Symantec 250-438 Free Practice Questions

NEW QUESTION 1
Refer to the exhibit. Which type of Endpoint response rule is shown?

• A. Endpoint Prevent: User Notification
• B. Endpoint Prevent: Block
• C. Endpoint Prevent: Notify
• D. Endpoint Prevent: User Cancel

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v27595430_v120691346/Configuring-the-Endpoint-Prevent:-Block-action?locale=EN_US

NEW QUESTION 2
Which two technologies should an organization utilize for integration with the Network Prevent products? (choose two.)

• A. Network Tap
• B. Network Firewall
• C. Proxy Server
• D. Mail Transfer Agent
• E. Encryption Appliance

Answer: CD

Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent

NEW QUESTION 3
Which option correctly describes the two-tier installation type for Symantec DLP?

• A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
• B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
• C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
• D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers

NEW QUESTION 4
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

• A. Apply a new global agent uninstall password in the Enforce management console.
• B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.
• C. Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server
• D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Answer: D

NEW QUESTION 5
A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers. What should the administrator do to make the Network Discover option available?

• A. Restart the Symantec DLP Controller service
• B. Apply a new software license file from the Enforce console
• C. Install a new Network Discover detection server
• D. Restart the Vontu Monitor Service

Answer: C

NEW QUESTION 6
Which option is an accurate use case for Information Centric Encryption (ICE)?

• A. The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.
• B. The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.
• C. The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.
• D. The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/ICE1.0/ICE/v126756321_v120576779/Using-ICE-with-Symantec-Data-Loss-Preventionabout_dlp?locale=EN_US

NEW QUESTION 7
An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.
Which detection method should the organization use to meet this requirement?

• A. Exact Data Matching (EDM)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Vector Machine Learning (VML)

Answer: D

NEW QUESTION 8
What detection server is used for Network Discover, Network Protect, and Cloud Storage?

• A. Network Protect Storage Discover
• B. Network Discover/Cloud Storage Discover
• C. Network Prevent/Cloud Detection Service
• D. Network Protect/Cloud Detection Service

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-Network-Discover-Cloud-Storage-Discover-Server-configuration?locale=EN_US

NEW QUESTION 9
A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information.
What detection method should the company use?

• A. Indexed Document Matching (IDM)
• B. Vector Machine Learning (VML)
• C. Exact Data Matching (EDM)
• D. Described Content Matching (DCM)

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.5/DLP/v40148006_v128674454/About-Data-Owner-Exception?locale=EN_US

NEW QUESTION 10
What detection technology supports partial contents matching?

• A. Indexed Document Matching (IDM)
• B. Described Content Matching (DCM)
• C. Exact Data Matching (EDM)
• D. Optical Character Recognition (OCR)

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US

NEW QUESTION 11
Which service encrypts the message when using a Modify SMTP Message response rule?

• A. Network Monitor server
• B. SMTP Prevent
• C. Enforce server
• D. Encryption Gateway

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent

NEW QUESTION 12
Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

• A. The OCR engine must be installed on detection server other than the Enforce server.
• B. The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.
• C. The OCR engine must be directly on the Enforce server.
• D. The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122760174_v120691346/Setting-up-OCR-Servers?locale=EN_US

NEW QUESTION 13
An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.” How should the administrator log in to the Enforce console with the “sysadmin” role?

• A. sysadminusername
• B. sysadminusername@domain
• C. domainusername
• D. usernamesysadmin

Answer: C

NEW QUESTION 14
Where should an administrator set the debug levels for an Endpoint Agent?

• A. Setting the log level within the Agent List
• B. Advanced configuration within the Agent settings
• C. Setting the log level within the Agent Overview
• D. Advanced server settings within the Endpoint server

Answer: C

Explanation:
Reference: https://support.symantec.com/en_US/article.TECH248581.html

NEW QUESTION 15
What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

• A. Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller
• B. Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller
• C. Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.
• D. Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v23042736_v125428396/Stopping-an-Enforce-Server-on-Windows?locale=EN_US

NEW QUESTION 16
Which two Network Discover/Cloud Storage targets apply Information Centric Encryption as policy response rules?

• A. Microsoft Exchange
• B. Windows File System
• C. SQL Databases
• D. Microsoft SharePoint
• E. Network File System (NFS)

Answer: AD

NEW QUESTION 17
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

• A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected.
• B. Modify the agent config.db to include the file
• C. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
• D. Modify the agent configuration and select the option “Retain Original Files”

Answer: A

NEW QUESTION 18
A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration. What is one possible reason that the agent fails to receive the new configuration?

• A. The new agent configuration was saved but not applied to any endpoint groups.
• B. The new agent configuration was copied and modified from the default agent configuration.
• C. The default agent configuration must be disabled before the new configuration can take effect.
• D. The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Answer: C

NEW QUESTION 19
What is required on the Enforce server to communicate with the Symantec DLP database?

• A. Port 8082 should be opened
• B. CryptoMasterKey.properties file
• C. Symbolic links to .dbf files
• D. SQL*Plus Client

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/articles/three-tier-installation-dlp-product

NEW QUESTION 20
Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

• A. Allow the content to be posted
• B. Remove the content through FlexResponse
• C. Block the content before posting
• D. Encrypt the content before posting
• E. Redirect the content to an alternative destination

Answer: AE

NEW QUESTION 21
A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate this report?

• A. Custom attributes
• B. Status attributes
• C. Sender attributes
• D. User attributes

Answer: A

NEW QUESTION 22
What detection technology supports partial row matching?

• A. Vector Machine Learning (VML)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Exact Data Matching (EDM)

Answer: D

Explanation:
Reference: https://www.slideshare.net/iftikhariqbal/technology-overview-symantec-data-loss-prevention-dlp

NEW QUESTION 23
What is the correct configuration for “BoxMonitor.Channels” that will allow the server to start as a Network Monitor server?

• A. Packet Capture, Span Port
• B. Packet Capture, Network Tap
• C. Packet Capture, Copy Rule
• D. Packet capture, Network Monitor

Answer: C

Explanation:
Reference: https://support.symantec.com/en_US/article.TECH218980.html

NEW QUESTION 24
Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)

• A. Exchange
• B. Jiveon
• C. File store
• D. SharePoint
• E. Confluence

Answer: CD

Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/information-centric-encryption-en.pdf

NEW QUESTION 25
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?

• A. There is insufficient disk space on the Network Monitor server.
• B. The Network Monitor server’s certificate is corrupt or missing.
• C. The Network Monitor server’s license file has expired.
• D. The Enforce and Network Monitor servers are running different versions of DLP.

Answer: D

NEW QUESTION 26
......