symantec.train4sure.250-512.v2017-05-22.by.larry€¦ · 22/05/2017 · when deploying the...

http://www.gratisexam.com/

250-512.exam

Number: 250-512Passing Score: 800Time Limit: 120 minFile Version: 5.0


250-512

Administration of Symantec Data Loss Prevention 11.5

Version 5.0

Sections1. Volume A2. Volume B


Exam A

QUESTION 1Which is the correct traffic flow for the Symantec Data Loss Prevention for Tablets solution?

A. iPad > VPN > Tablet Server > Exchange Server > final destination

B. iPad > VPN > Web proxy > Tablet Server > final destination

C. iPad > VPN > Web proxy > Tablet Server > Enforce Server > final destination

D. iPad > VPN > Tablet Server > Web proxy > final destination

Correct Answer: BSection: Volume AExplanation

Explanation/Reference:

QUESTION 2A user wants to modify a check within a pre-defined standard.

What is the first step?


A. Highlight check and browse to the Parameters tab

B. Highlight check and browse to the Expression tab

C. Right-click the check and select Edit

D. Make a copy of the check

Correct Answer: DSection: Volume AExplanation



QUESTION 3Where can the Data Processing Service settings be configured in the Symantec Control Compliance Suite 9.0 console?

A. Settings -> General

B. Settings -> System Topology

C. Settings -> Roles

D. Settings -> Secure Configuration



QUESTION 4When deploying the Symantec Data Loss Prevention 11.5 solution on multiple servers, which mix of operating systems is supported?

A. All detection servers need to be on the same supported operating system, but the Enforce Server can be on a different supported operating system.

B. The Enforce Server must be on a supported Linux operating system and the detection servers can be on any supported operating system.

C. Any mix of supported Linux and Windows operating systems is allowed.

D. The Enforce Server must be on a supported Windows operating system and the detection servers can be on any supported operating system.

Correct Answer: CSection: Volume AExplanation


QUESTION 5When manually installing the Symantec DLP Agent, how can the Data Loss Prevention administrator hide the agent from registering itself in the Windows controlpanel?

A. Add ARPSYSTEMCOMPONENT="1" to the installer batch file

B. Select the "Hide from Control Panel" checkbox in the installation user interface

C. Add HIDECONTROLPANEL="YES" to the installer batch file

D. Select the "ARPSYSTEMCOMPONENT" checkbox in the installation user interface


Correct Answer: ASection: Volume AExplanation


QUESTION 6In Symantec Control Compliance Suite 9.0, if an administrator wants to evaluate assets compared to a referenced asset, what is used?

A. reference evaluation

B. baseline standard

C. gold standard

D. policy mapping



QUESTION 7Which two operating systems are supported for Symantec Data Loss Prevention 11.5 servers? (Select two.)


A. Windows 2003 Enterprise Edition 64-bit

B. Red Hat Linux 5 Enterprise 32 or 64-bit

C. Windows 2008 Server 32-bit

D. Red Hat Linux 4 Enterprise 64-bit

E. Windows 2003 Enterprise Edition 32-bit


Correct Answer: BESection: Volume AExplanation


QUESTION 8Symantec recommends that new deployments of Data Loss Prevention replace the default encryption certificates used for securing communication between theEnforce Server and detection servers.

What is the correct utility for generating new certificates for this communication?

A. sslkeytool.exe

B. certutil.exe

C. endpointkeytool.exe

D. kinit.exe



QUESTION 9Which two can a detection server match on with a recipient matches pattern rule? (Select two.)

A. IP address of a Web server

B. Windows username

C. Instant Messaging Name

D. MAC address

E. Webmail server URL

Correct Answer: AESection: Volume AExplanation



QUESTION 10An organization needs to determine whether anyone other than the CEO is emailing PDF documents that contain the phrase "Revenue Operating Report".

What is the most efficient way to write this policy and generate the fewest false positives?

A. One rule without conditions and one exception rule

B. Two rules and one L7 Sender exception

C. One rule with two conditions and one exception rule

D. Two rules with one condition each and one exception rule



QUESTION 11What should be used to detect existing source code information for a customer?

A. Exact Data Matching (EDM)

B. Index Document Matching (IDM)

C. file type rule condition

D. data identifier rules



QUESTION 12What is the process of assigning meta information to an asset?

A. Dynamic asset grouping

B. Implementing Reconciliation Rules

C. Tagging


D. CSV Import



QUESTION 13An organization needs to determine whether at least 50% of a sensitive document is leaving the organization.

Which action would help them accomplish this?

A. adding the document to a whitelisting document

B. matching on selected fields

C. using match count

D. using minimum document exposure



QUESTION 14Which two detection condition types match on all Envelope, Subject, Body, and Attachment components? (Select two.)

A. Exact Data Match

B. Indexed Document Match

C. Keyword

D. File Name

E. Data Identifier

Correct Answer: CESection: Volume AExplanation



QUESTION 15Which technique is used to select a Data Processing Service data collector when multiple data collectors are configured to support a site?


A. round robin

B. most recently used

C. load based

D. shortest job next



QUESTION 16Data can be collected using which two data collectors in Symantec Control Compliance Suite 9.0? (Select two.)

A. ESM

B. XML

C. ODBC

D. CSV

E. AS400

Correct Answer: ADSection: Volume AExplanation



QUESTION 17Which use case would be solved by using a "Sender/User matches Group based on Directory Server Group" as a detection rule?

A. Allow login to Enforce based on Active Directory (AD) group membership

B. Generate an incident based on the business unit custom attribute

C. Resolve the business unit custom attribute using the LDAP lookup plugin

D. Detect a group of users based on Active Directory (AD) group membership



QUESTION 18Which two collector types can be used to import assets into the Symantec Control Compliance Suite 9.0 asset system? (Select two.)

A. Domain

B. Default

C. DPS

D. XML

E. CSV



QUESTION 19How are the Enterprise Security Manager settings configured for use by the Data Processing Service?

A. per site

B. per domain

C. per organizational unit


D. per group



QUESTION 20Which response rule condition allows a policy manager to configure an Automated Response rule to execute while a user is travelling?

A. Endpoint Location

B. Endpoint Device

C. Protocol or Endpoint Monitoring

D. Sender/User Matches Pattern



QUESTION 21How many attachments can be associated with an exception request?

A. 1

B. 2

C. 3

D. 4



QUESTION 22


An Endpoint Prevent: Notify response rule is defined in Korean, English, and Chinese (in that order).

Which pop-up language will a Japanese Windows locale user see?

A. Korean

B. Japanese

C. English

D. Chinese



QUESTION 23Which two benefits does the Policy Module provide? (Select two.)

A. determines coverage gaps for multiple, overlapped regulatory, industry-specific, or best practices frameworks

B. lowers the cost of policy creation and maintenance and measures policy knowledge and retention

C. defines, reviews, and disseminates written policies to end users as mapped to specific measurable controls

D. integrates the policy compliance process with existing asset management systems

E. identifies problems within policies or internal controls and prevents policy compliance failure or data breach

Correct Answer: ACSection: Volume AExplanation


QUESTION 24Which action is available for use in Smart Response rules and Automated Response rules?



A. Modify SMTP message

B. Block email message

C. Limit incident data retention

D. Post log to a syslog server



QUESTION 25Which two fields are common to all asset types? (Select two.)

A. Asset Administrator

B. Confidentiality

C. Asset Location

D. Access Vector

E. Authentication

Correct Answer: BCSection: Volume AExplanation


QUESTION 26On which protocols does Symantec Data Loss Prevention use port-based protocol recognition?

A. Secure tunnelling protocols

B. User-defined IP protocols

C. User-configured TCP protocols

D. System-defined UDP and TCP protocols

Correct Answer: C


Section: Volume AExplanation


QUESTION 27What does Symantec Control Compliance Suite 9.0 use to help organize how and where data is collected?

A. collections

B. sites

C. domains

D. organizational units



QUESTION 28Which two requirements must be met to successfully use Network Monitor on a Windows based detection server? (Select two.)

A. Wireshark must be installed on the Windows system.

B. WinPCAP must be installed on the Windows system.

C. ARP proxy must be enabled to ensure the Windows system captures all traffic.

D. At least two network interfaces must be available.

E. The network interface card must support Jumbo frames.

Correct Answer: BDSection: Volume AExplanation


QUESTION 29A test is performed against one or more assets in order to determine a pass or fail status.


What is this test called?

A. Standard

B. Filter

C. Check

D. Evaluation



QUESTION 30Which two are categorized as unprocessable components in the traffic report? (Select two.)

A. traffic stream that is corrupted

B. Traffic that contains jpg image

C. Extraction limit that has been exceeded

D. Traffic containing a password protected doc file

E. Packets arriving out of order



QUESTION 31Which traffic type will be excluded from analysis?

A. Skype

B. Yahoo! Instant Messenger

C. NNTP

D. Telnet

Correct Answer: A




QUESTION 32What does Network Monitor use to identify SMTP network traffic going to a nonstandard port?

A. string matching

B. port range

C. regular expressions

D. protocol signature



QUESTION 33Which incidents appear in the Network Incident List when the Network Prevent Action filter is set to Modified?


A. incidents in which confidential content was removed from an SMTP email

B. incidents in which an SMTP email was changed to include a specified header

C. incidents in which digital rights were applied to SMTP email attachments

D. incidents in which attachments were removed from an SMTP email




QUESTION 34Which two fallback options are available for a Network Prevent: Remove HTTP/HTTPS Content response rule? (Select two.)

A. Determine a secondary site for posts

B. Block content from being posted

C. Send to an encryption gateway

D. Remove content through FlexResponse

E. Allow content to be posted



QUESTION 35Which server encrypts the message when using a Modify SMTP Message response rule?

A. Encryption Gateway

B. SMTP Prevent server

C. Network Monitor server

D. Enforce server



QUESTION 36Which two options can be used to notify users when SMTP emails are blocked with Network Prevent? (Select two.)

A. MTA generated delivery status notification

B. Web Proxy server generated email notification


C. Symantec FlexResponse plug-in generated email notification

D. Symantec detection rule generated email notification

E. Symantec response rule generated email notification



QUESTION 37Which databases are created by Symantec Control Compliance Suite 9.0 Reporting and Analytics during installation?

A. Production, Reporting, Evidence

B. bv, Compliance Manager, Policy Manager

C. Dashboard, Reporting, SMC

D. Evidence, Standards, Policies



QUESTION 38Which functionality must a Mail Transfer Agent (MTA) have to integrate with an Email Prevent Server?

A. The MTA is strict ESMTP compliant.

B. The MTA is ICAP compliant.

C. The MTA filters spam.

D. The MTA supports TLS.




QUESTION 39What can Email Prevent do to protect confidential data in an outgoing email?

A. modify the email attachment to remove confidential information

B. add a header to an email to route to an encryption gateway

C. use a FlexReponse plug-in to modify the email header

D. modify the email body to redirect to a quarantine location



QUESTION 40How many instances of the Enterprise Configuration Service should be installed?

A. One per Windows domain

B. One per enterprise

C. Two (cluster configuration)

D. One per query engine



QUESTION 41Which three are valid Reconciliation Rule types in Symantec Control Compliance Suite 9.0? (Select three.)

A. Pre Rule

B. Add Rule

C. Delete Rule

D. Update Rule


E. Change Rule

Correct Answer: ABDSection: Volume AExplanation


QUESTION 42When configuring bv-Control for Microsoft SQL Server, which two authentication options are available? (Select two.)

A. Certificate-based authentication

B. Windows authentication

C. Pass-through authentication

D. Basic authentication

E. SQL authentication



QUESTION 43Which Symantec Control Compliance Suite 9.0 component is responsible for routing data collection, evaluation, and reporting jobs?

A. application server

B. collector

C. load balancer

D. Management Service




QUESTION 44How can a user monitor compliance to policies?


A. via statements

B. via questions

C. via regulations

D. via frameworks



QUESTION 45When approving an exception, which field requires input from the approver?

A. Requestor

B. Requestor Group

C. Requestor Email ID

D. Comments



QUESTION 46How are Reconciliation Rules processed?


A. by priority, first matching rule

B. by CIA values

C. by asset type

D. by best fit matching, multiple rule matches



QUESTION 47How is a policy applied to Network Discover scans?

A. by assigning policy groups to the scan target

B. by choosing the correct policies in the scan target

C. by assigning policies to the Network Discover Server

D. by choosing the correct targets to run the policies



QUESTION 48A Data Loss Prevention administrator needs to modify a Network Discover scan that has already started. For the remaining shares, files larger than 100 MB need tobe ignored.

How should this be accomplished?

A. pause the scan, edit the scan target filters to ignore files greater than 100 MB, and resume the scan

B. modify the server settings for the Discover server running the scan, adjust the maxfilesize.level setting to 100 MB, restart the Discover server

C. edit the discovercrawler.properties in /Vontu/Protect/config on the Discover server to limit the max file fetch size, restart the Discover server

D. create a new scan with updated file size filters and start the scan

Correct Answer: A




QUESTION 49With respect to the entitlements workflow, what is the first step that is performed?

A. Assign a data owner

B. Mark control point

C. Import entitlements

D. Gather business data



QUESTION 50Which two remediation actions are available for Network Protect? (Select two.)

A. Copy

B. Move

C. Block

D. Rename

E. Quarantine



QUESTION 51In the Reports > Predefined folder, which two actions can the user perform? (Select two.)


A. Add report templates from CSV files

B. Delete report templates

C. Customize certain report templates

D. Edit the report template properties to add user-defined values

E. Schedule report templates

Correct Answer: CESection: Volume AExplanation


QUESTION 52To run a bv-Control query targeting Microsoft SQL Server 2005, which Microsoft component is required on the information server?

A. SQL Agent

B. Reporting Services

C. Integration Services

D. Distributed Management Objects



QUESTION 53When should Network Discover Scanners be used?

A. to scan data repositories that require special access methods to be readable

B. to find open file shares on the network

C. to scan and index documents from remote file servers for use in policies

D. to automatically remove sensitive files from data repositories




QUESTION 54A company needs to scan all of its file shares on a weekly basis to make sure sensitive data is being stored correctly. The total volume of data on the file servers isgreater than 1 TB.

Which approach will allow the company to quickly scan all of this data on a weekly basis?

A. run an initial complete scan of all the file shares, then modify the scan target to add date filters and exclude any files created or modified before the initial scanwas run

B. run an initial complete scan of all the file shares, then modify the scan target to an incremental scan type

C. create a separate scan target for each file share and exclude files accessed before the start of each scan

D. run an initial complete scan of all file shares, create a summary report of all incidents created by the scan, then run weekly scans and compare incidents fromweekly scans to incidents from the complete scan



QUESTION 55In the context of IT compliance, what are standards?

A. a set of generally accepted best practices

B. a protector against a specific risk or threat

C. statements of goals and objectives

D. a collection of methods to evaluate compliance efforts



QUESTION 56


Which two recommendations should an organization follow when deploying Endpoint Prevent? (Select two.)


A. Test the agent on a variety of end-user images.

B. Initially enable monitoring of the local file system.

C. Enable monitoring of many destinations and protocols simultaneously.

D. Configure, test, and tune filters.

E. Configure blocking as soon as the agents are deployed.



QUESTION 57Which application or destination is selected for endpoint monitoring by default?

A. email

B. removable storage

C. instant messaging

D. local drive



QUESTION 58An administrator is applying a newly created agent configuration to a server. Upon inspection, however, none of the new configuration settings are displayed.


What is a possible cause of this issue?

A. The administration access rights restricts access to apply new configurations.

B. The server that the new agent configuration was applied to needs to be recycled.

C. The new agent configuration was saved without applying it to the Endpoint server.

D. The new agent configuration was copied and modified from the default agent configuration.



QUESTION 59An information security officer has detected an unauthorized tool on desktops being used to transmit data with encrypted communications.

Which Data Loss Prevention feature can prevent this tool from accessing confidential data?

A. Removable storage monitoring

B. Network protocol monitoring

C. Application path filtering

D. Application monitoring



QUESTION 60Which situation can be monitored by both Network Monitor and Endpoint Prevent?

A. An employee uses a Chrome 2 browser to post confidential data to a newsgroup using http.

B. An employee uses Skype to send an instant message to a friend at a competitor site.

C. An employee uses AIM to send an instant message while off the corporate network.

D. An employee uses Internet Explorer 7 to send confidential data from a Gmail account using https.




QUESTION 61Which object applies to an entitlement exception?

A. section

B. standard

C. control point

D. policy



QUESTION 62What are two available options when accessing the Configure Server page of a Network Monitor server to configure protocol filters? (Select two.)

A. HTTPS

B. FTP

C. SMTP

D. ICMP

E. UDP

Correct Answer: BCSection: Volume AExplanation


QUESTION 63In order to generate reports in Symantec Control Compliance Suite 9.0 (CCS 9.0), where must the Crystal Reports 2008 Engine be installed?


A. The Data Processing Service computer configured with the Reporter role

B. The application server that manages the reporting jobs

C. All Data Processing Service computers

D. The server that hosts the CCS 9.0 console



QUESTION 64Which feature enables data extraction with incident data from the Enforce platform based on report ID?

A. Data Extraction API

B. CSV Export

C. Reporting API

D. Report Save As



QUESTION 65How can an incident responder remediate multiple incidents simultaneously?

A. by selecting a Smart Response on the Incident Snapshot page

B. by selecting an Automated Response on an Incident List report

C. by selecting a Smart Response on an Incident List report

D. by selecting the Find Similar command on the Incident Snapshot page




QUESTION 66An incident responder can see basic incident data, but is unable to view any specific details of the incident.

What is the configuration for this role?

A. The View option is selected and all display attributes are deselected.

B. Server administration rights have been deselected.

C. Custom attributes have been selected and set to View Only.

D. Incident Access tab conditions are specified.



QUESTION 67Which term refers to rules created by a government in response to legislation?

A. framework

B. standard

C. policy

D. benchmark

E. regulation

Correct Answer: ESection: Volume AExplanation


QUESTION 68Which two conditions can be specified when creating an incident access condition in a role? (Select two.)



A. File types

B. A custom attribute

C. Last modified by

D. File size

E. Policy group



QUESTION 69Which Symantec Control Compliance Suite 9.0 component is responsible for most inter-component transactions?

A. Directory Support Service

B. Data Processing Service

C. Information Server Service

D. Application Server Service



QUESTION 70Which feature moves confidential data to a secure location when scanning endpoint targets?

A. Network Protect Quarantine


B. Network Discover Remediation

C. Endpoint Quarantine

D. Endpoint Prevent Block



QUESTION 71Which service is responsible for importing assets via a CSV file?

A. Application Server Service


C. Directory Support Service

D. Management Services Service



QUESTION 72Which delimiter is acceptable in Exact Data Matching (EDM) data sources?

A. space

B. semi-colon (;)

C. pipe (|)

D. slash (/)




QUESTION 73Which three are prerequisites for RMS installation? (Select three.)

A. Internet Information Server

B. Microsoft .NET Framework 2.0

C. Windows Installer 3.1

D. Microsoft SQL Server 2005 Express

E. Crystal Report 2008

Correct Answer: BCDSection: Volume AExplanation


QUESTION 74A user has deleted a report template in a user-defined folder.

What must the user do to use that report template again?

A. Find the report template in the Application Server Recycle Bin

B. Recreate the report template from the predefined report template

C. Recreate the Report Generation job

D. Select Add in My Reports



QUESTION 75Which minimum right is required for a standard user to open the RMS console and use the query-related features?

A. must be part of the RMS Console Users local group


B. must have a Symantec Control Compliance Suite 9.0 Administrator role

C. must be configured as an RMS Console User

D. must be part of the RMS Admin Users local group



QUESTION 76For greater accuracy, what is the minimum recommended number of columns in a data source for use in an Exact Data Matching (EDM) profile?

A. 2

B. 3

C. 4

D. 5



QUESTION 77Which two dates must be selected when creating an exception request? (Select two.)

A. expiration date

B. start date

C. effective date

D. due date

E. evaluation date




QUESTION 78The Response Assessment Module (RAM) was installed after Symantec Control Compliance Suite 9.0 (CCS 9.0) reporting and analytics.

What must be modified in order to connect CCS 9.0 to the RAM?

A. RAMServer.exe.config file

B. RAM DB configuration

C. DPS settings

D. RAM Server connection string



QUESTION 79A company has SMTP Prevent deployed with email blocking enabled in their confidential data policy. The finance department reports that emails containingsensitive data sent to external business partners are being blocked. The company maintains a list of the external business partner domains.

How can a policy be modified so that emails are sent only to authorized recipients?

A. duplicate the confidential data policy, add a rule based on "Sender Matches Pattern", and add the email addresses of all employees in the finance department,select "All senders must match" for Match Counting

B. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select"All recipients must match" for Match Counting

C. create a new rule in the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select"At least 1 recipient must match" for Match Counting

D. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select"At least 1 recipient must match" for Match Counting




QUESTION 80How can agentless asset data collection speed be improved on a large network?

A. Install the console on a faster machine

B. Tune the SQL database for performance

C. Set up multiple information server deployments on the network

D. Install RMS and Symantec Control Compliance Suite 9.0 on the same box



QUESTION 81Which two policy management actions can result in a reduced number of incidents for a given traffic flow? (Select two.)

A. Adding additional component matching to the rule

B. Adding data owner exceptions

C. Deploying to additional detection servers

D. Increasing condition match count

E. Adding additional severities

Correct Answer: BDSection: Volume AExplanation


QUESTION 82Refer to the exhibit.


Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimatebusiness activity.

Which two actions are involved with the remediation phase of risk reduction? (Select two.)

A. employee and business unit communication

B. sender auto notification

C. blocking and notifying response rules

D. fixing broken business processes

E. enabling Exact Data Matching (EDM)/Indexed Document Matching (IDM)




QUESTION 83Within an evaluation result, the status Unknown is primarily defined with which check setting?


A. missing data items

B. check expression

C. precondition

D. data items filter



QUESTION 84Refer to the exhibit.


Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimatebusiness activity.

According to this model, which activity should occur during the baseline phase?

A. Monitor incidents and tune the policy to reduce false positives

B. Configure, test, and deploy smart and automated remediation responses

C. Establish business metrics and begin sending reports to business unit stakeholders

D. Test policies to ensure that blocking actions minimize business process disruptions



QUESTION 85


What is the correct sequence of steps in the Symantec Data Loss Prevention policy lifecycle?

A. Design policy, test policy, deploy policy, identify threat, and tune policy

B. Identify threat, build policy, deploy policy, test policy, and tune policy

C. Design policy, deploy policy, identify threat, test policy, and tune policy

D. Identify threat, design policy, build policy, test policy, tune policy, and deploy policy



QUESTION 86Where are evaluation results stored?

A. Production database

B. Evidence database

C. Reporting database

D. Response database



QUESTION 87The chief information security officer (CISO) is responsible for overall risk reduction and develops high-level initiatives to respond to security risk trends.

Which report will be useful to the CISO?

A. all high severity incidents that have occurred during the last week

B. all dismissed incidents violating a specific policy marked as false positive

C. all incidents from the previous month summarized by business units and policy

D. all new incidents that have been generated by a specific business unit during the last week




QUESTION 88Which Oracle utility can be run from the Enforce box to test network connectivity between Enforce and the Oracle database?

A. rconfig

B. sqlplus

C. netca

D. rman

Correct Answer: BSection: Volume BExplanation


QUESTION 89Which log should be reviewed first if a database issue is suspected?

A. manager_operational.log

B. alert_.log

C. enforce_diagnostics.log

D. manager_jdbc.log



QUESTION 90What is one of the steps that must take place before comparing entitlements of a control point?


A. generate entitlement report

B. request to approve entitlements

C. approve entitlements at least once

D. approve entitlements at least twice

Correct Answer: CSection: Volume BExplanation


QUESTION 91A user is unable to log in as sysadmin. The Data Loss Prevention system is configured to use Active Directory authentication. The user is a member of two roles,sysadmin and remediator.

How should the user log in to the user interface in the sysadmin role?

A. sysadmin\username@domain

B. sysadmin\username

C. domain\username

D. sysadmin\username\domain



QUESTION 92A role is configured for XML export and a user executes the export XML incident action.

What must be done before history information is included in the export?

A. A remediator must take an action on the incident.

B. History must be enabled as a tab or panel in the incident snapshot layout.

C. Incident history must be enabled in the user's role.

D. The manager.properties must be configured for XML export.




QUESTION 93Which service is responsible for starting and controlling the user interface?

A. VontuManager

B. VontuMonitor

C. VontuNotifier

D. VontuMonitorController

Correct Answer: ASection: Volume BExplanation


QUESTION 94Which three are components of a Reconciliation Rule? (Select three.)

A. Save in: Folder Selection

B. Set Asset Group

C. Asset Type

D. Rule Type

E. Select Asset Filter

Correct Answer: ACDSection: Volume BExplanation


QUESTION 95


What can cause an increase in the DLP Agent footprint?


A. Smart Response rules

B. additional Agent Components

C. additional policies

D. API lookups



QUESTION 96Which four functional roles can be registered to the Data Processing Service? (Select four.)

A. Load Balancer

B. Data Provider

C. Collector

D. Evaluator

E. Reporter

F. Manager

Correct Answer: ACDESection: Volume BExplanation


QUESTION 97In which case will the agent status remain green (healthy) on the Agent Events page?


A. The Endpoint server detects that the connection with the agent is lost.

B. There is agent or server authentication failure.

C. The agent is unable to restore a database file.

D. The agent service and file-system driver are running.

Correct Answer: DSection: Volume BExplanation


QUESTION 98How many dashboards can be viewed simultaneously on the home page?

A. 1

B. 2

C. 4

D. 8



QUESTION 99A Data Loss Prevention administrator brings a new Endpoint server online and redirects existing DLP Agents to work with this server. The administrator notices, inthe Agent Overview page, that the redirected agents are showing an offline status.

Which scenario is the most likely cause of this issue?

A. Active policies are disabled on this Endpoint server and pushed out to the DLP Agents.

B. The Agent Monitoring configuration of this new Endpoint server needs to enable the appropriate monitoring options.

C. The Agent Monitoring configuration of this new Endpoint server has aggressive throttling enabled for DLP Agents causing them to shut down.

D. The Endpoint server is listening on the default port of 8000 while the DLP Agents are using a custom port number.




QUESTION 100During testing, a Data Loss Prevention administrator configures a Network Discover target to identify and quarantine confidential files. The target is set up with adefault credential that has read-only permissions on the file server. After running the scan and checking the results, the administrator finds several incidents fromthe scan, observes that all confidential files are still in their original location, but the configured quarantine directory contains the confidential files.

Which two Discover target configuration mistakes might be causing the problem? (Select two.)

A. The sharelist excludes all directories on the host being scanned.

B. The Quarantine/Copy Share credentials are invalid.

C. The Default credentials are invalid.

D. The Copy option is selected.

E. The Protect credential is unspecified.

Correct Answer: DESection: Volume BExplanation


QUESTION 101When does the RMS Console Configuration Wizard appear? (Select two.)

A. every time a new license has been added

B. the first time that a user opens the console after the installation or the upgrade

C. after a new Credential database has been applied to the user

D. after a bv-Control snap-in installation on the console computer

E. after the user has changed their default information server

Correct Answer: BDSection: Volume BExplanation



QUESTION 102What must be done in order to create a new asset type?

A. Import assets from this new type

B. Create the asset type in the asset interface

C. Extend the asset schema

D. Install a new bv-Control snapin



QUESTION 103The terms Confidentiality, Integrity, and Availability refer to which aspect of an Evaluation of a Standard?

A. Standard References

B. Risk Score

C. Common Vulnerabilities and Exposures

D. Compliance Score



QUESTION 104A policy author is creating a policy using a Data Identifier (DI) and needs to add keywords to help eliminate false positives. The policy author needs to avoidduplicates with the Keyword validators included with the DI.

Where can the policy author find the list of validators?

A. Symantec Data Loss Prevention Administration Guide


B. Symantec Data Loss Prevention Install Guide

C. User Interface - Manage > Response Rules

D. User Interface - Edit Policy > Edit Rule > More Info



QUESTION 105A Network Monitor server has been installed and the networking components configured accordingly. The server is receiving traffic, but fails to detect incidents.Running Wireshark indicates that the desired traffic is reaching the detection server.

What is the most likely cause for this behavior?

A. The mirrored port is sending corrupted packets.

B. The wrong interface is selected in the configuration.

C. The configuration is set to process GET requests.

D. The communication to the database server is interrupted.



QUESTION 106An administrator has completed the example document training process, but is having difficulty deciding whether or not to accept a VML profile. Where can the administrator find information regarding the quality of each training set at a granular, per-fold level?

A. machinelearning_training_process.log file

B. machinelearning_native_filereader.log fil

C. machinelearning_training.log file

D. machinelearning_native_manager.log file




QUESTION 107What should be used to add an Apple iPod device to a list of Endpoint devices?

A. CLASS/GENERIC/MUSIC/Apple

B. GLOBAL;MANUFACTURER;Apple*

C. DEVICESTORE:*APPLE&IPOD*

D. USBSTOR\\DISK&VEN_APPLE&PROD_IPOD&.*



QUESTION 108To which file system folder does PacketCapture write reconstructed SMTP messages?.


A. drop

B. drop_pcap

C. drop_email

D. drop_smtp




QUESTION 109Which setting allows a user to stop the filereader process from the user interface?

A. APC (Advanced Process Control)

B. Filereader.ScheduledInterval

C. UnicodeNormalizer.Enabled

D. Lexer.Validate



QUESTION 110Which three functions are provided by Symantec Control Compliance Suite 9.0? (Select three.)

A. Provides the ability to attest to procedural controls

B. Uses automated agentless or agent-based capabilities to audit and scan technical controls

C. Verifies and confirms risk and posture compliance assessment

D. Produces evidence of due care in an IT audit process

E. Integrates the remediation process

Correct Answer: ABDSection: Volume BExplanation


QUESTION 111An administrator is running a Discover Scanner target scan and the scanner is unable to communicate back to the Discover Server.

Where will the files be stored?


A. Discover Server incoming folder

B. scanner's outgoing folder

C. scanner's incoming folder

D. Enforce incident persister



QUESTION 112The Symantec Control Compliance Suite 9.0 (CCS 9.0) stores large amounts of data in databases. The database administrator must perform tasks on thedatabases outside of CCS 9.0 to maintain the databases and to ensure that the databases are performing at an acceptable level.

Which three tasks should be routinely scheduled in SQL Server Management Studio? (Select three.)

A. Configure the databases

B. Back up the databases

C. Refresh the databases

D. Rebuild the indexes

E. Update the database statistics

Correct Answer: BDESection: Volume BExplanation


QUESTION 113Which command line diagnostic utilities would give a user the operating system version of the detection servers?

A. Environment Check Utility

B. Log Collection Utility

C. NormalizationConfigCheck.exe

D. SC.exe




QUESTION 114A policy implemented to block confidential data from being posted to Facebook generates incidents but allows the content to be posted.

What should be done to resolve this issue?

A. Turn off Trial mode

B. Turn on default settings

C. Enable Get Processing

D. Enable ICAP.Allowhosts



QUESTION 115Which two components of Symantec Control Compliance Suite 9.0 must be deployed in an Active Directory domain? (Select two.)


B. Data Processing Services

C. Production database

D. directory server

E. web portal server

Correct Answer: ADSection: Volume BExplanation



QUESTION 116Each organization establishes its own priorities around the data they consider important to protect.

What is a common category of data at risk?

A. competitor financial data

B. company intellectual property

C. technical environmental risk data

D. historical stock share data



QUESTION 117Which product can replace a confidential document residing on a share with a marker file explaining why the document was removed?

A. Network Discover

B. Network Protect

C. Endpoint Prevent

D. Endpoint Discover



QUESTION 118Which product must run on a physical server?

A. Endpoint Prevent

B. Network Monitor

C. Enforce

D. Network Prevent




QUESTION 119Which products can be configured on the same detection server?

A. Network Protect and Network Discover

B. Endpoint Discover and Network Discover

C. Network Monitor and Network Prevent

D. Network Monitor and Network Discover



QUESTION 120When registering Oracle databases in bv-Control for Oracle, which two options are supported? (Select two.)

A. Registering the database from Active Directory

B. Registering the database manually

C. Registering the database from Oracle Internet Directory

D. Registering the database from tnsnames

E. Registering the database from DNS



QUESTION 121


Which Symantec Control Compliance Suite 9.0 components must be installed in the same domain?

A. Data Processing Service Collector Role and information server

B. application server and directory server

C. Data Processing Service Reporter Role and SQL database server

D. directory server and SQL database server



QUESTION 122A customer has four Enterprise Security Manager (ESM) managers in their environment.

What is the minimum number of Symantec Control Compliance Suite 9.0 sites to which these managers can be assigned?


A. 1

B. 2

C. 3

D. 4



QUESTION 123What are two benefits of the Symantec Data Loss Prevention 11.5 security architecture? (Select two.)


A. Communication is initiated by the detection servers inside the firewall.

B. SSL communication is used for user access to the Enforce Platform.

C. Endpoint Agent to Endpoint Server communication uses the Triple Data Encryption Standard (Triple DES).

D. Confidential information captured by system components is stored using Advanced Encryption Standards (AES) symmetric keys.

E. All indexed data uploaded into the Enforce Platform is protected with a two-way hash.



QUESTION 124Which three factors must be considered when planning the deployment of the RMS Information Server? (Select three.)

A. number of Active Directory domains in scope

B. geographic location of RMS users

C. number of RMS users

D. enterprise network areas to be queried

E. location of the Information Server database

Correct Answer: BCDSection: Volume BExplanation


QUESTION 125What is the function of the Remote Indexer?

A. to create Index Document Matching (IDM) profiles and Exact Data Matching (EDM) profiles on a remote server

B. to create Exact Data Matching (EDM) profiles on a remote server

C. to create policy templates on a remote server

D. to create Index Document Matching (IDM) profiles on a remote server

Correct Answer: B


Section: Volume BExplanation


QUESTION 126Which term refers to organizational rules or requirements that provide guidance to employees?

A. framework

B. standard

C. policy

D. benchmark

E. regulation



QUESTION 127In which two ways can the default listener port for a detection server be modified? (Select two.)

A. Through the Enforce user interface under System > Overview

B. By editing the Communication.properties file on a detection server

C. Through the Enforce user interface under Manage > Policies

D. By editing the MonitorController.properties file on a detection server

E. By editing the jaas.config file on a detection server

Correct Answer: ABSection: Volume BExplanation


QUESTION 128In order to allow users to accept or decline policies, which option can be set during the creation of the policy?


A. Allow User Accept/Decline

B. Allow User Response

C. Allow User Interaction

D. Allow Users to Interface



QUESTION 129Which three are available Export Formats for Symantec Control Compliance Suite 9.0 reports? (Select three.)

A. Comma Separated Values (CSV)

B. Adobe Reader (PDF)

C. Crystal Reports (RPT)

D. Rich Text

E. Microsoft Access (MDB)

Correct Answer: BCDSection: Volume BExplanation


QUESTION 130How are permissions to user-defined objects granted to individual users?

A. Permissions are automatically assigned by role.

B. A custom role must be created to grant access.

C. The administrator must manually assign permissions.

D. They are granted through Active Directory.

Correct Answer: CSection: Volume B


Explanation


QUESTION 131When and how is the license for Symantec Data Loss Prevention 11.5 applied during installation?

A. by moving the license file to the bin directory after installation

B. by copying and pasting the license key when prompted during the installation

C. by uploading the license file when prompted by the installer

D. by copying and pasting the license key after logging in to the console for the first time



QUESTION 132When installing an Endpoint Server, at which point does it register with the Enforce Server?

A. After installation, the Endpoint Server automatically registers itself with the Enforce Server.

B. after recycling the server in the user interface

C. after adding the server from within the Enforce user interface

D. after restarting the Enforce Server



QUESTION 133Where are assets stored?

A. Assets.XML


B. Production database

C. RMS database

D. ADAM



QUESTION 134Which two database versions does Symantec Data Loss Prevention 11.5 support for incident and policy storage? (Select two.)

A. Oracle 10g version 10.2.0.4

B. IBM DB2 version 8.2

C. SQL Server 2008 R2 version 10.50.1753

D. Oracle 11g version 11.2

E. Oracle 9i version 9.2.0.4

Correct Answer: ADSection: Volume BExplanation


QUESTION 135In order to have a proper Disaster Recovery Plan, all Symantec Control Compliance Suite 9.0 server components need to be included in the backup strategy. Forsome components, it is easiest to recreate the installation of a failed component. For other components, the data is backed up and the component software isreinstalled.

For which three components is a data backup needed? (Select three.)



C. Production database

D. Evidence database

E. directory server


Correct Answer: CDESection: Volume BExplanation



symantec.train4sure.250-512.v2017-05-22.by.larry€¦ · 22/05/2017 · when deploying the...

Documents