Exam 1: Administration of Symantec Endpoint Protection 14 (Broadcom)

An administrator makes a change in the Active Directory structure which has been imported into the Symantec Endpoint Protection Manager (SEPM). By default, when will the change automatically be reflected in the SEPM?

Which two actions can a user take during an in-progress scheduled scan? (Select two.)

A customer reports that users are able to download new files from the internet and execute those files on their own computers. What can be configured to prevent this?

Which protection engine should be enabled to drop malicious vulnerability scans against a client system?

An administrator configures the scan duration for a scheduled scan.  The scan fails to complete in the specified time period. When will the next scheduled scan occur on the computer?

A company needs to configure an Application and Device Control policy to block read/write access to all USB removable media on its Symantec Endpoint Protection (SEP) systems. Which tool should an administrator use to format the GUID and device IDs as required by SEP?

How does the Intrusion Prevention System add an additional layer of protection to Network Threat Protection?

Which tool should the administrator run before starting the Symantec Endpoint Protection Manager upgrade as a Symantec Best Practice?

An administrator selects the Backup files before attempting to repair the Remediations option in the Auto-Protect policies. Which two actions occur when a virus is detected? (Select two.)

Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

Which action does the Shared Insight Cache (SIC) server take when the whitelist reaches maximum capacity?

What are two supported Symantec Endpoint Protection Manager authentication types? (Select two.)

An administrator is reviewing an Infected Clients Report and notices that a client repeatedly shows the same malware detection. Although the client remediates the files, the infection continues to display in the logs. Which two functions should be enabled to automate enhanced remediation of a detected threat and its related side effects? (Select two.)

A company is running the Symantec Endpoint Protection 12.1 firewall with the default policy. At the bottom of the ruleset, there is a rule called "Block all other IP traffic and log" which will block all IP traffic. A financial application is being blocked by this rule. What should be changed to allow the application without sacrificing security?

Catastrophic hardware failure has occurred on a single Symantec Endpoint Protection Manager (SEPM) in an environment with two SEPMs. What is the quickest way an administrator can restore the environment to its original state?

Which ports on the company firewall must an administrator open to avoid problems when connecting to Symantec Public LiveUpdate servers?

In which two situations would Symantec Endpoint Protection 12.1 (SEP) generate a Left Alone action? (Select two.)

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen about the same time as the scheduled LiveUpdate. Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

Which exception type can be configured?

A Symantec Endpoint Protection (SEP) administrator is remotely deploying SEP clients, but the clients are failing to install on Windows XP. What are two possible reasons for preventing installation? (Select two.)