Ask Question
Broadcom 250-580 Practice Test - Questions Answers, Page 8
List of questions
Question 71
Which of the following is a benefit of choosing a hybrid SES Complete architecture?
The ability to use the cloud EDR functionality
The ability to manage legacy clients running an embedded OS
The ability to manage Active Directory group structure without Azure
The ability to use Adaptive Protection features
A hybrid SES (Symantec Endpoint Security) Complete architecture offers several unique advantages by combining on-premises and cloud-based management and security features. One of the key benefits of choosing this architecture is the ability to utilize cloud-based Endpoint Detection and Response (EDR) functionality.
Cloud EDR Functionality:
Cloud EDR provides advanced threat detection and response capabilities that leverage cloud resources for enhanced threat intelligence, scalability, and data processing power.
By integrating cloud EDR, a hybrid architecture allows organizations to conduct real-time threat analysis, access global threat intelligence, and receive more rapid response options due to the centralized nature of cloud analytics.
This capability is essential for organizations looking to strengthen their endpoint security posture with adaptive and responsive solutions that can analyze, detect, and respond to emerging threats across the enterprise.
Advantages Over Legacy Systems:
A hybrid SES Complete architecture's cloud EDR functionality surpasses traditional, strictly on-premises solutions. Legacy systems may lack the adaptive protection, quick updates, and comprehensive intelligence that cloud solutions offer, which makes them less effective against modern threats.
Adaptive Protection Features:
While hybrid architectures indeed enable adaptive protection, the specific functionality of cloud EDR adds further analytical and actionable insights, thereby extending the security capabilities of an organization's infrastructure.
This answer is based on the Endpoint Security architecture and Symantec Endpoint Protection 14.x documentation, which emphasizes the importance of cloud integration in delivering scalable and adaptive security responses for hybrid deployments.
Question 72
An organization runs a weekly backup using the Backup and Restore Wizard. This week, the process failed to complete due to low disk space.
How does the SEP Administrator change the SEPM backup file location?
Move the data directory by reconfiguring the SEPM in the Management Server Configuration Wizard.
Move the backup directory by reconfiguring the SEPM in the Management Server Configuration Wizard.
Move the install directory by reconfiguring the SEPM in the Management Server Configuration Wizard.
Move the database directory by reconfiguring the SEPM in the Management Server Configuration Wizard.
When a backup fails due to low disk space, the Symantec Endpoint Protection Manager (SEPM) Administrator can change the backup file location to free up space on the primary drive. To do this:
Management Server Configuration Wizard:
SEPM provides an option to reconfigure certain directories, including the backup directory, through the Management Server Configuration Wizard.
By selecting the option to move the backup directory, administrators can specify a new location with sufficient space to store backup files without disrupting the default data or install directories.
Steps to Change Backup Directory Location:
Launch the SEPM Management Server Configuration Wizard.
Choose the option to reconfigure or move the backup directory specifically. This step does not affect the core SEPM installation or database directories.
Specify a new path for the backup directory where sufficient storage is available to prevent future failures.
Reasoning Behind the Choice:
Options A, C, and D involve moving the data, install, or database directories, which are unrelated to backup storage issues. Only the backup directory relocation addresses the low disk space issue during backup processes.
Question 73
An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.
What is the likely problem?
The Learn applications that run on the client computer setting are disabled.
The client computers already have exclusions for the applications.
The Symantec Endpoint Protection Manager is installed on a Domain Controller.
The clients are in a trusted Symantec Endpoint Protection domain.
When the Application Exception dialog fails to display applications, it is typically because the 'Learn applications that run on the client computer' setting is disabled. This setting allows SEPM to learn and list the applications running on client systems, enabling administrators to create application-specific exceptions.
Explanation of Application Learning:
Application Learning is a feature that gathers data on applications executed on client systems. When enabled, SEPM records information about these applications in its database, allowing administrators to review and manage exceptions for detected applications.
If this setting is disabled, SEPM will not record or display applications in the Application Exception dialog, making it impossible for administrators to create exceptions based on learned applications.
Steps to Enable Application Learning:
In SEPM, navigate to Clients > Policies > Communications.
Check the box for 'Learn applications that run on the client computers' to enable the feature.
Once enabled, SEPM will start collecting data, and applications will appear in the Application Exception dialog after the clients report back.
Rationale Against Other Options:
Option B (existing exclusions) would not prevent applications from appearing, as these would still be listed for reference.
Option C (installing SEPM on a Domain Controller) and Option D (trusted SEP domain) do not impact application learning visibility in SEPM.
Question 74
How does Memory Exploit Mitigation protect applications?
Injects a DLL (IPSEng32.dll or IPSEng64.dll) into protected processes and when an exploit attempt is detected, terminates the protected process to prevent the malicious code from running.
Injects a DLL (UMEngx86.dll) into applications that run in user mode and if the application behaves maliciously, then SEP detects it.
Injects a DLL (sysfer.dll) into processes being launched on the machine and if the process isn't trusted, prevents the process from running.
Injects a DLL (IPSEng32.dll) into browser processes and protects the machine from drive-by downloads.
Memory Exploit Mitigation in Symantec Endpoint Protection (SEP) works by injecting a DLL (Dynamic Link Library) --- specifically, IPSEng32.dll for 32-bit processes or IPSEng64.dll for 64-bit processes --- into applications that require protection. Here's how it works:
DLL Injection:
When Memory Exploit Mitigation is enabled, SEP injects IPSEng DLLs into processes that it monitors for potential exploit attempts.
This injection allows SEP to monitor the behavior of the process at a low level, enabling it to detect exploit attempts on protected applications.
Exploit Detection and Response:
If an exploit attempt is detected within a protected process, SEP will terminate the process immediately. This termination prevents malicious code from running, stopping potential exploit actions from completing.
Why This Approach is Effective:
By terminating the process upon exploit detection, SEP prevents any code injected or manipulated by an exploit from executing. This proactive approach effectively stops many types of memory-based attacks, such as buffer overflows, before they can harm the system.
Clarification on Other Options:
Option B (UMEngx86.dll) pertains to user-mode protection, which isn't used for Memory Exploit Mitigation.
Option C (sysfer.dll) is involved in file system driver activities, not direct exploit prevention.
Option D is partially correct about IPSEng32.dll but inaccurately specifies that it's for browser processes only; the DLL is used for multiple types of processes.
Question 75
In which phase of the MITRE framework would attackers exploit faults in software to directly tamper with system memory?
Unlock Premium Member
Question 76
What prevention technique does Threat Defense for Active Directory use to expose attackers?
Question 77
What version number is assigned to a duplicated policy?
Question 78
How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?
Question 79
An administrator is investigating a possible threat that occurs during the Windows startup. A file is observed that is NOT digitally signed by Microsoft. Which Anti-malware feature should the administrator enable to scan this file for threats?
Question 80
A company uses a remote administration tool that is detected as Hacktool.KeyLoggPro and quarantined by Symantec Endpoint Protection (SEP).
Which step can an administrator perform to continue using the remote administration tool without detection by SEP?
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question