Broadcom 250-428 Exam Questions Instant Access

Question 1

A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files on the list is allowed to execute.

What is the likely cause of the problem?

AThe application has been upgraded.

BThe Application and Device Control policy is in test mode.

CA file exception has been added to the Exceptions policy.

DThe Application and Device Control policy is allowing the file to execute.

Answer : A

Question 2

Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

ANetwork Adapters

BNetwork Services

CSubnet

DApplication Protocol

EDNS Domain

Answer : C, E

References: https://support.symantec.com/en_US/article.HOWTO81218.html

Question 3

A managed service provider (MSP) is managing Symantec Endpoint Protection for a number of independent companies. Each company has administrators who will log in from time to time to add new clients. Administrators must be prevented from seeing the existence of other companies in the console.

What should an administrator create for each independent company?

ADomain

BLocation

CGroup

DSite

Answer : A

Question 4

A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.

Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

ACreate an Allow All Firewall rule for the fingerprint of the file and place it at the bottom of the firewall rules above the blue line

BCreate an Allow firewall rule for the application and place it at the bottom of the firewall rules below the blue line

CCreate an Allow for the network adapter type used by the application and place it at the top of the firewall rules below the blue line.

DCreate an Allow Firewall rule for the application and place it at the top of the firewall rules above the blue line.

Answer : A

References: https://support.symantec.com/en_US/article.TECH104433.html

Question 5

An organization recently experienced a definition storm where clients downloaded full definition packages from the management server.

Where can the SEPM increase the amount of content revisions so that clients with older content can get delta updates?

AClick on Policies and select LiveUpdate. Edit the LiveUpdate Content policy.

BEdit the Site Properties and under the LiveUpdate tab, edit the amount of content revisions to keep.

CClick on Policies and select LiveUpdate. Edit the LiveUpdate Settings policy.

DEdit the Server Properties and under the LiveUpdate tab, edit the amount of content revisions to keep.

Answer : C

Question 6

An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to minimize the amount of traffic from content passing through the firewall.

Which source must the administrator avoid using?

AGroup Update Provider (GUP)

BLiveUpdate Administrator (LUA)

CSymantec Endpoint Protection Manager

DShared Insight Cache (SIC)

Answer : B

Question 7

What does SONAR use to reduce false positives?

AVirus and Spyware definitions

BExtended File Attributes (EFA) table

CFile Fingerprint list

DSymantec Insight

Answer : D

References: https://support.symantec.com/en_US/article.HOWTO80929.html

Broadcom Symantec Endpoint Protection 14 Technical Specialist 250-428 Exam Questions