EMT Practice Test

1. Question Content...


Question List

Question1: Which policy should an administrator edit to utilize the Symantec LiveUpdate server for pre-release content?

Question2: Which Endpoint > Setting should an administrator utilize to locate unmanaged endpoints on a network subnet?

Question3: A user downloads and opens a PDF file with Adobe Acrobat. Unknown to the user, a hidden script in the file begins downloading a RAT.
Which Anti-malware engine recognizes that this behavior is inconsistent with normal Acrobat functionality, blocks the behavior and kills Acrobat?

Question4: What version number is assigned to a duplicated policy?

Question5: What is the frequency of feature updates with SES and the Integrated Cyber Defense Manager (ICDm)

Question6: Which Symantec component is required to enable two factor authentication with VIP on the Integrated Cyber Defense manager (ICDm)?

Question7: Which Anti-malware technology should an administrator utilize to expose the malicious nature of a file created with a custom packet?

Question8: Which two (2) steps should an administrator take to guard against re-occurring threats? (Select two)

Question9: Which report template includes a summary of risk distribution by devices, users, and groups?

Question10: Which security control is complementary to IPS, providing a second layer of protection against network attacks?

Question11: The ICDm has generated a blacklist task due to malicious traffic detection. Which SES component was utilized to make that detection?

Question12: What characterizes an emerging threat in comparison to traditional threat?

Question13: An administrator must create a custom role in ICDm.
Which area of the management console is able to have access restricted or granted?

Question14: In which phase of MITRE framework would attackers exploit faults in software to directly tamper with system memory?

Question15: Which two (2) Discovery and Deploy features could an administrator use to enroll MAC endpoints? (Select two)

Question16: Which option should an administrator utilize to temporarily or permanently block a file?

Question17: Which alert rule category includes events that are generated about the cloud console?

Question18: An administrator learns of a potentially malicious file and wants to proactively prevent the file from ever being executed.
What should the administrator do?

Question19: What are the Exploit Mitigation security control's mitigation techniques designed to prevent?

Question20: Which file property does SES utilize to search the VirusTotal website for suspicious file information?

Question21: Which statement best defines Machine Learning?

Question22: Which default role has the most limited permission in the Integrated Cyber Defense Manager?

Question23: What are two (2) benefits of a fully cloud managed endpoint protection solution? (Select two)