Exam 5: Symantec Messaging Gateway 10.5 Technical Assessment (Broadcom)

In which two locations should an Incident Responder gather data for an After Actions Report in ATP? (Choose two.)

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode. What should the Incident Responder do to stop the traffic to the IRC channel?

You have a Storage Foundation 5.0 server named SrvA connected to SrvB, which is a cloned server of SrvA. SrvA is able to recognize the quick I/O (QIO) files. However, SrvB is unable to recognize the quick I/O files. You have ensured that the file systems are the same on both the servers. You want to ensure SrvB is able to recognize the quick I/O files. What should you do? (Select two. Each correct answer presents part of the solution.)

Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)

Which process should never be configured on external DNS servers? (Choose the best answer.)

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A file system encounters an error during VxVM operations. The error "VxVM vxio WARMINIG V-5-0-144 Double failure condition detected on RAID-5 volume" is displayed in the file system. How should you resolve this error?

Which incidents appear in the Network Incident List report when the Network Prevent Action filter is set to Modified?

A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information. Which underlying technology should the company use?

You need to create a new volume. The new volume will only use disks on controller 1. You want to execute the vxassist command with the ctlr:c1 storage attribute. You want to ensure that the command provides desired output. What should you ensure to meet the required goal?

Which Advanced Threat Protection (ATP) component best isolates an infected computer from the network?

Which two options are available when selecting an incident for deletion?  (Select two.)

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats. Which two objects in the STIX report will ATP search against? (Choose two.)

While encapsulating a disk, you discover that a volume is removed as a part of the existing configuration. You want to restore the data on the disk as it was before removal of the disk. As the first step, you recreate the volume using the vxdg make command. What should you do next?

Ten test agents are being deployed that use an uninstall password required to uninstall the DLP Agent. The agents deploy and install correctly. Upon testing to remove the Agent, the uninstall password fails to work. The deployment team used 'Symantec' for the UninstallPasswordKey. Why does the uninstall fail when using the same password?

What occurs when an endpoint fails its Host Integrity check and is unable to remediate?

You are working on a Storage Foundation 5.0 server named Srv1 that has a disk group named vol1. You install another Storage Foundation 5.0 server named Srv2. You want to successfully move the disk group from Srv1 to Srv2. To initiate the movement, you stop all volumes in the disk group, and deport and move all disks to Srv2. What should you do next?

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What must be populated to generate this report?

Which service setting determines whether the traffic is passed to the SSL proxy or the HTTP proxy when a browser is configured to use an explicit proxy connection to the ProxySG? (Choose the best answer.)

Which two (2) items are considered external dependencies? (Choose two.)