EMT Practice Test

1. Question Content...


Question List

Question1: An administrator is troubleshooting a Symantec Endpoint Protection (SEP) replication.
Which component log should the administrator check to determine whether the communication between the two sites is working correctly?

Question2: What happens when the license expires in Symantec Endpoint Protection 14 Enterprise Edition?

Question3: An administrator configures the scan duration for a scheduled scan. The scan fails to complete in the specified time period.
When will the next scheduled scan occur on the computer?

Question4: In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk?
Which two factors should the administrator consider? (Select two.)

Question5: Which option is a function of the Symantec Endpoint Protection client?

Question6: Which two considerations must an administrator make when enabling Application Learning in an environment? (Select two.)

Question7: An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the files, the infection continues to display in the logs.
Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)

Question8: Which two criteria can an administrator use to determine hosts in a host group? (Select two.)

Question9: Which two instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

Question10: Which task should an administrator perform to troubleshoot operation of the Symantec Endpoint Protection embedded database?

Question11: An administrator is designing a new single site Symantec Endpoint Protection environment. Due to perimeter firewall bandwidth restrictions, the design needs to minimize the amount of traffic from content passing through the firewall.
Which source must the administrator avoid using?

Question12: Which two settings does an administrator enable to use the Risk Tracer Feature in the Virus and Spyware Protection policy? (Select two.)

Question13: A company has a small number of systems in their Symantec Endpoint Protection Manager (SEPM) group with federal mandates that AntiVirus definitions undergo a two week testing period. After being loaded on the client, the tested virus definitions must remain unchanged on the client systems until the next set of virus definitions have completed testing. All other clients must remain operational on the most recent definition sets. An internal LiveUpdate Server has been considered as too expensive to be a solution for this company.
What should be modified on the SEPM to meet this mandate?

Question14: An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto- Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.
Which action should the administrator take to ensure that the desired setting is in place on the client?

Question15: An administrator is responsible for the Symantec Endpoint Protection architecture of a large, multi-national company with three regionalized data centers. The administrator needs to collect data from clients; however, the collected data must stay in the local regional data center. Communication between the regional data centers is allowed 20 hours a day.
How should the administrator architect this organization?

Question16: Which protection engine should an administrator enable in order to drop malicious vulnerability scans against a client system?

Question17: Which action can an administrator take to improve the Symantec Endpoint Protection Manager (SEPM) dashboard performance and report accuracy?

Question18: A company has 10,000 Symantec Endpoint Protection (SEP) clients deployed using two Symantec Endpoint Protection Managers (SEPMs).
Which configuration is recommended to ensure that each SEPM is able to effectively handle the communications load with the SEP clients?

Question19: Which feature reduces the impact of Auto-Protect on a virtual client guest operating system?

Question20: An administrator needs to increase the access speed for client files that are stored on a file server.
Which configuration should the administrator review to address the read speed from the server?

Question21: An administrator uses ClientSideClonePrepTool to clone systems and virtual machine deployment. What will the tool do when it is run on each system?

Question22: A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread evenly across two sites. The administrator needs to direct replication activity to SEPM3 server in Site 1 and SEPM4 in Site 2.
Which two actions should the administrator take to direct replication activity to SEPM3 and SEPM4?
(Select two.)

Question23: Which option is a characteristic of a Symantec Endpoint Protection (SEP) domain?

Question24: What does SONAR use to reduce false positives?

Question25: Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?

Question26: Which two options are available when configuring DNS change detections for SONAR? (Select two.)

Question27: The LiveUpdate Download Schedule is set to the default on the Symantec Endpoint Protection Manager (SEPM).
How many content revisions must the SEPM keep to ensure clients that check in to the SEPM every 10 days receive delta content packages instead of full content packages?

Question28: An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.
Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Question29: Which two are policy types within the Symantec Endpoint Protection Manager? (Select two.)

Question30: A Symantec Endpoint Protection administrator must block traffic from an attacking computer for a specific time period.
Where should the administrator adjust the time to block the attacking computer?

Question31: The security status on the console home page is failing to alert a Symantec Endpoint Protection (SEP) administrator when virus definitions are out of date.
How should the SEP administrator enable the Security Status alert?

Question32: In addition to performance improvements, which two benefits does Insight provide? (Select two)

Question33: A Symantec Endpoint Protection administrator is using System Lockdown in blacklist mode with a file fingerprint list. When testing a client, the administrator notices that at least one of the files is allowed to execute.
What is the likely cause of the problem?

Question34: A large-scale virus attack is occurring and a notification condition is configured to send an email whenever viruses infect five computers on the network. A Symantec Endpoint Protection administrator has set a one hour damper period for that notification condition.
How many notifications dos the administrator receive after 30 computers are infected in two hours?

Question35: An administrator is using the SylinkDrop tool to update a Symantec Endpoint Protection client install on a system. The client fails to migrate to the new Symantec Endpoint Protection Manager (SEPM), which is defined correctly in the Sylink.xml file that was exported from the SEPM.
Which settings must be provided with SylinkDrop to ensure the successful migration to a new Symantec Endpoint Protection environment with additional Group Level Security Settings?

Question36: Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade according to best practices?

Question37: Which settings can impact the Files trusted count?

Question38: A Symantec Endpoint Protection Manager (SEPM) administrator notices performance issues with the SEPM server. The Client tab becomes unresponsive in the SEPM console and .DAT files accumulate in the "agentinfo" folder.
Which tool should the administrator use to gather log files to submit to Symantec Technical Support?

Question39: What is a function of Symantec Insight?

Question40: A company receives a high number of reports from users that files being downloaded from internal web servers are blocked. The Symantec Endpoint Protection administrator verifies that the Automatically trust any file downloaded from an intranet website option is enabled.
Which configuration can cause Insight to block the files being downloaded from the internal web servers?

Question41: Which option is unavailable in the Symantec Endpoint Protection console to run a command on the group menu item?

Question42: A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Question43: Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

Question44: Where in the Symantec Endpoint Protection (SEP) management console will a SEP administrator find the option to allow all users to enable and disable the client firewall?

Question45: An administrator needs to add an Application Exception. When the administrator accesses the Application Exception dialog window, applications fail to appear.
What is the likely problem?

Question46: A company deploys Symantec Endpoint Protection client to its sales staff who travel across the country.
Which deployment method should the company use to notify its sales staff to install the client?

Question47: A company allows users to create firewall rules. During the course of business, users are accidentally adding rules that block a custom internal application.
Which steps should the Symantec Endpoint Protection administrator take to prevent users from blocking the custom application?

Question48: Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?

Question49: An administrator reports that the Home, Monitors, and Report pages are absent in the Symantec Endpoint Protection Management console when the administrator logs on.
Which action should the administrator perform to correct the problem?

Question50: Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs.
What is the quickest way an administrator can restore the environment to its original state?

Question51: How are Insight results stored?

Question52: Which two criteria should an administrator use when defining Location Awareness for the Symantec Endpoint Protection (SEP) client? (Select two.)