Free Symantec 250-441 Exam Dumps Questions & Answers

An Incident Responder runs an endpoint search on a client group with 100 endpoints. After one day, the responder sees the results for 90 endpoints.
What is a possible reason for the search only returning results for 90 of 100 endpoints?

• A.  10 endpoints restarted and cancelled the search
• B.  The search expired after one hour
• C.  The search returned 0 results on 10 endpoints
• D.  10 endpoints are offline

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

• A.  Close any open shares
• B.  Set executables on network drives as read only
• C.  Identify affected clients
• D.  Identify the threat and understand how it spreads
• E.  Create subnets or VLANs and configure the network devices to restrict traffic

An Incident responder added a files NDS hash to the blacklist.
Which component of SEP enforces the blacklist?

• A.  SONAR
• B.  Bloodhound
• C.  Intrusion Prevention
• D.  System Lockdown

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

• A.  Network detection component
• B.  Reputation-based security
• C.  Detonation/sandbox
• D.  Event correlation

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

• A.  Delete threat artifacts from the environment
• B.  Isolate infected endpoints to a quarantine network
• C.  Blacklist any suspicious files found in the environment
• D.  Rejoin healthy endpoints back to the network
• E.  Submit any suspicious files to Cynic