250-315 Exam Questions

A system administrator created a firewall policy that allows certain applications and blocks others. However, some applications are being blocked that should be allowed. Which log...

An administrator has defined a rule to allow traffic to and from a specific server by its Fully Qualified Domain Name (FQDN), because the server's IP address varies based on the of...

A company is running the Symantec Endpoint Protection 12.1 firewall with the default policy. At the bottom of the ruleset, there is a rule called "Block all other IP traffic and lo...

A company has a firewall policy with a rule that allows all applications on all ports. An administrator needs to modify the policy so that it allows Internet Explorer to communicat...

The Symantec Endpoint Protection 12.1 (SEP) client indicates that the Virus and Spyware Protection (AV) definitions are current, while the Intrusion Prevention System (IPS) signatu...

A company selected Opera 10 as its corporate browser. Drive-by downloads are occurring and SONAR intercepts the resulting scripts. How should the company proceed to minimize the oc...

Which Intrusion Prevention feature is updated automatically?

An administrator needs to exclude some servers from an Intrusion Prevention System (IPS) policy. When specifying an excluded host in an IPS policy, which two methods can be used? (...

An administrator needs to ensure that a specific network threat can be detected. The attack signatures for this threat may be found across multiple packets. What can the administra...

A company organizes its clients into two groups: the Symantec Endpoint Protection Manager (SEPM) group with all the SEPMs and a Desktops group with all other systems. An Applicatio...

An administrator needs to customize the Application and Device Control policy to exclude all USB devices except for a specific, company-issued USB thumb drive. Which function or pr...

Refer to the exhibit. A USB mouse is plugged in to a system that uses the device control displayed in the exhibit. What is the expected behavior?

Refer to the exhibit. A company is using a custom application that writes its application settings in the registry. An administrator plans to prevent users from modifying these val...

An administrator is testing a new Application and Device Control policy. One of the rule sets being tested blocks the notepad.exe application from running. After pushing the policy...

An administrator enabled the default application control rule "Block writing to USB Drives", but needs to modify it so that clients can write to a specific make and model of compan...

An administrator enables the "Learn applications that run on the client computers" setting for a group of clients. Later, when using the Search for Applications function, the admin...

A company creates free web access computers for use in public areas, such as airports. The software provided on the computers will be static and the systems must be secure. What sh...

What is a benefit of enabling Browser Intrusion Prevention?

Company A acquires Company B. Company B has 200 employees. Multiple firewall rules, based on collections of client addresses, are required to allow the new employees access to Comp...

Which two criteria can be used to determine hosts in a host group? (Select two.)

According to Symantec best practices, which two tasks should be completed after creating file fingerprint lists, but prior to enabling System Lockdown? (Select two.)

A company has deployed Symantec Endpoint Protection 12.1 in their corporate environment using a multi-site design. If an administrator makes policy changes in the United States sit...

In a management server list, Symantec Endpoint Protection Manager (SEPM) A is added to Priority 1, and SEPM B is added to Priority 2. This setup will provide which service?

Which two configuration elements are needed in order to add a replication partner? (Select two.)

Which two are optional when replicating between Symantec Endpoint Protection Managers? (Select two.)

What is the default replication frequency when adding an additional site to a Symantec Endpoint Protection 12.1 deployment?

Which step must be completed to set up two sites to replicate?

Which authentication method must be used to provide the ability to rese t forgotten passwords?

An employee is taking leave for four months and the employee's workstation will be powered off and locked in an office. Why does the workstation disappear from the Symantec Endpoin...

How frequently does Symantec recommend that a Symantec Endpoint Protection Manager site check LiveUpdate for content updates?

Where are directory servers added before importing Organizational Units (OU) or adding administrators to the Symantec Endpoint Protection Manager?

A company is setting up a new environment with three Symantec Endpoint Protection Managers (SEPM) and wants to set one SEPM to act as the primary reporting server. Where in the SEP...

A company suffered a catastrophic hardware failure on the Symantec Endpoint Protection Manager (SEPM) which was using a remote Microsoft SQL Server. The administrator has all requi...

An administrator is in the process of recovering from a disaster and needs the keystore password to update the certificate on the Symantec Endpoint Protection Manager (SEPM). From...

An administrator notices that the Symantec Endpoint Protection Manager (SEPM) embedded database is growing large and is taking longer to back up than desired. How can backup perfor...

A Microsoft SQL Server containing a Symantec Endpoint Protection Manager (SEPM) database has encountered an unrecoverable hard drive failure. An administrator has rebuilt the Micro...

Which operation can be performed using the Database Back Up and Restore utility found in the Windows Start menu?

A company suffered catastrophic hardware failure on the Symantec Endpoint Protection Manager (SEPM). The administrator restores the hardware and the operating system with the requi...

An administrator has installed Symantec Endpoint Protection 12.1 using an embedded database. Which two database maintenance tasks are available in the Symantec Endpoint Protection...

An administrator is restoring a Microsoft SQL Symantec Endpoint Protection 12.1 database and installing a new Symantec Endpoint Protection Manager (SEPM). After completing the rest...

How can an administrator proactively obtain information about unknown devices on a network?

A company is building a new Symantec Endpoint Protection Manager (SEPM) and building email notifications that will go to the security team. Which two notification conditions should...

An administrator needs to determine which versions of Symantec Endpoint Protection (SEP) are currently in the network. Which report provides this information?

Which notification action can be performed when a security-related condition is met?

An administrator needs to check when and by which account a policy was modified. Which log query should the administrator use?

Which Symantec Endpoint Protection Manager feature allows an administrator to view and modify commonly accessed reports?

Which two options can administrators customize on the Home page? (Select two.)

Refer to the exhibit. An administrator has configured the Symantec Endpoint Protection Manager (SEPM) to use Active Directory authentication. The administrator defines a new Symant...

What are two default access rights for various types of Symantec Endpoint Protection Manager Administrator accounts? (Select two.)

What are two responsibilities associated with the Limited Administrator account type in Symantec Endpoint Protection Manager? (Select two.)