Exam 5: Symantec Messaging Gateway 10.5 Technical Assessment (Broadcom)

An Incident Responder wants to investigate whether msscrt.pdf resides on any systems. Which search query and type should the responder run?

An administrator is attempting to add a new detection server to the Enforce UI. However, the administrator only has the ability to add Network Monitor and Endpoint servers. The option to add a Discover server is missing. What does the administrator need to do to add an additional server type?

Which two file formats are available for Email Security.cloud reports? (Choose two.)

Which two (2) methods are recommended to solve Schannel congestion? (Choose two.)

When do Data Protection policies stop processing?

An organization recently deployed ATP and integrated it with the existing SEP environment. During an outbreak, the Incident Response team used ATP to isolate several infected endpoints. However, one of the endpoints could NOT be isolated. Which SEP protection technology is required in order to use the Isolate and Rejoin features in ATP?

You need to create a volume for the HR department. You need to mount a file system with a high demand for I/O throughput. You are aware that spanning the volume across multiple disks will increase the I/O performance. Which risk should you be aware of when spanning the volume across multiple disks?

What task, if completed, will likely fix many of the performance related issues an administrator may experience in an IT Management Suite implementation, when solving database performance related issues?

How can an administrator associate an asset with more than one owner?

Why should an administrator configure Symantec Validation & ID Protection (VIP) with ClientNet?

An administrator needs to quickly deploy Windows 7 to several new computers without pre-configured operating systems. The administrator decides to use an existing Ghost image since the necessary drivers have already been added to the DeployAnywhere database. The Network Boot Services configuration is set to respond only to known computers. How should the administrator proceed?

ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information. Which step should the Incident Response team incorporate into their plan of action?

Which automated response action can be performed for data loss incidents caused by confidential data found on Windows shares?

What should an incident responder select to remediate multiple incidents simultaneously?

An asset's Status value unexpectedly changes to Retired. What is the most likely IT Management Suite setting that would be the source of this status change, other than human error?

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

Which attribute is required when configuring the Symantec Endpoint Protection Manager (SEPM) Log Collector?

Which industry-standard type of policy, providing computer users with rules governing their actions on a company-owned computer, would Data Protection help enforce?

Which scanning technology is unable to provide individual customer reporting data within Email Security.cloud?

An information security officer has detected an unauthorized tool on desktops being used to transmit data with encrypted communications. Which Symantec Data Loss Prevention feature should the information security officer use to prevent this tool from accessing confidential data?