An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.
What are two reasons the responder should analyze the information using Syslog? (Choose two.)
A. To access expanded historical data
B. To determine the best cleanup method
C. To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
D. To evaluate the data, including information from other systems
E. To have less raw data to analyze
正解:B,D
質問 2:
An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager.
Which two entity relationship examples should the responder look for and document from the Incident Graph?
(Choose two.)
A. A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.
B. A malicious file that was repeatedly downloaded by a Trojan or downloader that infected multiple endpoints.
C. An external website that was the source of many malicious files.
D. An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.
E. A network share is repeatedly accessed during and after an infection indicating a more targeted attack.
正解:B,C
質問 3:
Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?
A. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.
B. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment.
C. It ensures that the Incident is resolved, and the responder can determine the best remediation method.
D. It ensures that the Incident is resolved, and the responder can clean up the infection.
正解:B
質問 4:
Which two actions can an Incident Responder take in the Cynic portal? (Choose two.)
A. Submit hashes to Insight
B. Configure email reports on convictions
C. Configure a SIEM feed from the portal to the ATP environment
D. Query hashes
E. Submit false positive and false negative files
正解:A,D
質問 5:
Which SEP technologies are used by ATP to enforce the blacklisting of files?
A. SONAR and Bloodhound
B. Application and Device Control
C. Intrusion Prevention and Browser Intrusion Prevention
D. System Lockdown and Download Insight
正解:D
質問 6:
Which level of privilege corresponds to each ATP account type?
Match the correct account type to the corresponding privileges.
正解:
質問 7:
An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all connections are properly secured.
Which connections should the administrator secure with signed SSL certificates?
A. ATP and the Symantec Endpoint Protection Manager (SEPM)
Web access to the GUI
B. ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
ATP and Email Security.cloud
Web access to the GUI
C. ATP and the Symantec Endpoint Protection Manager (SEPM)
D. ATP and the Symantec Endpoint Protection Manager (SEPM)
ATP and SEP clients
Web access to the GUI
正解:C
矢泽** -
仕上げの模擬試験としてもご活用できますね。すごくいいです。250-441に合格できました。すごい。