Multiple Choice
ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information. Which step should the Incident Response team incorporate into their plan of action?
A) Perform a healthcheck of ATP
B) Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C) Use ATP to isolate non-SEP protected computers to a remediation VLAN
D) Rejoin the endpoints back to the network after completing a final virus scan
Correct Answer:
Verified
Correct Answer:
Verified
Q387: You need to create a volume for
Q388: What task, if completed, will likely fix
Q389: How can an administrator associate an asset
Q390: Why should an administrator configure Symantec Validation
Q391: An administrator needs to quickly deploy Windows
Q393: Which automated response action can be performed
Q394: What should an incident responder select to
Q395: An asset's Status value unexpectedly changes to
Q396: Which two tasks should an Incident Responder
Q397: Which attribute is required when configuring the