Free Download 250-441 Examp Dump: Symantec.250-441.ActualTests.2019-09-22.47q.vcex

File Info

Exam	Administration of Symantec Advanced Threat Protection 3.0
Number	250-441
File Name	Symantec.250-441.ActualTests.2019-09-22.47q.vcex
Size	114 KB
Posted	Sep 22, 2019
Download	Symantec.250-441.ActualTests.2019-09-22.47q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%

Demo Questions

Question 1

Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?

Search
Action Manager
Incident Manager
Events

Correct answer: B

Question 2

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

Capture
Incursion
Discovery
Exfiltration

Correct answer: B

Explanation:

Question 3

Why is it important for an Incident Responder to analyze an incident during the Recovery phase?

To determine the best plan of action for cleaning up the infection
To isolate infected computers on the network and remediate the threat
To gather threat artifacts and review the malicious code in a sandbox environment
To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident

Correct answer: D

Question 4

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)

Database version
Database IP address
Database domain name
Database hostname
Database name

Correct answer: BD

Question 5

How does an attacker use a zero-day vulnerability during the Incursion phase?

To perform a SQL injection on an internal server
To extract sensitive information from the target
To perform network discovery on the target
To deliver malicious code that breaches the target

Correct answer: D

Explanation:

Reference: https://www.symantec.com/connect/blogs/guide-zero-day-exploits

Question 6

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

It ensures that the Incident is resolved, and the responder can clean up the infection.
It ensures that the Incident is resolved, and the responder can determine the best remediation method.
It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

Correct answer: C

Question 7

An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.

Which search query and type should the responder run?

Database search filename “msscrt.pdf”
Database search msscrt.pdf
Endpoint search filename like msscrt.pdf
Endpoint search filename =“msscrt.pdf”

Correct answer: A

Explanation:

Question 8

What is the earliest stage at which a SQL injection occurs during an Advanced Persistent Threat (APT) attack?

Exfiltration
Incursion
Capture
Discovery

Correct answer: B

Question 9

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

The endpoint automatically switches to using a Compliance location, where a Compliance policy is applied to the computer.
The endpoint automatically switches to using a System Lockdown location, where a System Lockdown policy is applied to the computer.
The endpoint automatically switches to using a Host Integrity location, where a Host Integrity policy is applied to the computer.
The endpoint automatically switches to using a Quarantine location, where a Quarantine policy is applied to the computer.

Correct answer: D

Question 10

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)