Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Symantec > Data Loss Prevention > 250-587

250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist Question and Answers

Question # 4

Which Network Prevent action has taken place when a Network incident snapshot indicates the message has been “Modified”?

A.

Modify content from the body of an email

B.

Add one or more SMTP headers to an email

C.

Obfuscate text in the body of an email

D.

Remove attachments from an email

Full Access
Question # 5

Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

A.

Exchange

B.

File System

C.

Lotus Notes

D.

SharePoint

Full Access
Question # 6

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

A.

The new agent configuration was saved but not applied to any endpoint groups.

B.

The new agent configuration was copied and modified from the default agent configuration.

C.

The default agent configuration must be disabled before the new configuration can take effect.

D.

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Full Access
Question # 7

Which two (2) detection technology options run ONLY on detection servers and NOT on endpoint agents? (Choose two.)

A.

Indexed Document Matching (IDM)

B.

Vector Machine Learning (VML)

C.

Described Content Matching (DCM)

D.

Exact Data Matching (EDM)

E.

Form Recognition

Full Access
Question # 8

Which tool must a DLP administrator run to certify the database prior to upgrading DLP?

A.

Enforce Migration Utility

B.

SymDiag

C.

Upgrade Readiness Tool

D.

Lob_Tablespace Reclamation Tool

Full Access
Question # 9

What is the correct order for data in motion when a customer has integrated their CloudSOC and DLP solutions?

A.

User > CloudSOC Gatelet > DLP Cloud Detection Service > Application

B.

User > Enforce > Application

C.

User > Enforce > CloudSOC > Application

D.

User > CloudSOC Gatelet > Enforce > Application

Full Access
Question # 10

Which two detection technology options run on the DLP agent? (Choose two.)

A.

Optical Character Recognition (OCR)

B.

Described Content Matching (DCM)

C.

Directory Group Matching (DGM)

D.

Form Recognition

E.

Indexed Document Matching (IDM)

Full Access
Question # 11

The Symantec Data Loss risk reduction approach has six stages.

Drag and drop the six correct risk reduction stages in the proper order of Occurrence column.

Full Access
Question # 12

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

A.

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.

Modify the agent config.db to include the file

C.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.

Modify the agent configuration and select the option “retain Original Files”

Full Access
Question # 13

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

A.

Network Discover

B.

Endpoint Prevent

C.

Network Prevent for Email

D.

Endpoint Discover

E.

Information Centric Analytics

Full Access
Question # 14

A customer needs to integrate information form DLP incidents into external Governance, Risk, and Compliance dashboards.

Which feature should a third-party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

A.

Incident Reporting and Update API

B.

Export incidents using the CSV format

C.

A web incident extraction report

D.

Incident Data Views

Full Access
Question # 15

Which option correctly describes the two-tier installation type for Symantec DLP?

A.

Install the Oracle database on one host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

C.

Install the Oracle database and a detection server on the same host, and install the Enforce server on a second host.

D.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Full Access
Question # 16

Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

A.

There is insufficient disk space on the Network Monitor server.

B.

The Network Monitor server’s certificate is corrupt or missing.

C.

The Network Monitor server’s license file has expired.

D.

The Enforce and Network Monitor servers are running different versions of DLP.

Full Access
Question # 17

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

A.

Block

B.

User Cancel

C.

Encrypt

D.

Notify

Full Access
Question # 18

A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.

How should the administrator bring the detection servers to a running state in the Enforce management console?

A.

Restart the Vontu Update Service on the Enforce server

B.

Ensure the Vontu Monitor Controller service is running in the Enforce server

C.

Delete all of the .BAD files in the Incidents folder on the Enforce server

D.

Restart the Vontu Monitor Service on all the affected detection servers

Full Access
Question # 19

Which two (2) actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

A.

Redirect the content to an alternative destination

B.

Block the content from being posted

C.

Encrypt the content before posting

D.

Remove the content through FlexResponse

E.

Allow the content to be posted

Full Access
Question # 20

When Symantec DLP is integrated with Microsoft Purview Information Protection (MPIP, also previously known as MIP), to which content types can the Mac DLP Agent apply MPIP labels (classification tags)?

A.

Microsoft Word, Excel, and PowerPoint files

B.

Microsoft Word, Excel, and PowerPoint files; and Adobe PDF files

C.

Microsoft Word, Excel, and PowerPoint files; and Microsoft Outlook emails

D.

Microsoft Word, Excel, and PowerPoint files; Microsoft Outlook emails; and Adobe PDF files

Full Access
Question # 21

Which option correctly describes the two-tier installation type for Symantec DLP?

A.

Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

C.

Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

D.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Full Access
Question # 22

Refer to the exhibit. Which type of Endpoint response rule is shown?

A.

Endpoint Prevent: User Notification

B.

Endpoint Prevent: Block

C.

Endpoint Prevent: Notify

D.

Endpoint Prevent: User Cancel

Full Access
Question # 23

A company needs to implement Data Owner Exception so that incidents when employees send or receive their own personal information.

What detection method should the company use?

A.

Indexed Document Matching (IDM)

B.

Vector Machine Learning (VML)

C.

Exact data matching (EDM)

D.

Described Content matching (DCM)

Full Access
Question # 24

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

A.

Smart response on the Incident page

B.

Automated Response on the Incident Snapshot page

C.

Smart response on an Incident List report

D.

Automated response on an Incident List report

Full Access
Question # 25

Which two detection servers are available as virtual appliances? (Choose two.)

A.

Network Monitor

B.

Network Prevent for Web

C.

Network Discover

D.

Network Prevent for Email

E.

Optical Character Recognition (OCR)

Full Access
Question # 26

Which detection method depends on “training sets”?

A.

Form Recognition

B.

Vector Machine Learning (VML)

C.

Index Document Matching (IDM)

D.

Exact Data Matching (IDM)

Full Access
Question # 27

What detection server is used for Network Discover, Network Protect, and Cloud Storage?

A.

Network Protect Storage Discover

B.

Network Discover/Cloud Storage Discover

C.

Network Prevent/Cloud Detection Service

D.

Network Protect/Cloud Detection Service

Full Access
Question # 28

Which detection server is available from Symantec as a hardware appliance?

A.

Network Prevent for Email

B.

Network Discover

C.

Network Monitor

D.

Network Prevent for Web

Full Access
Question # 29

Which two (2) detection technology options run on the DLP agent? (Choose two.)

A.

Indexed Document Matching (IDM)

B.

Directory Group Matching (DGM)

C.

Described Content Matching (DCM)

D.

Optical Character Recognition (OCR)

E.

Form Recognition

Full Access
Question # 30

Which statement accurately describes where Optical Character Recognition (OCR) On-Premises DLP Core components must be installed?

A.

The OCR engine must be installed directly on the Enforce server.

B.

The OCR engine must be installed on one or more detection servers.

C.

The OCR server software must by installed on one or more dedicated (non-detection) Windows servers.

D.

The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.

Full Access
Copyright myexamcollection.com. All Right Reserved.