What happens when an administrator adds a file to the deny list?

The file is assigned to the default Deny List policy

The file is assigned to a chosen Deny List policy

The file is assigned to the Deny List task list

The file is automatically quarantined

The file is assigned to the default Deny List policy

What is a feature of Cynic?

Forwarding event data to Security Information and Event Management (SIEM)

What is the function of Symantec Insight?

Provides reputation ratings for binary executables

Provides reputation ratings for structured data

Enhances the capability of Group Update Providers (GUP)

Increases the efficiency and effectiveness of LiveUpdate

Provides reputation ratings for binary executables

What does a ranged query return or exclude?

Data falling between two specified values of a given field

Data matching the exact field names and their values

Data matching a regular expression

Data falling between two specified values of a given field

Data based on specific values for a given field

What information is required to calculate storage requirements?

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

What is the result of disjointed telemetry collection methods used within an organization?

Investigators lack granular visibility

Back of orchestration across controls

Attacks continue to spread during investigation

Using a hybrid environment, if a SEPM-managed endpoint cannot connect to the SEPM, how quickly can an administrator receive a security alert if the endpoint is using a public hot-spot?

After a VPN is activated with Network Integrity

When the client connects to SEPM

When can an administrator add a new replication partner?

During the initial installation of the new site

Immediately following the first LiveUpdate session of the new site

During a Symantec Endpoint Protection Manager upgrade

During the initial installation of the new site

Immediately following a successful Active Directory sync

Which two (2) considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

Application Learning can generate increased false positives.

Application Learning should be deployed on a small group of systems in the enterprise.

Application Learning can generate increased false positives.

Application Learning should be deployed on a small group of systems in the enterprise.

Application Learning can generate significant CPU or memory use on a Symantec Endpoint Protection Manager.

Application Learning requires a file fingerprint list to be created in advance.

Application Learning is dependent on Insight.

What information is required to calculate retention rate?

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

Number of endpoints, EAR data per endpoint per day, available disk space, number of endpoint dumps, dump size

Number of endpoints, available bandwidth, available disk space, number of endpoint dumps, dump size

Number of endpoints, available bandwidth, number of days to retain, number of endpoint dumps, dump size

Number of endpoints, EAR data per endpoint per day, number of days to retain, number of endpoint dumps, dump size

What protection technologies should an administrator enable to protect against Ransomware attacks?

IPS, SONAR, and Download Insight

Firewall, Host Integrity, System Lockdown

IPS, SONAR, and Download Insight

SONAR, Firewall, Download Insight

Which of the following is a benefit of choosing a hybrid SES Complete architecture?

The ability to use the cloud EDR functionality

The ability to manage legacy clients running an embedded OS

The ability to manage Active Directory group structure without Azure

The ability to use Adaptive Protection features

An organization runs a weekly backup using the Backup and Restore Wizard. This week, the process failed to complete due to low disk space.How does the SEP Administrator change the SEPM backup file location?

Move the backup directory by reconfiguring the SEPM in the Management Server Configuration Wizard.

Move the data directory by reconfiguring the SEPM in the Management Server Configuration Wizard.

Move the backup directory by reconfiguring the SEPM in the Management Server Configuration Wizard.

Move the install directory by reconfiguring the SEPM in the Management Server Configuration Wizard.

Move the database directory by reconfiguring the SEPM in the Management Server Configuration Wizard.

An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.What is the likely problem?

The Learn applications that run on the client computer setting are disabled.

The client computers already have exclusions for the applications.

The Symantec Endpoint Protection Manager is installed on a Domain Controller.

The clients are in a trusted Symantec Endpoint Protection domain.

How does Memory Exploit Mitigation protect applications?

Injects a DLL (IPSEng32.dll or IPSEng64.dll) into protected processes and when an exploit attempt is detected, terminates the protected process to prevent the malicious code from running.

Injects a DLL (UMEngx86.dll) into applications that run in user mode and if the application behaves maliciously, then SEP detects it.

Injects a DLL (sysfer.dll) into processes being launched on the machine and if the process isn't trusted, prevents the process from running.

Injects a DLL (IPSEng32.dll) into browser processes and protects the machine from drive-by downloads.

What version number is assigned to a duplicated policy?

The original policy's version number

The original policy's number plus one

How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

Add a Single Risk Event notification and specify 'Left Alone' for the action taken. Choose to log the notification and send an e-mail to the system administrators.

Add a Client security alert notification and specify 'Left Alone' for the action taken. Choose to log the notification and send an e-mail to the system administrators.

Add a System event notification and specify 'Left Alone' for the action taken. Choose to log the notification and send an e-mail to the system administrators.

Add a New risk detected notification and specify 'Left Alone' for the action taken. Choose to log the notification and send an email to the system administrators.