250-438 Exam Questions

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans. When does the DLP agent stop scanning?

A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should be compliance officer generate to obtain the co...

A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstal...

A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out o...

Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

Which action is available for use in both Smart Response and Automated Response rules?

Which detection server is available from Symantec as a hardware appliance?

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization. Which detection method should the organization use to m...

Which two detection technology options ONLY run on a detection server? (Choose two.)

A DLP administrator needs to remove an agent its associated events from an Endpoint server. Which Agent Task should the administrator perform to disable the agent's visibility in t...

A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information. What detection method should the comp...

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Why is it important for an administrator to utilize the grid scan feature?

Which two Network Discover/Cloud Storage targets apply Information Centric Encryption as policy response rules?

What detection technology supports partial row matching?

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as "unknown". The Vontu services are up and runn...

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration. What is one possible reason that t...

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team. Which SQL *Plus command should t...

How do Cloud Detection Service and the Enforce server communicate with each other?

Which service encrypts the message when using a Modify SMTP Message response rule?

Where should an administrator set the debug levels for an Endpoint Agent?

Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

Where in the Enforce management console can a DLP administrator change the "UI.NO_SCAN.int" setting to disable the "Inspecting data" pop-up?

What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a "copy to USB device" operation?

What is the correct configuration for "BoxMonitor.Channels" that will allow the server to start as a Network Monitor server?

Under the "System Overview" in the Enforce management console, the status of a Network Monitor detection server is shown as "Running Selected." The Network Monitor server's event l...

Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer...

How should a DLP administrator exclude a custom endpoint application named "custom_app.exe" from being monitoring by Application File Access Control?

A software company wants to protect its source code, including new source code created between scheduled indexing runs. Which detection method should the company use to meet this r...

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

A Data Loss Prevention administrator notices that several errors occurred during a Network Discover scan. Which report can the administrator use to determine exactly which errors o...

What must a policy manager do when working with Exact Data Matching (EDM) indexes?

What detection server type requires a minimum of two physical network interface cards?

Refer to the exhibit. Which type of Endpoint response rule is shown?

Why would an administrator set the Similarity Threshold to zero when testing and tuning a Vector Machine Learning (VML) profile?

Which Network Prevent action takes place when the Network Incident list shows the message is "Modified"?

Which two technologies should an organization utilize for integration with the Network Prevent products? (choose two.)

A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards. Which feature should a third party component integrate with t...

Which two policy management actions can result in a reduced number of incidents for a given traffic flow? (Select two.)

What is a feature of keyword proximity matching?

Which action should a DLP administrator take to secure communications between an on- premises Enforce server and detection servers hosted in the Cloud?

Which option correctly describes the two-tier installation type for Symantec DLP?

Which two detection technology options run on the DLP agent? (Choose two.)

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to t...

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

Which two components can perform a file system scan of a workstation? (Choose two.)

Which channel does Endpoint Prevent protect using Device Control?

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate...