← Back to exam page

250-441 Administration of Symantec Advanced Threat Protection 3.0

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)

Select all that apply, then click Submit answer.

  • Configure a SIEM feed from the portal to the ATP environment

  • Configure email reports on convictions

  • Submit false positive and false negative files

  • Query hashes

  • Submit hashes to Insight
Question 5

Which two non-Symantec methods for restricting traffic are available to the Incident Response team? (Choose two.)

Select all that apply, then click Submit answer.

  • Temporarily disconnect the local network from the internet.

  • Create an Access Control List at the router to deny traffic.

  • Analyze traffic using Wireshark protocol analyzer to identify the source of the infection.

  • Create a DNS sinkhole server to block malicious traffic.

  • Isolate computers so they are NOT compromised by infected computers.
Question 6

An Incident Responder wants to run a database search that will list all client named starting with SYM.

Which syntax should the responder use?

Select an option, then click Submit answer.

  • hostname like “SYM”

  • hostname “SYM”

  • hostname “SYM*”

  • hostname like “SYM*”