Broadcom 250-580 Endpoint Security Complete - R2 Technical Specialist Exam Practice Test

Answer : B

When a user attempts to connect to a malicious website and download a known threat, the threat passes through SEP's Firewall, Intrusion Prevention System (IPS), and Download Insight in that order. This layered approach helps prevent threats at different stages of the attack chain.

Threat Path Through SEP Protection Features:

Firewall: Blocks or allows network connections based on policy, filtering initial traffic to potentially dangerous sites.

IPS: Monitors and blocks known patterns of malicious activity, such as suspicious URLs or network behavior, providing another layer of defense.

Download Insight: Analyzes file reputation and blocks known malicious files based on reputation data, which is especially effective for files within archives like .rar files.

Why This Order is Effective:

Each layer serves as a checkpoint: the Firewall controls network access, IPS scans for malicious traffic, and Download Insight assesses files for risk upon download, ensuring thorough protection.

Why Other Orders Are Incorrect:

Options with Download Insight or IPS preceding the Firewall do not match SEP's operational order of defense.

Answer : B

To ensure that users cannot inadvertently block a custom internal application, the Symantec Endpoint Protection (SEP) administrator should create an Allow Firewall rule for the application and place it at the bottom of the firewall rules, above the blue line.

Explanation of Firewall Rule Placement:

Placing the allow rule above the blue line ensures it remains prioritized in SEP's firewall policy, meaning that user-created rules cannot override it.

This setup guarantees that the internal application is allowed through the firewall without disruption, while users can still create other firewall rules without affecting this critical application.

Why Other Options Are Less Effective:

Placing the rule below the blue line (Option A) would allow user-created rules to override it.

Creating an Allow All rule (Option C) could inadvertently allow other unnecessary traffic, which is a security risk.

Setting a rule based on network adapter type (Option D) does not guarantee that it will cover all instances of the custom application.

Answer : C

A single Symantec Endpoint Detection and Response (SEDR) Manager can support up to 100,000 endpoints. This maximum capacity allows the SEDR Manager to handle endpoint data processing, monitoring, and response for large-scale environments.

Scalability and Management:

SEDR Manager is designed to manage endpoint security for extensive networks efficiently. Supporting up to 100,000 endpoints provides enterprises with a centralized solution for comprehensive threat detection and response.

Why Other Options Are Incorrect:

200,000 endpoints (Option A) exceeds the designed capacity.

25,000 and 50,000 endpoints (Options B and D) are below the actual maximum capacity for a single SEDR Manager.

Answer : D

For AD Synchronization to function correctly, the AD Gateway Service Account on the AD Gateway device must be assigned as a Domain User. This role provides sufficient permissions to read Active Directory information for synchronization without requiring elevated privileges.

Role of the Domain User Account:

Domain User permissions allow the service account to access and synchronize necessary AD data, ensuring that the integration functions without unnecessary security risks associated with higher-level permissions.

Why Other Account Types Are Not Suitable:

Local Standard and Local Administrator (Options A and B) do not have the required permissions for domain-wide AD access.

Domain Administrator (Option C) provides excessive permissions, which are not needed for basic synchronization and could introduce unnecessary security risks.

Answer : D

SONAR (Symantec Online Network for Advanced Response) checks the reputation of a process before convicting it. This reputation-based approach evaluates the trustworthiness of the process by referencing Symantec's database, which is compiled from millions of endpoints, allowing SONAR to make informed decisions about whether the process is likely benign or malicious.

Reputation Checking in SONAR:

Before taking action, SONAR uses reputation data to reduce the likelihood of false positives, which ensures that legitimate processes are not incorrectly flagged as threats.

This check provides an additional layer of accuracy to SONAR's behavioral analysis.

Why Other Options Are Incorrect:

Quarantining (Option A) and blocking behavior (Option B) occur after SONAR has convicted a process, not before.

Restarting the system (Option C) is not part of SONAR's process analysis workflow.

Answer : C

To view all devices impacted by a suspicious file, the administrator should go to the Discovered Items list, select the specific file, and then view the impacted devices from the Details page.

Steps to View Impacted Devices:

Navigate to the Discovered Items list within the management console.

Locate and select the suspicious file in question to open its Details page.

On the Details page, a list of devices associated with the file is displayed, providing insights into which endpoints are potentially impacted by the suspicious activity.

Why Other Options Are Less Suitable:

Options A and B do not provide the specific device list for a selected file.

Option D is incorrect as it implies selecting by device first rather than by suspicious file.

Answer : C

For Windows 10 in S mode, applications and agents like the Symantec Endpoint Security Complete (SESC) Network Integrity agent must be obtained from trusted sources, specifically the Microsoft Store. Windows 10 in S mode restricts installations to apps from the Microsoft Store to enhance security, thus requiring the SESC agent to be distributed through this channel.

Why the Microsoft Store:

Windows 10 in S mode is designed to only allow apps verified by Microsoft to ensure a controlled and secure environment.

By providing the Network Integrity agent through the Microsoft Store, Symantec ensures that it complies with S mode's security restrictions.

Why Other Options Are Not Suitable:

SESC Installation files (Option A), MDM distribution (Option B), and ICDm package (Option D) do not comply with Windows 10 S mode requirements.