Free Symantec 250-441 Exam Dumps Questions & Answers

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

• A.  Create subnets or VLANs and configure the network devices to restrict traffic
• B.  Identify affected clients
• C.  Identify the threat and understand how it spreads
• D.  Close any open shares
• E.  Set executables on network drives as read only

What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)

• A.  Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.
• B.  Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
• C.  Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).
• D.  Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
• E.  Add a Quarantine firewall policy for non-compliant and non-remediated computers.

Which two user roles allow an Incident Responder to blacklist or whitelist files using the ATP manager?
(Choose two.)

• A.  Root
• B.  Controller
• C.  Incident Responder
• D.  User
• E.  Administrator

An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command.
How is it possible that the search returned results?

• A.  This is a database search; a command is NOT sent to SEPM for this type of search.
• B.  This is only an endpoint search.
• C.  The search runs and returns results in ATP and then displays them in SEPM.
• D.  The browser cached result from a previous search with the same criteria.

An Incident Responder wants to use a STIX file to run an indicate of components (IOC) search.
Which format must the administrator use for the file?

• A.  .xml
• B.  .mht
• C.  .html
• D.  .csv