Symantec 250-438 - Administration of Symantec Data Loss Prevention 15 Exam

Page:    1 / 14   
Total 70 questions

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a ג€copy to USB deviceג€ operation?

  • A. Add a ג€Limit Incident Data Retentionג€ response rule with ג€Retain Original Messageג€ option selected.
  • B. Modify the agent config.db to include the file
  • C. Modify the ג€Endpoint_Retain_Files.intג€ setting in the Endpoint server configuration
  • D. Modify the agent configuration and select the option ג€Retain Original Filesג€


Answer : A

What is the correct configuration for ג€BoxMonitor.Channelsג€ that will allow the server to start as a Network Monitor server?

  • A. Packet Capture, Span Port
  • B. Packet Capture, Network Tap
  • C. Packet Capture, Copy Rule
  • D. Packet capture, Network Monitor


Answer : C

Reference:
https://support.symantec.com/en_US/article.TECH218980.html

Under the ג€System Overviewג€ in the Enforce management console, the status of a Network Monitor detection server is shown as ג€Running Selected.ג€ The Network
Monitor serverג€™s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?

  • A. There is insufficient disk space on the Network Monitor server.
  • B. The Network Monitor serverג€™s certificate is corrupt or missing.
  • C. The Network Monitor serverג€™s license file has expired.
  • D. The Enforce and Network Monitor servers are running different versions of DLP.


Answer : D

Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

  • A. Any customer-hosted private cloud
  • B. Amazon Web Services
  • C. AT&T
  • D. Verizon
  • E. Rackspace


Answer : BE

Reference:
https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/8000/DOC8244/en_US/
Symantec_DLP_15.0_Cloud_Prevent_O365.pdf?__gda__=1554430310_584ffada3918e15ced8b6483a2bfb6fb
(14)

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Ciscoג€™s role has the ג€User Reportingג€ privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?

  • A. Only DLP administrators are permitted to access and view data for high risk users.
  • B. The Enforce server has insufficient permissions for importing user attributes.
  • C. User attribute data must be configured separately from incident data attributes.
  • D. User attributes have been incorrectly mapped to Active Directory accounts.


Answer : D

Page:    1 / 14   
Total 70 questions