Which action is available for use in both Smart Response and Automated Response rules?
A. Limit incident data retention
B. Modify SMTP message
C. Block email message
D. Log to a Syslog Server
正解:C
質問 2:
What detection technology supports partial row matching?
A. Indexed Document Matching (IDM)
B. described Content Matching (EDM)
C. Exact data Matching (EDM)
D. Vector Machine Learning (VML)
正解:C
質問 3:
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a "cope to USB device" operation?
A. Modify the agent configuration and select the option "retain Original Files"
B. Add a "Limit Incident Data Retention" response rule with "retain Original Message" option selected.
C. Modify the agent config.db to include the file
D. Modify the "Endpoint_Retain_Files.int" setting in the Endpoint server configuration
正解:B
質問 4:
How should a DLP administrator exclude a custom endpoint application named "custom_app.exe" from being monitoring by Application File Access Control?
A. Add "custom_app_.exe" as a filename exception to the Endpoint Prevent policy.
B. Add "custom_app.exe" Application Monitoring Configuration and de-select all its channel options.
C. Add "custom_app.exe" to the "Program Exclusion List" in the agent configuration settings.
D. Add "custom_app.exe" to the "Application Whitelist" on all Endpoint servers.
正解:D
質問 5:
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.
What is the first action an administrator should take to enable data transfers to the approved endpoint devices?
A. Disable and re-enable the Endpoint Prevent policy to activate the changes
B. Double-check that the correct device ID or class has been entered for each device
C. Edit the exception rule to ensure that the "Match On" option is set to "Attachments"
D. Verify Application File Access Control (AFAC) is configured to monitor the specific application
正解:C
質問 6:
When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans.
When does the DLP agent stop scanning?
A. When the agent sends a report within the "Scan Idle Timeout" period
B. When the agent sends a report immediately after the "Scan Idle Timeout" period
C. When the agent is unable to send a status report within the "Scan Idle Timeout" period
D. When the endpoint computer is rebooted and the agent is started
正解:C
質問 7:
Why is it important for an administrator to utilize the grid scan feature?
A. To distribute the scan workload across the cloud servers
B. To distribute the scan workload across multiple endpoint servers
C. To distribute the scan workload across multiple detection servers
D. To distribute the scan workload across multiple network discover servers
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
Sagara -
250-438資格は取得することができました。
よい参考書です。