Pre-Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Symantec
  3. Data Loss Prevention
  4. 250-587
  5. 250-587 - Symantec Data Loss Prevention 16.x Administration Technical Specialist

Symantec 250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist Exam Practice Test

Page: 1 / 10
Total 100 questions
Get 250-587 Full Access Download 250-587 PDF

Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

Question 1

Which two (2) actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.

Redirect the content to an alternative destination

B.

Block the content from being posted

C.

Encrypt the content before posting

D.

Remove the content through FlexResponse

E.

Allow the content to be posted

Question 2

Why is it important for an administrator to utilize the grid scan feature?

Options:

A.

To distribute the scan workload across multiple network discover servers

B.

To distribute the scan workload across the cloud servers

C.

To distribute the scan workload across multiple endpoint servers

D.

To distribute the scan workload across multiple detection servers

Question 3

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team.

Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

Options:

A.

select database version from < database name > ;

B.

select * from db$version;

C.

select * from v$version;

D.

select db$ver from < database name > ;

Question 4

What detection server type requires a minimum of two physical network interface cards?

Options:

A.

Network Prevent for Web

B.

Network Prevent for Email

C.

Network Monitor

D.

Cloud Detection Service (CDS)

Question 5

A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers.

What should the administrator do to make the Network Discover option available?

Options:

A.

Restart the Symantec DLP Controller service

B.

Apply a new software license file from the Enforce console

C.

Install a new Network Discover detection server

D.

Restart the Vontu Monitor Service

Question 6

What detection method utilizes Data Identifiers?

Options:

A.

Indexed Document matching (IDM)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Exact Data Matching (EDM)

Question 7

Which two Network Discover/Cloud Storage targets apply Information Centric Encryption as policy response rules?

Options:

A.

Microsoft Exchange

B.

Windows File System

C.

SQL Databases

D.

Microsoft SharePoint

E.

Network File System (NFS)

Question 8

What is the correct installation sequence for the components shown here, according to the Symantec Installation Guide?

Place the options in the correct installation sequence.

Question # 8

Options:

Question 9

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.

Which detection method should the organization use to meet this requirement?

Options:

A.

Exact data Matching (EDM)

B.

Indexed Document matching (IDM)

C.

Described Content Matching (DCM)

D.

Vector Machine Learning (VML)

Question 10

How should a DLP administrator change a policy that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

Options:

A.

Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected

B.

Modify the agent configuration and select the option “Retain Original Files”

C.

Modify the agent config.db to include the file

D.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

Question 11

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

Options:

A.

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.

Modify the agent config.db to include the file

C.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.

Modify the agent configuration and select the option “retain Original Files”

Question 12

Which option is an accurate use case for Information Centric Encryption (ICE)?

Options:

A.

The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.

B.

The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.

C.

The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.

D.

The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Question 13

Which tool must a DLP administrator run to certify the database prior to upgrading DLP?

Options:

A.

Lob_Tablespace Reclamation Tool

B.

Upgrade Readiness Tool

C.

SymDiag

D.

EnforceMigrationUtility

Question 14

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

Options:

A.

Custom attributes

B.

Status attributes

C.

Sender attributes

D.

User attributes

Question 15

Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.

Allow the content to be posted

B.

Remove the content through FlexResponse

C.

Block the content before posting

D.

Encrypt the content before posting

E.

Redirect the content to an alternative destination

Question 16

What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

Options:

A.

To specify Wi-Fi SSID names

B.

To specify an IP address or range

C.

To specify the endpoint server

D.

To specify domain names

E.

To specify network card status (ON/OFF)

Question 17

Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

Options:

A.

Endpoint Discover: Quarantine File

B.

All: Send Email Notification

C.

Endpoint Prevent: User Cancel

D.

Endpoint Prevent: Block

E.

Network Protect: Quarantine File

Question 18

A customer needs to integrate information form DLP incidents into external Governance, Risk, and Compliance dashboards.

Which feature should a third-party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

Options:

A.

Incident Reporting and Update API

B.

Export incidents using the CSV format

C.

A web incident extraction report

D.

Incident Data Views

Question 19

What is the correct order for data in motion when a customer has integrated their CloudSOC and DLP solutions?

Options:

A.

User > CloudSOC Gatelet > DLP Cloud Detection Service > Application

B.

User > Enforce > Application

C.

User > Enforce > CloudSOC > Application

D.

User > CloudSOC Gatelet > Enforce > Application

Question 20

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

Options:

A.

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.

Double-check that the correct device ID or class has been entered for each device

C.

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Question 21

A company needs to secure the content of all mergers and Acquisitions Agreements/ However, the standard text included in all company literature needs to be excluded.

How should the company ensure that this standard text is excluded from detection?

Options:

A.

Create a Whitelisted.txt file after creating the Vector Machine Learning (VML) profile.

B.

Create a Whitelisted.txt file after creating the Exact Data Matching (EDM) profile

C.

Create a Whitelisted.txt file before creating the Indexed Document Matching (IDM) profile

D.

Create a Whitelisted.txt file before creating the Exact Data Matching (EDM) profile

Question 22

Which two (2) detection servers are available as virtual appliances? (Choose two.)

Options:

A.

Network Prevent for Email

B.

Network Monitor

C.

Network Discover

D.

Network Prevent for Web

E.

Optical Character Recognition (OCR)

Question 23

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display.

What are the processes missing from the Server Detail page display?

Options:

A.

The detection server Display Control Process option is disabled on the Server Detail page.

B.

The Display Process Control setting on the Advanced Settings page is disabled.

C.

The detection server PacketCapture process is displayed on the Server Overview page.

D.

The Advanced Process Control setting on the System Settings page is deselected.

Question 24

Where should an administrator set the debug levels for an Endpoint Agent?

Options:

A.

Setting the log level within the Agent List

B.

Advanced configuration within the Agent settings

C.

Setting the log level within the Agent Overview

D.

Advanced server settings within the Endpoint server

Question 25

Which Network Prevent action has taken place when a Network incident snapshot indicates the message has been “Modified”?

Options:

A.

Modify content from the body of an email

B.

Add one or more SMTP headers to an email

C.

Obfuscate text in the body of an email

D.

Remove attachments from an email

Question 26

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

Options:

A.

Endpoint Prevent

B.

Cloud Service for Email

C.

Network Prevent for Email

D.

Network Discover

E.

Cloud Detection Service

Question 27

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

Options:

A.

Network Discover

B.

Endpoint Prevent

C.

Network Prevent for Email

D.

Endpoint Discover

E.

Information Centric Analytics

Question 28

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

Options:

A.

sysadmin\username

B.

sysadmin\username@domain

C.

domain\username

D.

username\sysadmin

Question 29

Which two (2) detection technology options run on the DLP agent? (Choose two.)

Options:

A.

Indexed Document Matching (IDM)

B.

Directory Group Matching (DGM)

C.

Described Content Matching (DCM)

D.

Optical Character Recognition (OCR)

E.

Form Recognition

Question 30

Which two detection servers are available as virtual appliances? (Choose two.)

Options:

A.

Network Monitor

B.

Network Prevent for Web

C.

Network Discover

D.

Network Prevent for Email

E.

Optical Character Recognition (OCR)

Load More 250-587 Questions 
Page: 1 / 10
Total 100 questions
Get 250-587 Full Access Download 250-587 PDF