Download Administration of Symantec Data Loss Prevention 15.250-438.Test4Prep.2019-04-26.29q.vcex
| Vendor: | Symantec |
| Exam Code: | 250-438 |
| Exam Name: | Administration of Symantec Data Loss Prevention 15 |
| Date: | Apr 26, 2019 |
| File Size: | 166 KB |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?
- Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.
- Modify the agent config.db to include the file
- Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
- Modify the agent configuration and select the option “retain Original Files”
Correct answer: A
Question 2
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
- There is insufficient disk space on the Network Monitor server.
- The Network Monitor server’s certificate is corrupt or missing.
- The Network Monitor server’s license file has expired.
- The Enforce and Network Monitor servers are running different versions of DLP.
Correct answer: D
Question 3
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
- Only DLP administrators are permitted to access and view data for high risk users.
- The Enforce server has insufficient permissions for importing user attributes.
- User attribute data must be configured separately from incident data attributed.
- User attributes have been incorrectly mapped to Active Directory accounts.
Correct answer: D
Question 4
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?
- Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
- Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
- Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.
- Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.
Correct answer: A
Explanation:
Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620185.html Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620185.html
Question 5
A software company wants to protect its source code, including new source code created between scheduled indexing runs.
Which detection method should the company use to meet this requirement?
- Exact Data Matching (EDM)
- Described Content Matching (DCM)
- Vector Machine Learning (VML)
- Indexed Document Matching (IDM)
Correct answer: D
Explanation:
Reference: https://help.symantec.com/cs/DLP15.0/DLP/v100774847_v120691346/Scheduling-remote-indexing?locale=EN_US Reference: https://help.symantec.com/cs/DLP15.0/DLP/v100774847_v120691346/Scheduling-remote-indexing?locale=EN_US
Question 6
What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)
- To specify Wi-Fi SSID names
- To specify an IP address or range
- To specify the endpoint server
- To specify domain names
- To specify network card status (ON/OFF)
Correct answer: BD
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v18349332_v125428396/Setting-the-endpoint-location?locale=EN_US Reference: https://help.symantec.com/cs/dlp15.1/DLP/v18349332_v125428396/Setting-the-endpoint-location?locale=EN_US
Question 7
Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)
- Exchange
- Jiveon
- File store
- SharePoint
- Confluence
Correct answer: CD
Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/information-centric-encryption-en.pdf Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/information-centric-encryption-en.pdf
Question 8
Which two detection technology options run on the DLP agent? (Choose two.)
- Optical Character Recognition (OCR)
- Described Content Matching (DCM)
- Directory Group Matching (DGM)
- Form Recognition
- Indexed Document Matching (IDM)
Correct answer: DE
Question 9
Which two components can perform a file system scan of a workstation? (Choose two.)
- Endpoint Server
- DLP Agent
- Network Prevent for Web Server
- Discover Server
- Enforce Server
Correct answer: BD
Question 10
What detection technology supports partial contents matching?
- Indexed Document Matching (IDM)
- Described Content Matching (DCM)
- Exact Data Matching (DCM)
- Optical Character Recognition (OCR)
Correct answer: A
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!