Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?
A. Insight
B. SONAR
C. Risk Tracer
D. Intrusion Prevention
What is the file scan workflow order when Shared Insight Cache and reputation are enabled?
A. Symantec Insight > Shared Insight Cache server > local client Insight cache
B. local client Insight cache > Shared Insight Cache server > Symantec Insight
C. Shared Insight Cache server > local client Insight cache > Symantec Insight
D. local client Insight cache > Symantec Insight > Shared Insight Cache server
Which policy should an administrator modify to enable Virtual Image Exception (VIE) functionality?
A. Host Integrity Policy
B. Virus and Spyware Protection Policy
C. Exceptions Policy
D. Application and Device Control Policy
Administrators at a company share a single terminal for configuring Symantec Endpoint Protection. The administrators want to ensure that each administrator using the console is forced to authenticate using their individual credentials. They are concerned that administrators may forget to log off the terminal, which would easily allow others to gain access to the Symantec Endpoint Protection Manager (SEPM) console. Which setting should the administrator disable to minimize the risk of non-authorized users logging into the SEPM console?
A. allow users to save credentials when logging on
B. delete clients that have not connected for specified time
C. lock account after the specified number of unsuccessful logon attempts
D. allow administrators to reset the passwords
A company is currently testing Symantec Endpoint Protection 12.1 on 100 clients. The company has decided to deploy SEP to an additional 20,000 clients. They are concerned about the number of clients supported on a single Symantec Endpoint Protection Manager (SEPM). What should the company do to ensure that the SEPM can support the clients?
A. Configure the clients for Pull mode.
B. Decrease the heartbeat interval.
C. Switch to HTTPS for client communications.
D. Switch to IIS as the web server.
Refer to the exhibit.
What does the symbol to the left of the system name, SEPMGR12, indicate?
A. The firewall is enabled.
B. The Symantec Endpoint Protection Manager is running.
C. The system is online.
D. The Unmanaged Detector is enabled.
Which protection technology assists in protecting documents in real-time when accessed or modified?
A. SONAR
B. Reputation Scans
C. Auto-Protect
D. Scheduled Scans
A computer is configured in Mixed Control mode. The administrator creates and applies a Firewall policy to the computer that has a rule that allows FTP traffic above the blue line and another rule that blocks LDAP traffic below the blue line. On the computer, local rules are created to allow LDAP traffic and block FTP traffic. Which traffic flow behavior should be expected on the local computer?
A. Both FTP and LDAP traffic are allowed.
B. Both FTP and LDAP traffic are blocked.
C. FTP is blocked and LDAP is allowed.
D. FTP is allowed and LDAP is blocked.
Refer to the exhibit.
A USB mouse is plugged in to a system that uses the device control displayed in the exhibit. What is the expected behavior?
A. The mouse is blocked until the user adds the device as a local client exception.
B. The mouse is blocked until an administrator adds the device to the exception policy.
C. The mouse will work as normal because the Human Interface Device exclusion takes precedence.
D. The mouse will work as normal because Mouse devices are missing from Blocked Devices.
An administrator is in the process of recovering from a disaster and needs the keystore password to update the certificate on the Symantec Endpoint Protection Manager (SEPM). From which two locations can the administrator obtain this information? (Select two.)
A. SEPM replication partners
B. original installation log
C. disaster recovery file
D. settings.properties file
E. Sylink.xml file from the SEPM
