Broadcom 250-580 Endpoint Security Complete - R2 Technical Specialist Exam Practice Test
Page: 1 / 14 Total 150 questions
Want more questions? Get Premium Access. ()
Question 1
Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)
Answer : B, C
Symantec Endpoint Protection (SEP) may be unable to remediate a file in certain situations. Two primary reasons for this failure are:
The detected file is in use (Option B): When a file is actively being used by the system or an application, SEP cannot remediate or delete it until it is no longer in use. Active files are locked by the operating system, preventing modification.
Insufficient file permissions (Option C): SEP needs adequate permissions to access and modify files. If SEP does not have the necessary permissions for the detected file, it cannot perform remediation.
Why Other Options Are Incorrect:
Another scan in progress (Option A) does not directly prevent remediation.
File marked for deletion on restart (Option D) would typically allow SEP to complete the deletion upon reboot.
File with good reputation (Option E) is less likely to be flagged for remediation but would not prevent it if flagged.
Question 2
Which communication method is utilized within SES to achieve real-time management?
Answer : C
Push Notification is the communication method used within Symantec Endpoint Security (SES) to facilitate real-time management. This method enables:
Immediate Updates: SES can instantly push policy changes, updates, or commands to endpoints without waiting for a standard polling interval.
Efficient Response to Threats: Push notifications allow for faster reaction times to emerging threats, as instructions can be delivered to endpoints immediately.
Reduced Resource Usage: Unlike continuous polling, push notifications are triggered as needed, reducing network and system resource demands.
Push Notification is crucial for achieving real-time management in SES, providing timely responses and updates to enhance endpoint security.
Question 3
What tool can administrators use to create custom behavioral isolation policies based on collected application behavior data?
Answer : C
Administrators can use the Application Catalog in Symantec Endpoint Security to create custom behavioral isolation policies. This tool compiles data on application behavior, enabling administrators to define isolation policies that address specific behaviors observed within their environment. By leveraging the Application Catalog, administrators can tailor policies based on the behaviors of applications, enhancing the control and containment of potentially malicious activity.
Question 4
What information is required to calculate storage requirements?
Answer : B
Calculating storage requirements for Symantec Endpoint Security (SES) involves gathering specific information related to data retention and event storage needs. The required information includes:
Number of Endpoints: Determines the scale of data to be managed.
EAR Data per Endpoint per Day: Refers to the Endpoint Activity Recorder (EAR) data generated by each endpoint daily, affecting storage usage.
Number of Days to Retain: Indicates the data retention period, which impacts the total volume of stored data.
Number of Endpoint Dumps and Dump Size: These parameters define the size and number of memory dumps, which are essential for forensic analysis and troubleshooting.
This information allows accurate calculation of storage needs, ensuring adequate capacity for logs, dumps, and activity data.
Question 5
If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?
Answer : B
If an administrator has enabled the setting to manage policies from the cloud and needs to reverse this, they must follow these steps:
Unenroll the SEPM (Symantec Endpoint Protection Manager) from the cloud management (ICDm).
Disable the cloud policy management setting within the SEPM.
Re-enroll the SEPM back into the cloud if required.
This process ensures that policy control is reverted from cloud management to local management on the SEPM. By following these steps, administrators restore full local control over policies, disabling any cloud-based management settings previously in effect.
Question 6
What version number is assigned to a duplicated policy?
Answer : D
When a policy is duplicated in Symantec Endpoint Protection (SEP), the duplicated policy is assigned a version number of 'One'. This means that the new policy starts fresh with a version number of 1, separate from the original policy's version history. The SEP system uses this new version number to track any subsequent changes to the duplicated policy independently of the original.
Question 7
Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?
Answer : B
An Indicator of Compromise (IOC), such as irregularities in privileged user account activity, can signal that a privileged account may be compromised and used maliciously. This can involve deviations from typical login times, unusual commands or requests, or access to resources not typically utilized by the user. Monitoring such anomalies can help detect when an attacker has gained access to a privileged account and is attempting to establish control within the environment.
All Official Question Types