data source, field, grid, and results
B) Data source, views, parameters, and drilldowns
C) Object, field, query, and results
D) Views, chart, grid, and drilldowns

A) Site Server
B) Notification Server
C) Internet Gateway
D) Symantec Management Agent

A) It requests a policy update from the Notification Server.
B) It sends its list of package download locations to the Package Server.
C) It requests task information from a Task Server.
D) It sends basic inventory information to the Notification Server.

A) Before the installation of the Symantec Management Platform or subsequent solutions are completed
B) During the first-time installation of the Symantec products
C) After the installation of the Symantec Management Platform or subsequent solutions are completed
D) While in the Symantec Management Console by choosing Settings > All settings > Notification Server Backup
E) In the Symantec Management Console under Home > First time setup

A) Cubes
B) Reports
C) Standard report builder
D) Dashboards

A) Single Notification Server
B) 1 x 6 Hierarchy
C) 1 x 2 Hierarchy
D) Two standalone Notification Servers

A) Deployment Solution
B) Monitor Solution
C) Workspace Virtualization
D) Real Time System Manager

A) Configure NBS to respond to a known list of MAC addresses and deploy the images only to the new systems.
B) Deploy an Automation Folder to the new computers to prepare them for imaging.
C) Import the list of new computers into the Management Console and assign an imaging task.
D) Use an Initial Deployment Event to distribute the image as the computers boot to the network.

A) Configure Site Management settings so that each organizational group downloads the software update installation files from a different package server
B) Create clones of the Default Software Update Plug-in Policy and modify the target in each policy
C) Configure an automation policy that periodically disables the Software Update Plug-in by organizational group
D) Create clones of the Windows Patch Remediation Settings and modify the target in each policy

A) Altiris Perfmon
B) Altiris Profiler
C) Altiris Event Viewer
D) Altiris Log Viewer

A) Certificate Roll-Out
B) Communication Profile
C) Credentials Profile
D) Automation Rule

A) Global Agent Settings policies
B) Agent Registration policies
C) Targeted Agent Settings policies
D) Maintenance Windows policies

A) Purging Maintenance
B) Inventory to Asset Synchronization
C) CMDB Rules
D) Resource Merge Rule

A) Application Metering Agent plug-in
B) Software Update Agent plug-in
C) Inventory Agent plug-in
D) Inventory Rule Agent plug-in
E) Software Management Solution Agent plug-in

A) Internet Gateway Installation package
B) Symantec Installation Manager package
C) Task Server Agent plug-in package
D) Symantec Management Agent package

A) Driver manifest files are too large
B) Corrupt or missing driver manifest files
C) CAB's or EXE's are not supported
D) CAB's or EXE's are supported but take longer to import

A) Software Compliance
B) Software Catalog
C) Software Library
D) Software Component

A) Event Console
B) Event policy
C) Monitor policy
D) Notification rule
E) Automation rule

A) On the server that is to be the Notification Server to create an offline installation if this Notification Server has no internet access
B) On another server to remotely install it on the target Notification Server
C) On the server that is to be the Notification Server
D) It should be installed on a desktop class system to remotely install it on the target Notification Server
E) On another computer to create an offline installation package if the Notification Server has no internet access

A) 10,000
B) 7,500
C) 12,500
D) 5,000

A) Creation and display of graphical reports
B) Actionable tasks within the report results
C) Creation of key performance indicator-based dashboards
D) Use of parameters to filter report results
E) Calculation and display of trend analysis within the report results

A) All inventory tasks will fail because they are not scheduled
B) All Inventory tasks will fail because they missed their scheduled time
C) Inventory tasks will succeed because the random start time is outside the throttling period
D) Inventory tasks will fail because they missed their random start time in the throttling period

A) Hard drive configuration
B) Internet Information Services (IIS) configuration
C) Microsoft operating system version
D) Microsoft SQL Server version
E) Memory management

A) Run the Deploy Sysprep task before cloning
B) Run the Prepare for Image Capture task before cloning
C) Run SIDGen to prepare the image for deployment
D) Run the Capture Personality task before cloning

A) The maximum amount of memory that can be installed on the computer
B) The number and size of packages to be staged on the site server
C) The frequency of tasks being executed on the clients
D) The number of concurrent TCP connections

A) NS.SQL Run Daily...
B) NS.Refresh Resource Update Summary...
C) NS.SQL defragmentation schedule...
D) NS.Weekly...

A) Implement a MS SQL Server Performance plan
B) Implement a MS SQL Server Defragmentation plan
C) Implement a MS SQL Server Optimization plan
D) Implement a MS SQL Server Maintenance plan

A) Executing the Filter Results Report Builder
B) Executing Assets by Location Organizational View Builder
C) Executing and saving the IT Analytics Computers by Location Report Builder
D) Executing the Computers by Location Report Builder

A) hostname like "SYM"
B) hostname "SYM"
C) hostname "SYM*"
D) hostname like "SYM*"

A) Reputation-based security
B) Event correlation
C) Network detection component
D) Detonation/sandbox

A) Reports
B) Settings
C) Action Manager
D) Policies

A) Database version
B) Database IP address
C) Database domain name
D) Database hostname
E) Database name

A) Application and Device Control
B) SONAR and Bloodhound
C) System Lockdown and Download Insight
D) Intrusion Prevention and Browser Intrusion Prevention

A) Add a Quarantine firewall policy for non-compliant and non-remediated computers.
B) Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
C) Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).
D) Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
E) Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.

A) Exfiltration
B) Incursion
C) Discovery
D) Capture

A) SEPM embedded database name
B) SEPM embedded database type
C) SEPM embedded database version
D) SEPM embedded database password

A) Import resources into the CMDB
B) A Full Inventory on all known systems
C) A Microsoft Active Directory import
D) A Network Discovery Task (Discovery Network)

A) https://SiteServer/Altiris/PackageShare
B) https://SiteServer/Symantec/PSS
C) https://SiteServer/Symantec/PackageShare
D) https://SiteServer/Altiris/PS

A) To have less raw data to analyze
B) To evaluate the data, including information from other systems
C) To access expanded historical data
D) To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
E) To determine the best cleanup method

A) Search
B) Action Manager
C) Incident Manager
D) Events

A) System Lockdown
B) Intrusion Prevention System
C) Firewall
D) SONAR

A) It ensures that the Incident is resolved, and the responder can clean up the infection.
B) It ensures that the Incident is resolved, and the responder can determine the best remediation method.
C) It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
D) It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

A) To perform a SQL injection on an internal server
B) To extract sensitive information from the target
C) To perform network discovery on the target
D) To deliver malicious code that breaches the target

A) Create a unique Cynic account to provide to ATP
B) Create a unique Symantec Messaging Gateway account to provide to ATP
C) Create a unique Symantec Endpoint Protection Manager (SEPM) administrator account to provide to ATP
D) Create a unique Email Security.cloud portal account to provide to ATP

A) Create a unique Symantec Endpoint Protection Manager (SEPM) domain for ATP
B) Create an ATP manager for each Symantec Endpoint Protection Manager (SEPM) domain
C) Create a Symantec Endpoint Protection Manager (SEPM) controller connection for each domain
D) Create a Symantec Endpoint Protection Manager (SEPM) controller connection for the primary domain

A) To determine the best plan of action for cleaning up the infection
B) To isolate infected computers on the network and remediate the threat
C) To gather threat artifacts and review the malicious code in a sandbox environment
D) To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident

A) Capture
B) Incursion
C) Discovery
D) Exfiltration

A) Reputation-based security
B) Detonation/sandbox
C) Network detection component
D) Event correlation

A) Affected Endpoints
B) Dashboard
C) Incident Graph
D) Events View
E) Actions Bar

A) ATP: Email
B) ATP: Endpoint
C) ATP: Network
D) ATP: Roaming

A) Policies page
B) Action Manager
C) Syslog
D) Incident Manager
E) Indicators of compromise (IOC) search

A) Throughput
B) Bandwidth
C) Link speed
D) Number of users

A) Loyphish
B) Aurora
C) ZeroAccess
D) Michelangelo

A) ATP will continue to block previously blacklisted addresses but NOT new ones.
B) ATP does NOT block access to blacklisted addresses unless block mode is enabled.
C) ATP will clear the existing blacklists.
D) ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.

A) Events
B) Dashboard
C) File Details
D) Incident Details

A) Whitelist the domain and close the incident as a false positive
B) Identify the pieces of malware and blacklist them, then notify the supplier
C) Blacklist the domain and IP of the attacking site
D) Notify the supplier and block the site on the external firewall

A) The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
B) The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
C) The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
D) The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

A) Email Security.cloud
B) Web security.cloud
C) Skeptic
D) Symantec Messaging Gateway

A) Database search filename "msscrt.pdf"
B) Database search msscrt.pdf
C) Endpoint search filename like msscrt.pdf
D) Endpoint search filename ="msscrt.pdf"

A) Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).
B) Run an indicators of compromise (IOC) search in ATP manager.
C) Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.
D) Add the site to a blacklist in ATP manager.

A) Blacklist
B) Whitelist
C) Delete file
D) Submit file to Cynic

A) Rejoin healthy endpoints back to the network
B) Blacklist any suspicious files found in the environment
C) Submit any suspicious files to Cynic
D) Isolate infected endpoints to a quarantine network
E) Delete threat artifacts from the environment

A) Koobface
B) Brain
C) Flamer
D) Creeper

A) Zeus
B) Melissa
C) Duqu
D) Code Red

A) Isolate a computer while it is manually being remediated
B) Submit files to a Central Quarantine server
C) Filter all traffic leaving the network
D) Intercept all traffic entering the network

A) Exfiltration
B) Incursion
C) Capture
D) Discovery

A) The search expired after one hour
B) 10 endpoints are offline
C) The search returned 0 results on 10 endpoints
D) 10 endpoints restarted and cancelled the search

A) Isolate the endpoint with a Quarantine Firewall policy
B) Blacklist the IRC channel IP
C) Blacklist the endpoint IP
D) Isolate the endpoint with an application control policy