Broadcom 250-580 Endpoint Security Complete - R2 Technical Specialist Exam Practice Test

Answer : C

The Host Integrity Policy in Symantec Endpoint Protection (SEP) is required for using the Isolate function in Symantec Endpoint Detection and Response (SEDR). Host Integrity enables administrators to enforce security compliance on endpoints and is essential for isolation functions, ensuring that non-compliant or compromised systems are restricted from communicating with the network.

How Host Integrity Policy Supports Isolation:

By enforcing Host Integrity, SEP can ensure that endpoints adhere to security requirements before they are allowed network access, and if they do not comply, they can be isolated.

This policy provides the framework that integrates with SEDR's isolate function for responsive threat containment.

Why Other Options Are Not Suitable:

Host Isolation Policy (Option A) is not an actual SEP feature.

Application Control (Option B) manages application behavior but is not tied to endpoint isolation.

Application Detection (Option D) identifies applications but does not handle isolation.

Answer : A

To improve access speed for client files stored on a file server, the administrator should Enable Network Cache within the client's Virus and Spyware Protection policy. This setting allows client machines to cache scanned files from the network, thus reducing redundant scans and increasing read speed from the server.

How Network Cache Enhances Read Speed:

When Network Cache is enabled, previously scanned files are cached, allowing subsequent access without re-scanning, which decreases latency and improves access speed.

Why Other Options Are Less Effective:

Adding the server to a trusted host group (Option B) does not directly impact file read speeds.

Creating a firewall allow rule (Option C) allows connectivity but does not affect the speed of file access.

Enabling download randomization (Option D) only staggers update downloads and does not relate to read speeds from a file server.

Answer : C

The Intrusion Prevention System (IPS) provides a second layer of defense after the Symantec firewall. While the firewall controls access and traffic flow at the network perimeter, IPS actively monitors and inspects incoming and outgoing traffic for signs of malicious activity, such as exploit attempts and suspicious network patterns.

How IPS Complements the Firewall:

The firewall acts as the first layer of defense, blocking unauthorized access based on rules and policies.

IPS then inspects allowed traffic in real-time, identifying and blocking attacks that may evade basic firewall rules, such as known exploits and abnormal network behaviors.

Why Other Options Are Less Effective:

Virus and Spyware (Option A) focuses on malware detection within files and programs, not network defense.

Host Integrity (Option B) is related to compliance, and System Lockdown (Option D) controls application execution but does not monitor network traffic.

Answer : B

Symantec Endpoint Detection and Response (EDR) provides an Endpoint activity recorder to monitor, log, and analyze behaviors on endpoints. This feature captures various endpoint activities such as process execution, file modifications, and network connections, which are essential for detecting and investigating potential security incidents.

Purpose of Endpoint Activity Recorder:

The endpoint activity recorder helps track specific actions and behaviors on endpoints, providing insights into potentially suspicious or malicious activity.

This data is valuable for incident response and for understanding how threats may have propagated across the network.

Why Other Options Are Not Suitable:

Virtual (Option A), Email (Option C), and Temporary (Option D) do not accurately represent the continuous and comprehensive nature of endpoint activity monitoring.

Answer : C

To minimize sudden IOPS impact on the ESXi server due to SEP endpoint communication, the administrator should increase the download randomization window. This configuration change helps spread out the timing of SEP updates across virtual machines, reducing the simultaneous I/O load on the server.

Effect of Download Randomization:

By increasing the randomization window, updates are downloaded at staggered intervals rather than all at once, lowering the burst IOPS demand.

This is especially beneficial in virtualized environments where multiple VMs are hosted on a single ESXi server, as it prevents performance degradation from high IOPS activity.

Why Other Options Are Less Effective:

Increasing Download Insight sensitivity (Option A) has no impact on IOPS.

Reducing the heartbeat interval (Option B) could increase communication frequency, potentially raising IOPS.

Reducing content revisions (Option D) affects storage size but does not control update IOPS.

Answer : B

To integrate Symantec Endpoint Detection and Response (SEDR) with Symantec Endpoint Protection (SEP) effectively, the recommended configuration order is ECC, Synapse, then Insight Proxy.

Order of Configuration:

ECC (Endpoint Communication Channel): This establishes the communication layer for SEDR and SEP integration, which is foundational for data exchange.

Synapse: This integration uses data from ECC to correlate threat intelligence and provide context to detected threats.

Insight Proxy: Configured last, Insight Proxy adds cloud-based file reputation lookups, enhancing detection capabilities with reputation scoring.

Why This Order is Effective:

Each component builds on the previous one, maximizing the value of integration by ensuring that foundational communication (ECC) is established before adding Synapse correlation and Insight Proxy reputation data.

Answer : B

For troubleshooting Symantec Endpoint Protection (SEP) replication, the administrator should check the Tomcat logs. Tomcat handles the SEP management console's web services, including replication communication between different SEP sites.

Role of Tomcat in SEP Replication:

Tomcat provides the HTTP/S services used for SEP Manager-to-Manager communication during replication. Checking these logs helps verify if there are issues in the web services layer that might prevent replication.

Why Other Logs Are Less Relevant:

Apache Web Server is not typically involved in SEP's internal replication.

SQL Server manages data storage but does not handle the replication communications directly.

Group Update Provider (GUP) is related to client content distribution, not site-to-site replication.