EMT Practice Test

1. Question Content...


Question List

Question1: Performance on a SEPM is less than expected and generates intermittent errors. How could the system administrators be notified of performance issues?

Question2: What does SONAR use to reduce false positives?

Question3: Which of the following are considered entities in SES Complete?

Question4: Which communication method is utilized within SES to achieve real-time management?

Question5: Which two (2) scan range options are available to an administrator for locating unmanaged endpoints? (Select two)

Question6: What does a ranged query return or exclude?

Question7: Which technology can prevent an unknown executable from being downloaded through a browser session?

Question8: Which security control performs a cloud lookup on files downloaded during the Initial Access phase?

Question9: What account type must the AD Gateway Service Account be assigned to the AD Gateway device for AD Synchronization to function correctly?

Question10: Where in the Attack Chain does Threat Defense for Active Directory provide protection?

Question11: Why is it important for an Incident Responder to copy malicious files to the SEDR file store or create an image of the infected system during the Recovery phase?

Question12: When a SEPM is enrolled in ICDm, which policy can only be managed from the cloud?

Question13: If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?

Question14: An administrator decides to migrate an SES Complete hybrid environment to a fully cloud-managed one.
After cleaning up on-premise group structure and policies. What is the next recommended step for migration?

Question15: What type of policy provides a second layer of defense, after the Symantec firewall?

Question16: What happens when a device fails a Host Integrity check?

Question17: What does an Endpoint Activity Recorder (EAR) full dump consist of?

Question18: What is the function of Symantec Insight?

Question19: How should an administrator set up an alert to be notified when manual remediation is needed on an endpoint?

Question20: What EDR feature provides endpoint activity recorder data for a file hash?

Question21: What are the two (2) locations where an Incident Responder should gather data for an After Actions Report in SEDR? (Select two)

Question22: What feature is used to get a comprehensive picture of infected endpoint activity?

Question23: Which report template type should an administrator utilize to create a daily summary of network threats detected?

Question24: Which designation should an administrator assign to the computer configured to find unmanaged devices?

Question25: An administrator needs to identify infected computers that require a restart to finish remediation of a threat.
What steps in the SEPM should an administrator perform to identify and restart the systems?

Question26: Which Firewall rule components should an administrator configure to blockfacebook.comuse during business hours?

Question27: A company uses a remote administration tool that is detected as Hacktool.KeyLoggPro and quarantined by Symantec Endpoint Protection (SEP).
Which step can an administrator perform to continue using the remote administration tool without detection by SEP?

Question28: An organization has a virtualized environment that is utilized by a group of Developers for testing. What feature can this organization utilize to optimize performance when running scheduled scans?

Question29: What does a medium-priority incident indicate?

Question30: Which SES security control protects a user against data leakage if they encounter a man-in-the-middle attack?

Question31: What information is required to calculate storage requirements?

Question32: What Threat Defense for Active Directory feature disables a process's ability to spawn another process, overwrite a part of memory, run recon commands, or communicate to the network?

Question33: Using a hybrid environment, if a SEPM-managed endpoint cannot connect to the SEPM, how quickly can an administrator receive a security alert if the endpoint is using a public hot-spot?

Question34: An organization recently experienced an outbreak and is conducting a health check of the environment. What Protection Technology can the SEP team enable to control and monitor the behavior of applications?

Question35: Which SES advanced feature detects malware by consulting a training model composed of known good and known bad files?

Question36: What must be entered before downloading a file from ICDm?

Question37: An Application Control policy includes an Allowed list and a Blocked list. A user wants to use an application that is neither on the Allowed list nor on the Blocked list. What can the user do to gain access to the application?

Question38: Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?

Question39: What does the Endpoint Communication Channel (ECC) 2.0 allow Symantec EDR to directly connect to?

Question40: From which source can an administrator retrieve the SESC Network Integrity agent for a Windows 10 S mode endpoint?

Question41: Which action must a Symantec Endpoint Protection administrator take before creating custom Intrusion Prevention signatures?

Question42: Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console.
Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?

Question43: Which security threat stage seeks to gather valuable data and upload it to a compromised system?

Question44: How does an administrator view all devices impacted by a suspicious file?

Question45: What methods should an administrator utilize to restore communication on a client running SEP for Mac?

Question46: The Security Status on the console home page is failing to alert a Symantec Endpoint Protection (SEP) administrator when virus definitions are out of date.
How should the SEP administrator enable the Security Status alert?

Question47: Which term or expression is utilized when adversaries leverage existing tools in the environment?

Question48: Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

Question49: What is a feature of Cynic?

Question50: A user is unknowingly about to connect to a malicious website and download a known threat within a .rar file.
All Symantec Endpoint Protection technologies are installed on the client's system.
In which feature set order must the threat pass through to successfully infect the system?

Question51: Which of the following is a benefit of choosing a hybrid SES Complete architecture?

Question52: Which Incident View widget shows the parent-child relationship of related security events?

Question53: What is the timeout for the file deletion command in SEDR?

Question54: What does an end-user receive when an administrator utilizes the Invite User feature to distribute the SES client?

Question55: How would an administrator specify which remote consoles and servers have access to the management server?

Question56: What is the maximum number of endpoints a single SEDR Manager can support?

Question57: Which type of security threat continues to threaten endpoint security after a system reboot?

Question58: An organization runs a weekly backup using the Backup and Restore Wizard. This week, the process failed to complete due to low disk space.
How does the SEP Administrator change the SEPM backup file location?

Question59: Why is Active Directory a part of nearly every targeted attack?

Question60: An organization is considering a single site for their Symantec Endpoint Protection environment. What are two (2) reasons that the organization should consider? (Select two)

Question61: Which SEP feature is required for using the SEDR Isolate function?

Question62: An administrator notices that some entries list that the Risk was partially removed. The administrator needs to determine whether additional steps are necessary to remediate the threat.
Where in the Symantec Endpoint Protection Manager console can the administrator find additional information on the risk?

Question63: Which two (2) instances could cause Symantec Endpoint Protection to be unable to remediate a file? (Select two.)

Question64: The SES Intrusion Prevention System has blocked an intruder's attempt to establish an IRC connection inside the firewall. Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder's system from communicating with the network after the IPS detection?

Question65: What is the maximum number of SEPMs a single Management Platform is able to connect to?

Question66: An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

Question67: A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Question68: An administrator changes the Virus and Spyware Protection policy for a specific group that disables Auto- Protect. The administrator assigns the policy and the client systems apply the corresponding policy serial number. Upon visual inspection of a physical client system, the policy serial number is correct. However, Auto-Protect is still enabled on the client system.
Which action should the administrator take to ensure that the desired setting is in place for the client?

Question69: Which two (2) security controls are utilized by an administrator to mitigate threats associated with the Discovery phase? (Select two)

Question70: What SEP feature is leveraged when configuring custom IPS?

Question71: Which type of security threat is used by attackers to exploit vulnerable applications?

Question72: SES includes an advanced policy versioning system. When an administrator edits and saves the properties of an existing policy, a new version of the policy is created. What is the status of all previous versions of the policy?