Exam Code: 250-561

Exam Name: Endpoint Security Complete - Administration R1

Website: https://VCEup.com/
Team-Support: Support@VCEup.com

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Question No: 1

An administrator is evaluating an organization's computers for an upcoming SES deployment. Which computer meets the pre-requisites for the SES client?

A. A computer running Mac OS X 10.8 with 500 MB of disk space, 4 GB of RAM, and an Intel Core 2 Duo 64-bit processor

B. A computer running Mac OS X 10.14 with 400 MB of disk space, 4 GB of RAM, and an Intel Core 2 Duo 64-bit processor

C. A computer running Windows 10 with 400 MB of disk space, 2 GB of RAM, and a 2.4 GHz Intel Pentium 4 processor

D. A computer running Windows 8 with 380 MB of disk space, 2 GB of RAM, and a 2.8 GHz Intel Pentium 4 processor

Answer: C

Question No: 2

What are the Exploit Mitigation security control's mitigation techniques designed to prevent?

A. Packed file execution

B. Misbehaving applications

C. File-less attacks

D. Rootkit downloads

Answer: D

Question No: 3

www.VCEup.com
Which security control is complementary to IPS, providing a second layer of protection against network attacks?

A. Host Integrity

B. Antimalware

C. Firewall

D. Network Protection

Answer: D

Question No: 4

Which alert rule category includes events that are generated about the cloud console?

A. Security

B. Diagnostic

C. System

D. Application Activity

Answer: A

Question No: 5

Which designation should an administrator assign to the computer configured to find unmanaged devices?

A. Discovery Broker

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

B. Discovery Agent

C. Discovery Manager

D. Discovery Device

Answer: B

Question No: 6

Which file should an administrator create, resulting Group Policy Object (GPO)?

A. Symantec__Agent_package_x64.zip

B. Symantec__Agent_package_x64.msi

C. Symantec__Agent_package__32-bit.msi

D. Symantec__Agent_package_x64.exe

Answer: C

Question No: 7

Which SEPM-generated element is required for an administrator to complete the enrollment of SEPM to the cloud console?

A. Token

B. SEPM password

C. Certificate key pair

D. SQL password www.VCEup.com

Answer: A

Question No: 8

Which two (2) steps should an administrator take to guard against re-occurring threats? (Select two)

A. Confirm that daily active and weekly full scans take place on all endpoints

B. Verify that all endpoints receive scheduled Live-Update content

C. Use Power Eraser to clean endpoint Windows registries

D. Add endpoints to a high security group and assign a restrictive Antimalware policy to the group

E. Quarantine affected endpoints

Answer: CE

Question No: 9

Which security threat uses malicious code to destroy evidence, break systems, or encrypt data?

A. Execution

B. Persistence

C. Impact

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

D. Discovery

Answer: A

Question No: 10

Which default role has the most limited permission in the Integrated Cyber Defense Manager?

A. Restricted Administrator

B. Limited Administrator

C. Server Administrator

D. Endpoint Console Domain Administrator

Answer: C

Question No: 11

What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

A. An email with a link to directly download the SES client

B. An email with a link to a KB article explaining how to install the SES Agent

C. An email with the SES_setup.zip file attached

D. An email with link to register on the ICDm user portal

Answer: D

Question No: 12 www.VCEup.com

What happens when an administrator blacklists a file?

A. The file is assigned to the Blacklist task list

B. The file is automatically quarantined

C. The file is assigned to a chosen Blacklist policy

D. The file is assigned to the default Blacklist policy

Answer: A

Question No: 13

Which two (2) skill areas are critical to the success of incident Response Teams (Select two)

A. Project Management

B. Incident Management

C. Cyber Intelligence

D. Incident Response

E. Threat Analysis

Answer: CD

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Question No: 14

Which two (2) Discovery and Deploy features could an administrator use to enroll MAC endpoints?

(Select two)

A. Push Enroll

B. A custom Installation package creator pact

C. A default Direct Installation package

D. Invite User

E. A custom Direct installation package

Answer: BE

Question No: 15

Which Firewall Stealth setting prevents OS fingerprinting by sending erroneous OS information back to the attacker?

A. Disable OS fingerprint profiling

B. Disable OS fingerprint detection

C. Enable OS fingerprint masqueradi

D. Enable OS fingerprint protection

Answer: C

Question No: 16 www.VCEup.com

Which communication method is utilized within SES to achieve real-time management?

A. Heartbeat

B. Standard polling

C. Push Notification

D. Long polling

Answer: C

Question No: 17

Which option should an administrator utilize to temporarily or permanently block a file?

A. Delete

B. Hide

C. Encrypt

D. Blacklist

Answer: D

Question No: 18

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Which report template includes a summary of risk distribution by devices, users, and groups?

A. Device Integrity

B. Threat Distribution

C. Comprehensive

D. Weekly

Answer: B

Question No: 19

What does SES's advanced search feature provide when an administrator searches for a specific term?

A. A search modifier dialog

B. A search wizard dialog

C. A suggested terms dialog

D. A search summary dialog

Answer: A

Question No: 20

In which phase of MITRE framework would attackers exploit faults in software to directly tamper with system memory?

A. Exfiltration

B. Discovery www.VCEup.com
C. Execution

D. Defense Evasion

Answer: D

Question No: 21

An administrator suspects that several computers have become part of a botnet. What should the administrator do to detect botnet activity on the network?

A. Enable the Command and Control Server Firewall

B. Add botnet related signatures to the IPS policy's Audit Signatures list

C. Enable the IPS policy's Show notification on the device setting

D. Set the Antimalware policy's Monitoring Level to 4

Answer: A

Question No: 22

Which Anti-malware technology should an administrator utilize to expose the malicious nature of a file created with a custom packet?

A. Sandbox

B. SONAR

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

C. Reputation

D. Emulator

Answer: A

Question No: 23

An endpoint is offline, and the administrator issues a scan command. What happens to the endpoint when it restarts, if it lacks connectivity?

A. The system is scanning when started.

B. The system downloads the content without scanning.

C. The system starts without scanning.

D. The system scans after the content update is downloaded.

Answer: B

Question No: 24

Which type of security threat is used by attackers to exploit vulnerable applications?

A. Lateral Movement

B. Privilege Escalation

C. Command and Control

D. Credential Access

Answer: B www.VCEup.com
Question No: 25

What is the primary issue pertaining to managing roaming users while utilizing an on-premise solution?

A. The endpoint is missing timely policy update

B. The endpoint is absent of the management console

C. The endpoint fails to receive content update

D. The endpoint is more exposed to threats

Answer: C

Question No: 26

What should an administrator know regarding the differences between a Domain and a Tenant in ICDm?

A. A tenant can contain multiple domains

B. A domain can contain multiple tenants

C. Each customer can have one domain and many tenant

D. Each customer can have one tenant and many domains

Answer: A

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Question No: 27

Which SES advanced feature detects malware by consulting a training model composed of known good and known bad fries?

A. Signatures

B. Advanced Machine Learning

C. Reputation

D. Artificial Intelligence

Answer: B

Question No: 28

Which Endpoint > Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

A. Discover Endpoints

B. Endpoint Enrollment

C. Discover and Deploy

D. Device Discovery

Answer: A

Question No: 29

www.VCEup.com
Which Security Control dashboard widget should an administrator utilize to access detailed areas for a given security control ?

A. Learn More

B. Quick Links

C. More Info

D. Latest Tasks

Answer: D

Question No: 30

What characterizes an emerging threat in comparison to traditional threat?

A. Emerging threats use new techniques and 0-day vulnerability to propagate.

B. Emerging threats requires artificial intelligence to be detected.

C. Emerging threats are undetectable by signature based engines.

D. Emerging threats are more sophisticated than traditional threats.

Answer: A

Question No: 31

What version number is assigned to a duplicated policy?

A. One

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

B. Zero

C. The original policy's number plus one

D. The original policy's version numb

Answer: C

Question No: 32

An administrator learns of a potentially malicious file and wants to proactively prevent the file from ever being executed.

What should the administrator do?

A. Add the file SHA1 to a blacklist policy

B. Increase the Antimalware policy Intensity to Level 5

C. Add the filename and SHA-256 hash to a Blacklist policy

D. Adjust the Antimalware policy age and prevalence settings

Answer: D

Question No: 33

Which report template out format should an administrator utilize to generate graphical reports?

A. XML

B. HTML

C. PFD www.VCEup.com
D. XML

Answer: B

Question No: 34

Which Antimalware technology is used after all local resources have been exhausted?

A. Sapient

B. ITCS

C. Emulator

D. Reputation

Answer: B

Question No: 35

An endpoint fails to retrieve content updates.

Which URL should an administrator test in a browser to determine if the issue is network related?

A. https://liveupdate.symantec,com/livetri.zi

B. http://update.symantec.com/livetri.zip

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

C. https://spocsymantec.com/livetri.zip

D. https://update.symantec.com/livetri.zip

Answer: C

Question No: 36

Which rule types should be at the bottom of the list when an administrator adds device control rules?

A. General "catch all" rules

B. General "brand defined" rules

C. Specific "device type" rules

D. Specific "device model" rules

Answer: D

Question No: 37

Which two (2) scan range options are available to an administrator for locating unmanaged endpoints? (Select two)

A. IP range within network

B. IP range within subnet

C. Entire Network

D. Entire Subnet

E. Subnet Range www.VCEup.com

Answer: AE

Question No: 38

Which two (2) options is an administrator able to use to prevent a file from being fasely detected

(Select two)

A. Assign the file a SHA-256 cryptographic hash

B. Add the file to a Whitelist policy

C. Reduce the Intensive Protection setting of the Antimalware policy

D. Register the file with Symantec's False Positive database

E. Rename the file

Answer: BD

Question No: 39

Which framework, open and available to any administrator, is utilized to categorize adversarial tactics and for each phase of a cyber attack?

A. MITRE RESPONSE

B. MITRE ATT&CK

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

C. MITRE ADV&NCE

D. MITRE ATTACK MATRIX

Answer: C

Question No: 40

Which statement best describes Artificial Intelligence?

A. A program that automates tasks with a static set of instructions

B. A program that can predict when a task should be performed

C. A program that is autonomous and needs training to perform a task

D. A program that learns from experience and perform autonomous tasks

Answer: A

Question No: 41

Which dashboard should an administrator access to view the current health of the environment?

A. The Antimalware Dashboard

B. The SES Dashboard

C. The Device Integrity Dashboard

D. The Security Control Dashboard

Answer: D www.VCEup.com
Question No: 42

A user downloads and opens a PDF file with Adobe Acrobat. Unknown to the user, a hidden script in the file begins downloading a RAT.

Which Anti-malware engine recognizes that this behavior is inconsistent with normal Acrobat functionality, blocks the behavior and kills Acrobat?

A. SONAR

B. Sapient

C. IPS

D. Emulator

Answer: B

Question No: 43

Which IPS Signature type is Primarily used to identify specific unwanted traffic?

A. Attack

B. Probe

C. Audit

D. Malcode

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Answer: A

Question No: 44

Which policy should an administrator edit to utilize the Symantec LiveUpdate server for pre-release content?

A. The Firewall Policy

B. The System Schedule Policy

C. The System Policy

D. The LiveUpdate Policy

Answer: D

Question No: 45

Which statement best defines Machine Learning?

A. A program that needs user input to perform a task.

B. A program that teams from observing other programs.

C. A program that learns from experience to optimize the output of a task.

D. A program that require data to perform a task.

Answer: B

Question No: 46
www.VCEup.com
An administrator selects the Discovered Items list in the ICDm to investigate a recent surge in suspicious file activity. What should an administrator do to display only high risk files?

A. Apply a list control

B. Apply a search rule

C. Apply a list filter

D. Apply a search modifier

Answer: B

Question No: 47

Which report template type should an administrator utilize to create a daily summary of network threats detected?

A. Network Risk Report

B. Blocked Threats Report

C. Intrusion Prevention Report

D. Access Violation Report

Answer: D

Question No: 48

Files are blocked by hash in the blacklist policy.

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Which algorithm is supported, in addition to MD5?

A. SHA256

B. SHA256 "salted"

C. MD5 "Salted"

D. SHA2

Answer: A

Question No: 49

What are two (2) benefits of a fully cloud managed endpoint protection solution? (Select two)

A. Increased content update frequency

B. Increased visibility

C. Reduced 3rd party licensing cost

D. Reduced database usage

E. Reduced network usage

Answer: CD

Question No: 50

www.VCEup.com
Which term or expression is utilized when adversaries leverage existing tools in the environment?

A. opportunistic attack

B. script kiddies

C. living off the land

D. file-less attack

Answer: B

Question No: 51

Which antimalware intensity level is defined by the following: "Blocks files that are most certainly bad or potentially bad files. Results in a comparable number of false positives and false negatives."

A. Level 5

B. Level 2

C. Level 1

D. Level 6

Answer: D

Question No: 52

An administrator needs to create a new Report Template that will be used to track firewall activity.

Which two (2) report template settings are optional? (Select 2)

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

A. Output format

B. Generation schedule

C. Email recipients

D. Time frame

E. Size restrictions

Answer: AC

Question No: 53

Which SES feature helps administrator apply policies based on specific endpoint profiles?

A. Device Groups

B. Device Profiles

C. Policy Bundles

D. Policy Groups

Answer: D

Question No: 54

Wh.ch Firewall rule components should an administrator configure to block facebook.com use during business hours?

A. Action, Hosts(s), and Schedule

B. Action, Application, and Schedule www.VCEup.com

C. Host(s), Network Interface, and Network Service

D. Application, Host(s), and Network Service

Answer: A

Question No: 55

The ICDm has generated a blacklist task due to malicious traffic detection. Which SES component was utilized to make that detection?

A. Antimalware

B. Reputation

C. Firewall

D. IPS

Answer: A

Question No: 56

Which file property does SES utilize to search the VirusTotal website for suspicious file information?

A. File reputation

B. File size

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

C. File name

D. File hash

Answer: C

Question No: 57

How long does a blacklist task remain in the My Tasks view after its automatic creation?

A. 180 Days

B. 30 Days

C. 60 Days

D. 90 Days

Answer: B

Question No: 58

Why would an administrator choose the Server-optimized installation option when creating an installation package?

A. To limit the Intrusion Prevention policy to use server-only signatures.

B. To add the Server-optimized Firewall policy

C. To add the SES client's Optimize Memory setting to the default server installation.

www.VCEup.com
D. To reduce the SES client's using resources that are required for other server-specific processes.

Answer: A

Question No: 59

In the ICDm, administrators are assisted by the My Task view. Which automation type creates the tasks within the console?

A. Artificial Intelligence

B. Machine Learning

C. Advanced Machine Learning

D. Administrator defined rules

Answer: A

Question No: 60

An administrator must create a custom role in ICDm.

Which area of the management console is able to have access restricted or granted?

A. Policy Management

B. Hybrid device management

C. Agent deployment

D. Custom Dashboard Creation

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Answer: C

Question No: 61

Which SES security control protects against threats that may occur in the Impact phase?

A. Device Control

B. IPS

C. Antimalware

D. Firewall

Answer: D

Question No: 62

What option must an administrator choose when rolling back a policy assignment to a previous version?

A. Customize

B. Reverse

C. Override

D. Go Back

Answer: C

Question No: 63
www.VCEup.com
After editing and saving a policy, an administrator is prompted with the option to apply the edited policy to any assigned device groups.

What happens to the new version of the policy if the administrator declines the option to apply it?

A. The policy display is returned to edit mode

B. The new version of the policy is deleted

C. An unassigned version of the policy is created

D. The new version of the policy is added to the "in progress" list

Answer: A

Question No: 64

Which technique randomizes the e memory address map with Memory Exploit Mitigation?

A. SEHOP

B. ROPHEAP

C. ASLR

D. ForceDEP

Answer: C

Question No: 65

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

Which Symantec component is required to enable two factor authentication with VIP on the Integrated Cyber Defense manager (ICDm)?

A. A physical token or a software token

B. A software token and a VIP server

C. A software token and an active directory account

D. A physical token or a secure USB key

Answer: B

Question No: 66

Which type of organization is likely to be targeted with emerging threats?

A. Small organization with externalized managed security

B. Large organizations with dedicated security teams

C. Large organization with high turnover

D. Small organization with little qualified staff

Answer: D

Question No: 67

Which device page should an administrator view to track the progress of an issued device command?

A. Command Status

B. Command History www.VCEup.com

C. Recent Activity

D. Activity Update

Answer: C

Question No: 68

What must an administrator check prior to enrolling an on-prem SEPM infrastructure into the cloud?

A. Clients are running SEP 14.2 or later

B. Clients are running SEP 14.1.0 or later

C. Clients are running SEP 12-6 or later

D. Clients are running SEP 14.0.1 or late

Answer: D

Question No: 69

What is the frequency of feature updates with SES and the Integrated Cyber Defense Manager (ICDm)

A. Monthly

B. Weekly

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com

C. Quarterly

D. Bi-monthly

Answer: B

Question No: 70

Which URL is responsible for notifying the SES agent that a policy change occurred in the cloud console?

A. spoc.norton.com

B. stnd-ipsg.crsi-symantec.com

C. ent-shasta.rrs-symantec.com

D. ocsp.digicert.com

Answer: D

www.VCEup.com

IT Certification Exams - Questions & Answers | VCEup.com VCEplus is partner of VCEup.com