Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Testkings.ST0-237.362 questions Number: ST0-237 Passing Score: 800 Time Limit: 120 min File Version: 6.8 http://www.gratisexam.com/ ST0-237 Symantec Data Loss Prevention 12 Technical Assessment Start your career with this assistance and you will never regret investing in its amazing study tools that are for you and your training in any kind of certification exam preparation. It offers easy understanding exam guide so that anyone can pass exam without any hesitation. This was good opportunity for me to grab exam certification with ease and for guide I did not have to go any further away it was just like that it was at my door step. Its magic did work on me as I passed exam with superb score. It has very mesmerizing patterned guidance. Its team has put a lot of knowledge and they have come up with all their experience in the field. I tried it and passed with graceful score and now it is your chance to do so. This is a wonderful exam guide for those who doesn't compromise with quality of knowledge. Save you time in buy and reading faulty guides just use this. Exam A QUESTION 1 You are turning on the quota on a file system for the first time. You want to ensure you are able to establish quota for a group of users named finance. What should you do? A. B. C. D. Create a file named quota and assign it to the finance group. Create a file named quota and place it in the root directory of the file system. Create a file named quota.grp and assign it to the group of users. Create a file named quota.grp that is owned by the root of the file system. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 2 How many free partitions do you need to encapsulate a boot disk? A. B. C. D. 1 2 3 4 Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 3 Which user store is essential for using the user risk summary feature? A. B. C. D. Tomcat Active Directory MySQL Samba Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 4 When you are mounting a file system, which mode sets the policy for handling I/O errors on mounted file system? A. B. C. D. disable ioerror cio minicache Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 5 In which two ways can the default listener port for a detection server be modified? (Select two.) A. B. C. D. E. through the Enforce user interface under System > Overview by editing the Communication.properties file on a detection server through the Enforce user interface under Manage > Policies by editing the MonitorController.properties file on a detection server by editing the model.notification.port file on a detection server Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 6 What is the correct traffic flow for the Symantec Data Loss Prevention for Mobile Prevent? http://www.gratisexam.com/ A. B. C. D. mobile device (iOS) > VPN > Mobile Prevent Server > Web proxy > Enforce Server > final destination mobile device (iOS) > VPN > Web proxy > Mobile Prevent Server > final destination mobile device (iOS) > VPN > Web proxy > Mobile Prevent Server > Enforce Server > final destination mobile device (iOS) > VPN > Mobile Prevent Server > Web proxy > final destination Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 7 Which detection server requires two physical network interface cards? A. B. C. D. Network Protect Network Discover Endpoint Discover Network Monitor Correct Answer: B Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 8 Which option describes the three-tier installation type for Symantec Data Loss Prevention? A. Install the database, the Enforce Server, and a detection server all on the same computer. B. Install the Oracle database and the Enforce Server on the same computer, then install detection servers on separate computers. C. Install the Oracle Client (SQL*Plus and Database Utilities) on three detection servers. D. Install the Oracle database, the Enforce Server, and a detection server on separate computers. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 9 Which interface provides single sign-on access for the purpose of administering Data Loss Prevention servers, managing policies, and remediating incidents? A. B. C. D. Symantec Information Manager Symantec Protection Center Symantec Data Insight Symantec Messaging Gateway Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 10 Which two operating systems are supported for Symantec Data Loss Prevention 12 servers? (Select two.) A. B. C. D. E. Windows 2003 Enterprise Edition 64-bit Red Hat Linux 5 Enterprise 64-bit Windows 2008 Server 32-bit Red Hat Linux 6 Enterprise 64-bit Windows 2008 R2 Enterprise Edition 64-bit Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 11 Which is the correct installation sequence? A. B. C. D. Enforce > Oracle > detection server > Solution pack Oracle > Enforce > Solution pack > detection server Oracle > Enforce > detection server > Solution pack Enforce > Oracle > Solution pack > detection server Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 12 A company needs to secure the content of all Mergers and Acquisitions Agreements. However, the standard text included in all company literature needs to be excluded. How should the company ensure that this standard text is excluded from detection? A. B. C. D. create a whitelisted.txt file after creating the Vector Machine Learning (VML) profile create a whitelisted.txt file before creating the Exact Data Matching (EDM) profile create a whitelisted.txt file after creating the Indexed Document Matching (IDM) profile create a whitelisted.txt file before creating the Indexed Document Matching (IDM) profile Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 13 A policy template called Customer Credit Card Numbers is being imported into the system. What is the default result for this action? A. B. C. D. the policy template will be listed under US Regulatory Enforcement Templates and be available the policy template will be enabled by default the policy template will be available after logging off and on to Enforce the policy template will be listed under Imported Templates Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 14 You are not able to find a physical device corresponding to the disk ID in the disk media record when one of the subdisks associated with the plex fails. You need to check the plex state to solve the problem. What will be the status of the plex in this situation? A. B. C. D. UNENABLED NODEVICE DISCONNECTED INACTIVE Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 15 A software company needs to protect its source code including new source code between indexing times. Which detection method should the company use to meet this requirement? A. B. C. D. Exact Data Matching (EDM) Described Content Matching (DCM) Indexed Document Matching (IDM) Vector Machine Learning (VML) Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 16 An organization needs to determine whether at least 50% of a sensitive document is being sent outside the organization. Which action should the company take to accomplish this? A. B. C. D. use a whitelisted.txt document use match on selected fields use match count use minimum document exposure Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 17 A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information. Which underlying technology should the company use? A. B. C. D. Vector Machine Learning (VML) Described Content Matching (DCM) Indexed Document Matching (IDM) Exact Data Matching (EDM) Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 18 An incident responder needs to change the status of an incident to 'Escalate and Notify'. Which two places in the user interface can this Smart Response rule be invoked? (Select two.) A. B. C. D. E. Policy page Incident List Incident Snapshot Incident Summary Response Rules page Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 19 Which action is available for use in Smart Response rules and Automated Response rules? A. B. C. D. modify SMTP message block email message limit incident data retention post log to a syslog server Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 20 Which response rule action will be ignored when using an Exact Data Matching (EDM) policy? A. B. C. D. Network Prevent: Remove HTTP/HTTPS Content All: Send Email Notification Network Protect: Copy File Endpoint Prevent: Notify Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 21 Which automated response action can be performed for data loss incidents caused by confidential data found on Windows shares? A. B. C. D. Block Message Quarantine File User Cancel Notify User Correct Answer: B Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 22 When deploying Network Monitor, an administrator needs to implement monitoring of port-based protocols. Which protocol is supported by Network Monitor? A. B. C. D. secure tunneling IP TCP UDP Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 23 Which two protocols are available by default and recognized by Network Monitor based on their individual signatures? (Select two.) A. B. C. D. E. FTP HTTPS IM: AIM SNMP IM: Google Talk Correct Answer: AC Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 24 Refer to the exhibit. An administrator needs to implement a Mobile Email Monitor solution to inspect corporate emails on mobile devices. Where should the administrator place the web proxy? A. 1 B. 2 C. 3 D. 4 Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 25 An administrator needs to deploy a Symantec Data Loss Prevention solution that will monitor network traffic. Which traffic type is excluded from inspection when using the default configuration? A. B. C. D. HTTP-get NNTP FTP-put HTTP-post Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 26 Which incidents appear in the Network Incident List report when the Network Prevent Action filter is set to Modified? A. incidents in which confidential content was removed from the body of an SMTP email B. incidents in which an SMTP email was changed to include one or more SMTP headers C. incidents in which digital rights were applied to SMTP email attachments containing confidential information D. incidents in which confidential attachments were removed from an SMTP email Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 27 Which server encrypts the message when using a Modify SMTP Message response rule? A. B. C. D. Encryption Gateway SMTP Prevent server Network Monitor server Enforce server Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 28 An administrator implements a policy to block confidential data from being posted to Facebook. The policy generates incidents but allows the content to be posted. Which action should the administrator take to resolve this issue? A. B. C. D. Turn off Trial mode Turn on default settings Enable Get Processing Enable ICAP.Allowhosts Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 29 A DLP administrator needs to have the Email Prevent Server return inspected emails to the same MTA from which it receives the message. In which mode should the Email Prevent server be configured? A. B. C. D. forward reflect mirror trial Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 30 The VxVM operation fails while importing a disk group and you get an error message "VxVM vxdg ERROR V-5-1-2907 diskgroup: Disk group does not exist" How will you solve this problem? A. B. C. D. Export a disk group from another host. Export a disk group from the current host and import the disk group to another host. If the disk group already exists on the exported host, import it to the current host. Restore the configuration for the disk group from the backup. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 31 Which valid automated response option should an administrator choose for Email Prevent? A. B. C. D. Modify the message subject or add specific RFC-2822 headers Add metadata to email headers of confidential email Modify the body of email messages containing confidential data Process confidential email re-routed to a specified email list Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 32 How should an administrator apply a policy to Network Discover scans? A. B. C. D. Assign the policy group to the scan target Choose the correct policy in the scan target Assign the policy to the Network Discover Server Choose the correct scan target in the policy destination Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 33 A DLP administrator needs to modify a Network Discover scan that has started. How should the administrator ignore files larger than 20 MB for the remaining shares? A. Pause the scan, edit the scan target filters to ignore files greater than 20 MB, resume the scan B. Modify the server settings for the Discover server running the scan, adjust the maxfilesize.level setting to greater than 20 MB, restart the Discover server C. Stop the Vontu Monitor Controller Service, go to Manage > Discover Scanning > Discover Targets, set a new filter, restart the service D. Create a new scan with updated file size filters and start the scan Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 34 Refer to the exhibit. An administrator needs to implement the use of a scanner, but is unfamiliar with the general, high-level process associated with scanners. Which action occurs in step 3? A. B. C. D. the scanner reviews and confirms configuration parameters the scanner connects to target and reads the content and metadata the scanner process is started by a user or scheduled event the scanner packages filtered content and posts the data to Discover server Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 35 A DLP administrator is attempting to use Encryption Insight to detect confidential information in encrypted files but has been unsuccessful. It is determined that the process was unable to retrieve the appropriate PGP key because the user key was using the incorrect encryption mode. What is the correct encryption mode that must be used by the user key? A. B. C. D. Client Key Mode Server Key Mode Client Server Key Mode Guarded Key Mode Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 36 While performing a VxVM operation, you discover that the disk group configuration has become corrupt. You want to check the changes in the VxVM configuration data and automatically record any configuration changes that occur. What would you do in this situation? A. B. C. D. Use the vxconfigd daemon to monitor changes to the VxVM configuration. Use the vxrelocd daemon to monitor monitors changes to the VxVM configuration. Use the vxconfigbackupd daemon to monitors changes to the VxVM configuration. Use vxdctl daemon to monitors changes to the VxVM configuration. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 37 A DLP administrator has determined that a Network Discover server is unable to scan a remote file server. Which action should the administrator take to successfully scan the remote file server? A. B. C. D. restart the discover scan verify that the target file server is a Windows 2008 server use the fully qualified name (FQDN) of the server verify that the file server has .NET services running Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 38 An administrator is applying a newly created agent configuration to an Endpoint server. Upon inspection, the new configuration is unassigned in the Endpoint Server Details. What is a possible cause for the new configuration failing to be assigned? A. B. C. D. the system default settings were saved to the new agent configuration the server that the new agent configuration was applied to needs to be recycled the new agent configuration was saved without applying it to the Endpoint server the new agent configuration was copied and modified from the default agent configuration Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 39 You have encapsulated the disk for swap partitions and created mirrors under the VxVM control. Which files in /etc get modified when the root disk is encapsulated? A. B. C. D. vfstab and file system vfstab and rootdisk mnttab and file system volboot and file system Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 40 You have a system that has two disks--disk01 and disk02, which are mapped into the system configuration during boot as disks c0t0d0s2 and c0t1d0s2, respectively. A failure has caused disk01 to become detached. What would you do to view the status of the failed disk01? A. B. C. D. Use the vxdg list command Use the vxdg s list command Use the vxprint command Use the vxdisk list command Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 41 What is the default limit to the number of subdisks that can be attached to a single plex? A. B. C. D. 1024 2048 4096 Unlimited Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 42 A DLP administrator is writing one policy to block sensitive data from being copied to removable media. The administrator is applying two response rules to the policy: 'Endpoint Prevent: Notify' and 'Endpoint Prevent: Block'. Why are some copies blocked while others are only notified? A. B. C. D. There are different conditions for the different response actions The monitor and ignore filters are defined incorrectly The DLP administrator needs to fine tune the throttling options The Directory Group Matching (DGM) profile has users in different groups Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 43 An incident response team has determined that multiple incidents are resulting from the same user action of copying sensitive data to USB devices. Which action should the incident response team take to fix this issue so only one incident per action is detected? A. B. C. D. Create separate policies for the different detection methods Combine multiple conditions into one compound rule Change which 'Endpoint Destinations' are monitored Change the monitor/ignore filters in the agent configuration Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 44 Which option should be used to optimize the performance of a network share Discover scan? A. B. C. D. Ensure that the target file system is defragmented regularly Use an incremental scan to only include previously unscanned items Configure credential prefetching to reduce delay in authentication Disable antivirus scanning for network shares on the detection server Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 45 What is the most efficient method for designing filters to remove unwanted traffic? A. B. C. D. policy-based exceptions IP-based filtering per protocol L7 filtering per protocol sampling per protocol Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 46 An administrator running a company's first Discover scan needs to minimize network load. The duration of the scan is unimportant. Which method should the administrator use to run the Discover scan? A. B. C. D. ignore smaller than ignore larger than throttling date last accessed Correct Answer: C Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 47 A network administrator needs to be notified if someone attempts to tamper with or shut down the VPN connection on an iPad or iPhone. Which product should the administrator use to configure the notification alert? A. B. C. D. Mobile Email Monitor Mobile Device Management Network Prevent Mobile Prevent Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 48 Which command attempts to find the name of the drive in the private region and to match it to a disk media record that is missing a disk access record? A. B. C. D. vxdisk vxdctl vxreattach vxrecover Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 49 What is the correct configuration for BoxMonitor.Channels that will allow the server to start as a Network Monitor server? A. B. C. D. Packet Capture, Span Port Packet Capture, Network Monitor Packet Capture, Network Tap Packet Capture, Copy Rule Correct Answer: D Section: (none) Explanation Explanation/Reference: Real answer. QUESTION 50 Refer to the exhibit. An administrator is testing the DLP installation by placing .EML files into the drop folder, but has been unsuccessful in generating any incidents. The administrator is checking the Advanced Server Settings page to see if it can help diagnose the issue. What could be causing this problem? A. B. C. D. BoxMonitor.IncidentWriter setting needs to be set to Test BoxMonitor.FileReader needs to be set to default BoxMonitor.IncidentWriterMemory is set too high BoxMonitor.Channels contains an incompatible entry Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 51 An administrator needs to remove an agent and its associated events from a specific Endpoint Server. Which Agent Task does the administrator need to perform to disable its visibility in the Enforce UI? A. B. C. D. Delete action from the Agent Summary page Disable action from Symantec Management Console Change Endpoint Server action from the Agent Overview page Delete action from the Agent Health dashboard Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 52 An administrator pulls the Services and Operation logs off of a DLP Agent by using the Pull Logs action. What happens to the log files after the administrator performs the Pull Logs action? A. B. C. D. they are stored directly on the Enforce server they are transferred directly to the Enforce Server and deleted from the DLP Agent they are created on the DLP Agent then pulled down to the Enforce server they are temporarily stored on the DLP Agent's Endpoint server Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 53 A company needs to disable USB devices on computers that are generating a number of recurring DLP incidents. It decides to implement Endpoint Lockdown using Endpoint Prevent, which integrates with Symantec Endpoint Protection Manager and Symantec Management Platform. After incidents are still detected from several agents, the company determines that a component is missing. Which component needs to be added to disable the USB devices once incidents are detected? A. B. C. D. Control Compliance Suite Workflow Solution pcAnywhere Risk Automation Suite Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 54 A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should the compliance officer generate to obtain the compliance information? A. B. C. D. Policy Trend report, summarized by policy, then quarter Policy Trend report, summarized by policy, then severity Policy report, filtered on quarter, and summarized by policy Policy report, filtered on date, and summarized by policy Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 55 A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What must be populated to generate this report? A. B. C. D. remediation attributes sender correlations status groups custom attributes Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 56 A divisional executive requests a report of all incidents generated by a particular region and summarized by department. Which incident information must be populated to generate this report? A. B. C. D. remediation attributes custom attributes sender correlations status groups Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 57 What should an incident responder select to remediate multiple incidents simultaneously? A. B. C. D. Smart Response on the Incident Snapshot page Automated Response on an Incident List report Smart Response on an Incident List report Automated Response on the Incident Snapshot page Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 58 Which two options are available when selecting an incident for deletion? (Select two.) A. B. C. D. E. Delete the incident completely Delete the original message and retain the incident Delete the incident and retain the original message Delete the incident and export incident details to .CSV file Delete all attachments or files and export incident to .XML file Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 59 A DLP administrator is creating a role that contains an incident access condition that restricts users from viewing specific incidents. Which two conditions can the administrator specify when creating the incident access condition in a role? (Select two.) A. B. C. D. E. file type custom attribute recipient file size policy group Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 60 An incident responder is viewing a discover incident snapshot and needs to determine which information to provide to the next level responder. Which information would be most useful in assisting the next level responder with data clean-up? A. B. C. D. Incident Details: Message Body content Custom Attributes: Most Active User from Data Insight Incident Details: File Owner metadata Access Information: File Permissions Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 61 What is the most efficient policy so that incidents are generated only when a specific user under investigation sends encrypted files? A. B. C. D. a policy that has one condition a policy that has one exception a policy that has two conditions a policy that has two exceptions Correct Answer: C Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 62 Which two locations can the administrator verify a newly created policy was loaded on a detection server? (Select two.) A. B. C. D. E. System > Servers > Overview System > Servers > Server Detail Manage > Policies > Policy List System > Servers > Overview > Configure Server System > Servers > Events Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 63 How should an administrator export all policies from a test environment to a production environment? A. B. C. D. Choose the option to 'export all' on the Manage > Policies > Policies List page Export one policy template at a time Navigate to System > Settings > Export and select 'All' Locate the 'policy' folder under 'SymantecDLP' and copy all of the .XML files Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 64 Refer to the exhibit. Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimate business activity. According to this model, which activity should occur during the baseline phase? A. B. C. D. Monitor incidents and tune the policy to reduce false positives Define and build the incident response team Establish business metrics and begin sending reports to business unit stakeholders Test policies to ensure that blocking actions minimize business process disruptions Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 65 The chief information security officer (CISO) is responsible for overall risk reduction and develops high-level initiatives to respond to security risk trends. Which report will be useful to the CISO? A. B. C. D. all high severity incidents that have occurred during the last week all dismissed incidents violating a specific policy marked as false positive all incidents from the previous month summarized by business units and policy all new incidents that have been generated by a specific business unit during the last week Correct Answer: B Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 66 Refer to the exhibit. Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimate business activity. What occurs during the notification phase? A. Notification helps define confidential information and assign appropriate levels of protection to it using classifications. B. On-Screen Pop-ups compare existing company information protection polices to best practices. C. Notification helps develop a plan for integrating appropriate data security practices. D. Automated sender notification educates employees in real-time about company policy violations. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 67 Which structure records are stored in the private region? (Each correct answer presents part of the solution. Select three.) A. B. C. D. Disk group configuration Disk and disk group ID File system metadata Disk group kernel log E. Partition tables Correct Answer: ABD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 68 How should an administrator determine which Database version is running? A. B. C. D. Run the command select database version from database; Right click on database folder and select version Run the command select * from v$version; Look in add/remove programs for the database program Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 69 Which version of Oracle does Symantec Data Loss Prevention version 12.0 require for new installations or upgrading from 11.x to 12.0? A. B. C. D. 10.2.0.1 10.2.0.4 11.2.0.2 11.2.0.3 Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 70 A user is unable to log in as sysadmin. The Data Loss Prevention system is configured to use Active Directory authentication. The user is a member of two roles: sysadmin and remediator. How should the user log in to the user interface in the sysadmin role? A. B. C. D. sysadmin\[email protected] sysadmin\username domain\username username\sysadmin Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 71 When attempting to log in as administrator to the UI, the administrator receives a login error: Invalid Username/Password or Disabled Account The DBA verifies the account is enabled. The information provided for the environment only includes the DLP protect database username and password as well as a username and password called Sys Admin \Admin. How should the administrator change the built-in 'Administrator' password? A. log in to the Enforce UI as the Sys Admin account and go to System > Login Management > DLP Users and reset the administrator password B. extract the administrator password from the DatabasePassword.properties file C. update the PasswordEnforcement.properties file with a new administrator password D. use the AdminPasswordReset utility to update the password Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 72 Consider a situation where you run the vxdmpadm start restore command and encounter an error message "VxVM vxdmpadm ERROR V-5-1-3243 The VxVM restore daemon is already running" How will you solve this error? A. B. C. D. Stop vxdmpadm and restart vxdmpadm. Stop vxdmpadm and start vxdarestore. Stop vxdmpadm and reboot the system. Restart the all the VxVM daemons. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 73 Which two Diagnostic Logging Settings can be configured under the Systems > Servers > Logs Configuration tab in the Enforce UI? (Select two.) A. B. C. D. E. Discover Trace Logging Packet Capture Debug Logging Endpoint Debug Logging Described Content Matching Incident Logging Aggregator Debug Logging Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 74 Which two products are leveraged for Network Prevent integration? (Select two.) A. Mail Transfer Agent B. C. D. E. Network Tap Proxy Server Span Port Load Balancer Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 75 Which server target uses the 'Automated Incident Remediation Tracking' feature? A. B. C. D. Lotus Notes File System SharePoint Exchange Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 76 Which command will you use to display all the disk groups that are currently imported on the system? A. B. C. D. vxdg import vdisk dglist vxvm dg list vxdg list Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 77 A DLP administrator needs to configure an Automated Response rule that can execute while end-users are off the corporate network. Which response rule condition will enable the administrator to accomplish this task? A. B. C. D. Endpoint Location Endpoint Device Protocol or Endpoint Destination Sender/User Matches Pattern Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 78 A DLP administrator needs to forward data loss incidents to the company's Security Information and Event Management (SIEM) system. Which response rule action provides the administrator with the ability to accomplish this task? A. B. C. D. All: Send Email Notification All: Log to a Syslog Server All: Add Note All: Set Attribute Correct Answer: B Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 79 Which traffic type is excluded from analysis when an administrator uses Network Monitor? A. B. C. D. Skype Yahoo! Instant Messenger NNTP Telnet Correct Answer: A Section: (none) Explanation Explanation/Reference: correct answer. QUESTION 80 You execute the vxtrace command without any option to collect I/O trace data on all virtual disk drives during peak I/O operations. When you start to analyze the data, you notice that vxtrace displays a record indicating records are lost. You want to reduce the likelihood of the kernel discarding records so that you don't have to rerun vxtrace to capture the records. What should you do? A. B. C. D. Print vxtrace event records to a file Increase the kernel buffer Wait until I/O operations have decreased Increase the kernel buffer using the o option Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 81 Refer to the exhibit. A DLP administrator is planning the deployment of the Symantec Data Loss Prevention with Mobile Email Monitor. Where should the administrator place the Mobile Email Monitor? A. B. C. D. 1 2 3 4 Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 82 Which two fallback options are available for a 'Network Prevent: Remove HTTP/HTTPS' content response rule when a web-based message contains confidential data? (Select two.) A. B. C. D. E. Redirect the content to an alternative destination Block the content from being posted Encrypt the content before posting Remove the content through FlexResponse Allow the content to be posted Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 83 A network architect needs to install Symantec Data Loss Prevention detection servers in a hosted environment. Which action should the network architect take to ensure secured communication between the detection server and the Enforce server? A. B. C. D. use the sslkeytool utility to create multiple unique certificates for each detection server generate a certificate directly on each detection server use the built-in Symantec Data Loss Prevention certificate for the hosted server generate identical certificates for on-premise servers and identical certificates for hosted servers Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 84 Which function does the Email Prevent server provide when integrating into an existing email environment? A. B. C. D. inspects, stores, and blocks confidential emails as a Mail Transfer Agent (MTA) integrates with a Mail Transfer Agent (MTA) to inspect SMTP email messages maintains each inbound SMTP message transaction until the outbound is inspected processes and inspects outbound SMTP messages until the email transaction has been closed Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 85 You work in a Server Operations Center (SOC), and you are required to track the status of the VxVM tasks in progress on a UNIX server. Another member of the administration team is scheduled to execute VxVM changes; you are also responsible for tracking the progress of those changes. In addition, you are required to escalate any issues with the change to the team member. How would you execute this task? A. B. C. D. By using vxtask monitor to track active VxVM tasks By using OS-level process monitoring tools, such as top or prstat By using vxassist monitor to track active VxVM tasks By using vxtask status to track active VxVM tasks Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 86 Which two pieces of system information are collected by Symantec Data Loss Prevention Supportability Telemetry? (Select two.) A. Currently installed version of the Enforce Server B. Number of policies currently deployed C. Cumulative statistics regarding network traffic D. File types for which there are incidents E. Number of system alerts generated daily Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 87 While performing a disk group joins operation, you get an error "VxVM vxdg ERROR V-5-1-2866 object: Record already exists in disk group." You want to resolve this error. How should you resolve this error? A. B. C. D. Change the object name in the disk group. Change the object name to same as disk group. Import a disk group and rename it. Delete the disk group and recreate it with another name. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 88 You are performing a move operation under VxVM control. You cannot find the disk involved in a disk group. In addition, you get the following error message: "VxVM vxconfigd ERROR V-5-1-4551 dg_move_recover: can't locate disk(s), giving up" How should you resolve this error? A. B. C. D. Use vxdisk command to import a disk group. Use vxdg command to clean the disk group to be imported. Use vxassist command to clean the disk group to be imported. Use vxconfigd command to import a disk group. Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 89 Which two actions should an organization take when deploying Endpoint Prevent according to Symantec best practices? (Select two.) A. B. C. D. E. Test the agent on a variety of end-user images Enable monitoring of the local file system Enable monitoring of many destinations and protocols simultaneously Configure, test, and tune filters Delete the pre-defined filters and create its own Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 90 How does the DLP Agent prevent slow response time? A. B. C. D. Endpoint Discover queues files until resources are available. Endpoint Discover pauses any scans if resources are needed. Endpoint Prevent pauses detection until any scans complete. Endpoint Prevent queues files until resources are available. Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 91 An administrator is configuring an approved Endpoint device and adding it as an exception to a policy that blocks the transfer of sensitive data. Data transfers to these approved Endpoint devices are still being blocked. Which action should the administrator take to prevent the data transfers from being blocked? A. B. C. D. Disable and enable the policy involved for the changes to take effect Verify that the proper device ID or class has been entered Edit the exception rule to ensure Match On is set to 'Attachments' Assign the Endpoint device configuration to all of the Endpoint servers Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 92 You have just started a relayout operation in a live test environment, and you want to limit the impact of your work on concurrent testing activities. You also want to accommodate the need to constrain a relayout job's performance impact on concurrent activities. What would you do to perform this task? A. B. C. D. Use the "set iodelay" option of vxtask to throttle the VxVM task. Use the "set iowait" option of vxtask to throttle the VxVM task. Use the "set slow" option of vxtask to throttle the VxVM task. Use the "set nice" option of vxtask to throttle the VxVM task. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 93 You want to remove the disk named datadg01 from the disk group named datadg. You also want to remove the public and private regions from the disk. However, you want to retain the data stored on the disk. Which commands will you use to achieve this? A. vxdiskunsetup vxdg rmdisk vxevac B. vxdg rmdisk vxevac vxdiskunsetup C. vxremove vxdg evac vxdisk rmdisk D. vxevac vxdg rmdisk vxdiskunsetup Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 94 You have replaced disks on a system under the VxVM control and you get an error "VxVM vxconfigrestore ERROR V-5-1-6012 There are two backups that have the same disk group name with different disk group id". How will you resolve this error? A. B. C. D. Delete the backup file, in dginfo, /etc/vx/cbr/bk/diskgroup. dgid/ dgid.dginfo. Rename one of the disk groups. Specify the disk group by its name rather than by its ID. Specify the disk group by its ID rather than by its name. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 95 Which two methods should an administrator use to exclude emails going to partner.com and all traffic going to a specific subnet? (Select two.) A. B. C. D. E. Protocol filter L7 recipient filter Sender/User Matches pattern L7 sender filter IP filter Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 96 Which command will you run to get the full path name of the file, if you only have the inode number? A. B. C. D. vxfsstat vxquot vxquota vxlsino Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 97 You work in a Server Operations Center (SOC) with other administrators monitoring VxVM background tasks after you initiate them. You need to set up a VxVM task so that these SOC administrators can track your background tasks against the change control documentation. What would you do address this requirement? A. B. C. D. Use the vxtask label command to mark the task with the change control number. Use the "-n" flag to associate the task with the change control number. Use the "-t" flag to mark the task with the change control number. Use the vxtask tag command to associate the task id with the change control number. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 98 An organization needs to implement a solution that will protect its sensitive information while allowing its mobile device users to access sites and applications such as Facebook, Dropbox, and Twitter. Which Symantec Data Loss Prevention solution should the organization use to protect its information? A. B. C. D. Mobile Email Monitor Mobile Prevent Network Prevent Endpoint Prevent Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 99 A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. Why are the processes missing from the Server Detail page display? A. B. C. D. The detection server Display Control Process option is disabled on the Server Detail page. The Display Process Control setting on the Advanced Settings page is disabled. The detection server PacketCapture process is displayed on the Server Overview page. The Advanced Process Control setting on the System Settings page is deselected. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 100 How is data moved to the servers at Symantec when auto-transmission of Supportability Telemetry data is enabled? A. HTTP POST to Symantec from Agents B. HTTPS POST to Symantec from Enforce C. HTTP POST to Symantec from Enforce D. HTTPS POST to Symantec from Agents Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 101 Which DLP Agent task is unique to the Symantec Management Platform and is unavailable through the Enforce console? A. B. C. D. Change Endpoint server Restart agent Pull agent logs Toggle print screen Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 102 Which endpoint database file should be used to tune and change debugging levels? A. B. C. D. cg.ead ps.ead am.ead ks.ead Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 103 Which file is required to decrypt the edpa_ext0.log using the Endpoint Agent logdump utility? A. B. C. D. dcs.ead cg.ead ks.ead is.ead Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 104 An incident responder can see basic incident data, but is unable to view specific details of the incident. What could be wrong with the configuration in the incident responder's role? A. B. C. D. View option is selected and all display attributes are deselected. Incident Access tab conditions are specified. Available Smart Response rules are deselected. Server administration rights are deselected. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 105 You have executed the vxdg -g diskgroup adddisk disk_name= command. Which switch needs to be added to force VxVM to take the disk media name of the failed disk and assign it to the new replacement disk? A. B. C. D. -force -k -f -assign Correct Answer: C Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 106 Refer to the exhibit. Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimate business activity. According to best practices, which option should be enabled during the baseline phase of policy risk reduction? A. B. C. D. Change automated email responses EDM/IDM detection Use secure storage Enable auto-encryption Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 107 Which command is used to save queries/commands written to the database when one of the following DMLs is used: Update, Insert, or Delete? A. B. C. D. commit finalize :wq exit Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 108 What is the importance of using a CPU in Oracle within the DLP technology? A. B. C. D. Central Processing Unit - ensures database has enough processing power Command Processor Unit - lays out the commands to process for the database Critical Patch Update - ensures Oracle is securely patched Communications Processing Unit - sends alerts to administrator Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 109 You are accessing the public region of a drive. You get an error message stating that the disk has failed. What could be the possible reason for this message? A. VxVM can access the private region but there are uncorrectable I/O failures on the public region of the drive. B. VxVM cannot access the private region or the public region of the drive. C. VxVM can access the public region of the drive but there are uncorrectable I/O failures on the private region of the drive. D. VxVM can access the public and the private region of the drive but the plex on the drive is disabled. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 110 The administrator determines that \SymantecDLP\Protect\Incidents folder on Enforce contains .BAD files dated today while other .IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger than 1MB are turning to .BAD. What could be causing only incident data smaller than 1MB to persist while incidents that are larger than 1MB change to .BAD files? A. B. C. D. Enforce hard drive is out of free disk space detection server has excessive filereader restarts tablespace is almost full corrupted policy was deployed Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 111 You execute the qio_convertdbfiles command to convert the database files to use Quick I/O. The command results with an error that the database files are not on a VxFS file system. You need to convert the database files to use Quick I/O. What should you do? A. B. C. D. Run the qio_getdbfiles command to get the database files on the VxFS file system. Remove the files from the mkgio.dat file. Predefine the DB2 environment variable $DB2DATABASE. Set the database type to DB2. Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 112 A Network Monitor is showing under System Overview as 'Running Selected'. The corresponding detection server events indicate that packet capture and filereader are crashing. What is a possible cause for the Network Monitor being in this state? A. B. C. D. the license has expired for this detection server the Enforce server and detection server are running different versions the detection server is missing the server side certificate the minimum required amount of available free space has been used Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 113 An administrator is attempting to check the status of the services for a detection server in the UI. The only option showing under System > Servers > Overview > Server Detail is 'Status'. What is a possible cause for the server details to show 'Status' only? A. B. C. D. the services are failing to run the user is logged in with a limited role Advanced Process Control is unchecked Symantec Data Loss Prevention Standard Edition is installed Correct Answer: C Section: (none) Explanation Explanation/Reference: Real answer. QUESTION 114 Which System Administration page will display a list of the system servers as well as recent error-level and warning-level system events? A. System > Servers > Events B. System > Servers > Overview C. System > Settings > General D. System > Servers > Alerts Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 115 Silent installation can be performed for which component of Symantec Control Compliance Suite 9.0? A. B. C. D. directory server Data Processing Service application server Response Assessment Module Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 116 What are two benefits that data loss prevention solutions provide? (Select two.) A. B. C. D. E. Provide accurate measurement of encryption strength Give insight into capacity planning for sensitive data Identify who has access to sensitive data Indicate where sensitive data is being sent Meet data retention requirements for business continuity Correct Answer: CD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 117 What is the minimum number of computers required to configure each Data Processing Service role? A. B. C. D. 1 2 3 4 Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 118 A role is configured for XML export and a user executes the export XML incident action. What must be done before history information is included in the export? A. B. C. D. A remediator must take an action on the incident. History must be enabled as a tab or panel in the incident snapshot layout. Incident history must be enabled in the user's role. The manager.properties must be configured for XML export. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 119 Which service is responsible for starting and controlling the user interface? A. B. C. D. VontuManager VontuMonitor VontuNotifier VontuMonitorController Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 120 Which three are components of a Reconciliation Rule? (Select three.) A. B. C. D. E. Save in: Folder Selection Set Asset Group Asset Type Rule Type Select Asset Filter Correct Answer: ACD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 121 What can cause an increase in the DLP Agent footprint? A. B. C. D. Smart Response rules additional Agent Components additional policies API lookups Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 122 Which four functional roles can be registered to the Data Processing Service? (Select four.) A. B. C. D. E. F. Load Balancer Data Provider Collector Evaluator Reporter Manager Correct Answer: ACDE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 123 In which case will the agent status remain green (healthy) on the Agent Events page? A. B. C. D. The Endpoint server detects that the connection with the agent is lost. There is agent or server authentication failure. The agent is unable to restore a database file. The agent service and file-system driver are running. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 124 How many dashboards can be viewed simultaneously on the home page? A. B. C. D. 1 2 4 8 Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 125 A Data Loss Prevention administrator brings a new Endpoint server online and redirects existing DLP Agents to work with this server. The administrator notices, in the Agent Overview page, that the redirected agents are showing an offline status. Which scenario is the most likely cause of this issue? A. Active policies are disabled on this Endpoint server and pushed out to the DLP Agents. B. The Agent Monitoring configuration of this new Endpoint server needs to enable the appropriate monitoring options. C. The Agent Monitoring configuration of this new Endpoint server has aggressive throttling enabled for DLP Agents causing them to shut down. D. The Endpoint server is listening on the default port of 8000 while the DLP Agents are using a custom port number. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 126 During testing, a Data Loss Prevention administrator configures a Network Discover target to identify and quarantine confidential files. The target is set up with a default credential that has read-only permissions on the file server. After running the scan and checking the results, the administrator finds several incidents from the scan, observes that all confidential files are still in their original location, but the configured quarantine directory contains the confidential files. Which two Discover target configuration mistakes might be causing the problem? (Select two.) A. B. C. D. E. The sharelist excludes all directories on the host being scanned. The Quarantine/Copy Share credentials are invalid. The Default credentials are invalid. The Copy option is selected. The Protect credential is unspecified. Correct Answer: DE Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 127 When does the RMS Console Configuration Wizard appear? (Select two.) A. B. C. D. E. every time a new license has been added the first time that a user opens the console after the installation or the upgrade after a new Credential database has been applied to the user after a bv-Control snap-in installation on the console computer after the user has changed their default information server Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 128 What must be done in order to create a new asset type? A. B. C. D. Import assets from this new type Create the asset type in the asset interface Extend the asset schema Install a new bv-Control snapin Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 129 The terms Confidentiality, Integrity, and Availability refer to which aspect of an Evaluation of a Standard? A. B. C. D. Standard References Risk Score Common Vulnerabilities and Exposures Compliance Score Correct Answer: B Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 130 A policy author is creating a policy using a Data Identifier (DI) and needs to add keywords to help eliminate false positives. The policy author needs to avoid duplicates with the Keyword validators included with the DI. Where can the policy author find the list of validators? A. B. C. D. Symantec Data Loss Prevention Administration Guide Symantec Data Loss Prevention Install Guide User Interface - Manage > Response Rules User Interface - Edit Policy > Edit Rule > More Info Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 131 What is one of the steps that must take place before comparing entitlements of a control point? A. B. C. D. generate entitlement report request to approve entitlements approve entitlements at least once approve entitlements at least twice Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 132 An administrator has completed the example document training process, but is having difficulty deciding whether or not to accept a VML profile. Where can the administrator find information regarding the quality of each training set at a granular, per-fold level? A. machinelearning_training_process.log file B. machinelearning_native_filereader.log fil C. machinelearning_training.log file D. machinelearning_native_manager.log file Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 133 What should be used to add an Apple iPod device to a list of Endpoint devices? A. B. C. D. CLASS/GENERIC/MUSIC/Apple GLOBAL;MANUFACTURER;Apple* DEVICESTORE:*APPLE&IPOD* USBSTOR\\DISK&VEN_APPLE&PROD_IPOD&.* Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 134 To which file system folder does PacketCapture write reconstructed SMTP messages? A. B. C. D. drop drop_pcap drop_email drop_smtp Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 135 Which setting allows a user to stop the filereader process from the user interface? A. B. C. D. APC (Advanced Process Control) Filereader.ScheduledInterval UnicodeNormalizer.Enabled Lexer.Validate Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 136 Which three functions are provided by Symantec Control Compliance Suite 9.0? (Select three.) A. Provides the ability to attest to procedural controls B. C. D. E. Uses automated agentless or agent-based capabilities to audit and scan technical controls Verifies and confirms risk and posture compliance assessment Produces evidence of due care in an IT audit process Integrates the remediation process Correct Answer: ABD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 137 An administrator is running a Discover Scanner target scan and the scanner is unable to communicate back to the Discover Server. Where will the files be stored? A. B. C. D. Discover Server incoming folder scanner's outgoing folder scanner's incoming folder Enforce incident persister Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 138 The Symantec Control Compliance Suite 9.0 (CCS 9.0) stores large amounts of data in databases. The database administrator must perform tasks on the databases outside of CCS 9.0 to maintain the databases and to ensure that the databases are performing at an acceptable level. Which three tasks should be routinely scheduled in SQL Server Management Studio? (Select three.) A. B. C. D. E. Configure the databases Back up the databases Refresh the databases Rebuild the indexes Update the database statistics Correct Answer: BDE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 139 Which command line diagnostic utilities would give a user the operating system version of the detection servers? A. B. C. D. Environment Check Utility Log Collection Utility NormalizationConfigCheck.exe SC.exe Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 140 Which log should be reviewed first if a database issue is suspected? A. B. C. D. manager_operational.log alert_.log enforce_diagnostics.log manager_jdbc.log Correct Answer: B Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 141 Which two components of Symantec Control Compliance Suite 9.0 must be deployed in an Active Directory domain? (Select two.) A. B. C. D. E. application server Data Processing Services Production database directory server web portal server Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 142 Each organization establishes its own priorities around the data they consider important to protect. What is a common category of data at risk? A. B. C. D. competitor financial data company intellectual property technical environmental risk data historical stock share data Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 143 To manually troubleshoot DLP Agent issues, the database and log viewer tools must be executed in which location? A. B. C. D. in the same location as the dcs.ead file location in the same location as the cg.ead file location in the same location as the ks.ead file location in the same location as the is.ead file location Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 144 Which product must run on a physical server? A. B. C. D. Endpoint Prevent Network Monitor Enforce Network Prevent Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 145 Which products can be configured on the same detection server? A. B. C. D. Network Protect and Network Discover Endpoint Discover and Network Discover Network Monitor and Network Prevent Network Monitor and Network Discover Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 146 When registering Oracle databases in bv-Control for Oracle, which two options are supported? (Select two.) A. B. C. D. E. Registering the database from Active Directory Registering the database manually Registering the database from Oracle Internet Directory Registering the database from tnsnames Registering the database from DNS Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 147 Which Symantec Control Compliance Suite 9.0 components must be installed in the same domain? A. B. C. D. Data Processing Service Collector Role and information server application server and directory server Data Processing Service Reporter Role and SQL database server directory server and SQL database server Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 148 A customer has four Enterprise Security Manager (ESM) managers in their environment. What is the minimum number of Symantec Control Compliance Suite 9.0 sites to which these managers can be assigned? A. B. C. D. 1 2 3 4 Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 149 What are two benefits of the Symantec Data Loss Prevention 11.5 security architecture? (Select two.) A. Communication is initiated by the detection servers inside the firewall. B. SSL communication is used for user access to the Enforce Platform. C. Endpoint Agent to Endpoint Server communication uses the Triple Data Encryption Standard (Triple DES). D. Confidential information captured by system components is stored using Advanced Encryption Standards (AES) symmetric keys. E. All indexed data uploaded into the Enforce Platform is protected with a two-way hash. Correct Answer: BD Section: (none) Explanation Explanation/Reference: fine answered. QUESTION 150 Which three factors must be considered when planning the deployment of the RMS Information Server? (Select three.) A. B. C. D. E. number of Active Directory domains in scope geographic location of RMS users number of RMS users enterprise network areas to be queried location of the Information Server database Correct Answer: BCD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 151 What is the function of the Remote Indexer? A. to create Index Document Matching (IDM) profiles and Exact Data Matching (EDM) profiles on a remote server B. to create Exact Data Matching (EDM) profiles on a remote server C. to create policy templates on a remote server D. to create Index Document Matching (IDM) profiles on a remote server Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 152 Which term refers to organizational rules or requirements that provide guidance to employees? A. B. C. D. E. framework standard policy benchmark regulation Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 153 Which two job types invoke the Data Processing Service data collector? (Select two.) A. B. C. D. E. Data Collection job Asset Import job Evaluation job Evidence Collection job Reporting job Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 154 A company has created an Exact Data Matching profile and referenced it in a policy to protect customer credit card information. New customers are added daily, but the profile is updated weekly. Until the profile can be updated, which rule should be added to protect new credit card numbers? A. B. C. D. A compound rule that also matches on a data identifier A detection rule that matches on sender/user A separate detection rule that uses a data identifier A detection rule that matches on regular expressions Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 155 A company needs to protect all Mergers and Acquisitions Agreements from leaving the organization. However, there is standard text that is included in all company literature that they would like to exclude. What should be done to make sure that this standard text is excluded from detection? A. B. C. D. create a whitelisted.txt file after creating the Exact Data Matching (EDM) profile create a whitelisted.txt file before creating the Exact Data Matching (EDM) profile create a whitelisted.txt file after creating the Indexed Document Matching (IDM) profile create a whitelisted.txt file before creating the Indexed Document Matching (IDM) profile Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 156 A company needs to collect data from their AS/400 application servers. Which data collection component will they need to deploy? A. B. C. D. bv-Control for AS/400 Symantec Enterprise Security Manager Symantec RMS bv-Control for UNIX Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 157 A policy template called Customer Credit Card Numbers is being imported into the system. What is the default result for the import of this policy template? A. B. C. D. The policy template will be listed under US Regulatory Enforcement Templates and be available. The policy template will be enabled by default. The policy template will be listed under Imported Templates. The policy template will be available after restarting the VontuManager service. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 158 Which user action can be performed on a read-only policy in the Symantec Control Compliance Suite 9.0 web portal? A. B. C. D. Request Clarification Request Exception Accept Decline Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 159 A Symantec Control Compliance Suite 9.0 (CCS 9.0) administrator has modified a user's role assignment to allow access to additional tasks. However, the user is unable to see these tasks. What must the user do to see these additional tasks? A. B. C. D. quit and then restart the CCS console synchronize the user database hit the refresh icon choose Advanced Tasks from the Task menu Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 160 Which three are components of the Symantec Control Compliance Suite 9.0? (Select three.) A. B. C. D. E. web portal Evidence database ESM database Cognos application server Correct Answer: ABE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 161 In the Symantec Control Compliance Suite 9.0 console, where is the status of Evaluation and Data Collection jobs displayed? A. B. C. D. Home Manage Monitor Reporting Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 162 In which two places in the user interface are Smart Response rules invoked? (Select two.) A. B. C. D. E. Policy page Incident List reports Incident Snapshot reports Incident Summary reports Response Rules page Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 163 Where are evaluation results stored? A. B. C. D. Production database Evidence database Reporting database Response database Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 164 Which two protocols are available by default and recognized by Network Monitor by their individual signatures? (Select two.) A. B. C. D. E. FTP HTTPS IM: AIM SNMP TFTP Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 165 A custom logo can replace a default logo in a report. The logo must be added to Symantec Control Compliance Suite 9.0 before the logo can be used. In which location is a custom logo added? A. B. C. D. Reporting View > Options Settings > General Reporting.exe.config file Report Customization Wizard Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 166 Which two Symantec Control Compliance Suite 9.0 roles are valid for exception management? (Select two.) A. B. C. D. E. Exception Administrator Exception Approver Exception Auditor Exception Owner Exception Requestor Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 167 What are two functions of the Enterprise Configuration Service? (Select two.) A. B. C. D. E. It maintains a list of master and slave query engines. It maintains rules for query engine data collection. It maintains a list of RMS configured users. It maintains a list of registered UNIX targets. It maintains Scope files. Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: Topic 3, Volume C QUESTION 168 Which information is required to configure an Enterprise Security Manager (ESM) data collector in Symantec Control Compliance Suite 9.0? (Select two.) A. ESM manager B. C. D. E. ESM console ESM agent ESM user ESM console user Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 169 After an exception has been requested, which three approver actions are valid? (Select three.) A. B. C. D. E. set the exception request state to In Review forward the exception request to an alternate approver deny the exception request delete the exception request request clarification for the exception request Correct Answer: ACE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 170 Who is responsible for approving who has access to which data in an organization? A. B. C. D. the business data owner the owner of the business the chief security officer the information technology officer Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 171 Which information is displayed in the Monitor View? A. B. C. D. Jobs and reports Jobs and evaluation results Tasks and reports Data collections and evaluation results Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 172 Which step is recommended before scheduling any dashboard job? A. B. C. D. Back up the reporting database Run the Scheduled Reporting Database Purge job Run the Scheduled Reporting Database Synchronization job Preview the dashboard Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 173 The amount of discarded packets for a Network Monitor server is increasing throughout the day. Which Network Monitor configuration changes should be implemented to reduce the number of packets that are discarded? A. B. C. D. Implement filtering in the policies that are applied to the Network Monitor. Ensure that the traffic handled by Network Monitor is kept at 10,000 messages per second. Implement Layer-7 filtering in the local Network Monitor configuration. Uncheck protocols from the Monitor configuration page that are unnecessary. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 174 Which action must be performed immediately after the configuration/modification of Data Processing Service settings? A. B. C. D. register configuration refresh configuration synchronize configuration update configuration Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 175 Which action must be performed when installing a Network Prevent detection server in a hosted environment to ensure secure communications to Enforce? A. B. C. D. Use the sslkeytool utility to create multiple unique certificates for each Network Prevent server Generate a certificate directly on the Network Prevent server Use the built-in Symantec Data Loss Prevention certificate Generate identical certificates for on-premise and hosted detection servers Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 176 Which two Symantec Data Loss Prevention components can be deployed in a hosted service provider? (Select two.) A. B. C. D. E. Network Prevent (Email) Network Discover Network Prevent (Web) Network Monitor Network Protect Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 177 If a customer is running Enterprise Security Manager (ESM) 6.5.x in their environment, which two ESM components must be upgraded for it to work with Symantec Control Compliance Suite 9.0? (Select two.) A. B. C. D. E. ESM manager ESM agent ESM console ESM reporting ESM relation database link Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 178 There can only be a single instance of which three components in a Control Compliance Suite 9.0 deployment? (Select three.) A. B. C. D. E. directory server load balancer Production database Data Processing Service application server Correct Answer: ACE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 179 Which two currently supported ICAP proxies can Web Prevent work with to inspect, block, and remove HTTPS content? (Select two.) A. B. C. D. E. Bluecoat Webwasher Microsoft ISA Squid Ironport S-series Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 180 What is required in order to support encrypted communications between the information server and an Oracle database server? A. B. C. D. tnsnames.ora file Secure Socket Layer (SSL) Oracle client Public Key Infrastructure (PKI) Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 181 Which Network Discover option is used to determine whether confidential data exists without having to scan the entire target? A. B. C. D. Byte Throttling File Throttling Match Thresholds Inventory Mode Scanning Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 182 Which three operating system versions are supported to run Symantec Control Compliance Suite 9.0 Server components? (Select three.) A. B. C. D. E. Windows Server 2003 SP2 x64 Windows Server 2003 R2 SP2 Windows Server 2008 Windows Vista Business or Enterprise Windows Server 2008 Server Core Correct Answer: ABC Section: (none) Explanation Explanation/Reference: actual answer. QUESTION 183 Which two types of information are available on a scan listing on the Discover Targets page? (Select two.) A. B. C. D. E. User who initiated the scan Run time for each scan Number of items changed since the previous scan File structure and location Number of errors encountered Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 184 A Data Loss Prevention administrator notices that several errors occurred during a Network Discover scan. Which report can the administrator use to determine exactly which errors occurred and when? A. B. C. D. Discover Incident report sorted by target name and scan Full Activity report for that particular scan Server Event report from Server Overview Full Statistics report for that particular scan Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 185 Which three roles are associated with policy management in Symantec Control Compliance Suite 9.0? (Select three.) A. B. C. D. E. Policy Viewer Policy Requestor Policy Approver Policy Administrator Policy Reviewer Correct Answer: CDE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 186 What are two valid CSV collector settings? (Select two.) A. Command Threads B. File(s) Path C. Job Poll Interval D. Search Pattern E. Hostname Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 187 Which two are supported methods of populating the asset system? (Select two.) A. B. C. D. E. by-Control Network Mapper XML Import data collectors (ESM/RMS) CSV Import Active Directory Import Correct Answer: CD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 188 Where can a Data Loss Prevention administrator configure the throttling option for a DLP Agent? A. B. C. D. Symantec Management Platform Discover Target Configuration page Agent Configuration section Agent Filtering section Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 189 If Endpoint Prevent and Endpoint Discover are competing for resources on an endpoint computer, how does the system resolve the conflict? A. B. C. D. Endpoint Discover queues files until resources are available. Endpoint Discover pauses any scans if resources are needed. Endpoint Prevent pauses detection until any scans complete. Endpoint Prevent queues files until resources are available. Correct Answer: B Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 190 Which Automated Response rule is specific to Endpoint Prevent? A. B. C. D. Remove HTTP/HTTPS Content User Cancel Copy File Modify SMTP Message Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 191 Which two are modules of Symantec Control Compliance Suite 9.0? (Select two.) A. B. C. D. E. Standards bv-Control ESM Internet Security Entitlements Correct Answer: AE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 192 What should be used to exclude emails going to any email address in the partner.com domain across all policies? A. B. C. D. IP filter L7 filter Content filter Sender/User Matches pattern Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: http://www.gratisexam.com/ QUESTION 193 A user receives this error message in the Symantec event log: An error occurred while attempting to run a scheduled job; Reason for failure: Password doesn't exist for username. The Symantec Control Compliance Suite 9.0 is configured to store the user credentials for job runs. Where must the user supply the correct credentials? A. B. C. D. Home > User Preferences Monitor > Jobs Settings > General Settings > Secure Configuration Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 194 Communications between Symantec Control Compliance Suite 9.0 (CCS 9.0) components rely on a signed digital certificate. What is the root certificate authority in the CCS 9.0 environment? A. B. C. D. Microsoft Certificate Authority Server Certificate Management Console Server CCS Management Service Application Server Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 195 What should a Data Loss Prevention administrator do when the license file expires? A. B. C. D. enter a new license key to update the license file reference a new license file on the System Settings page overwrite the expired license key enter a new license file on the Advanced Settings page Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 196 What is the correct sequence of steps in the Symantec Data Loss Prevention policy lifecycle? A. B. C. D. Design policy, test policy, deploy policy, identify threat, and tune policy Identify threat, build policy, deploy policy, test policy, and tune policy Design policy, deploy policy, identify threat, test policy, and tune policy Identify threat, design policy, build policy, test policy, tune policy, and deploy policy Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 197 What is required to assign permissions to the asset system? A. B. C. D. user/group role role and user/group group Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 198 What is the purpose of the cg.ead endpoint database? A. B. C. D. to tune and change debugging levels to store two-tier detection information to encrypt communication with the Endpoint server to log and track agent version changes Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 199 When planning a Symantec Control Compliance Suite 9.0 deployment, the site concept plays an important role. What should be the first step when planning the site concept? A. B. C. D. identify the number of servers in scope analyze a diagram of the network identify the operating systems in scope analyze a diagram of the Active Directory structure Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 200 Which three supported scopes can be used for a Windows File asset type? (Select three.) A. B. C. D. E. Windows domain Windows group Windows machine Windows directory Windows site Correct Answer: ACD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 201 After installing several new DLP Agents, the Data Loss Prevention administrator discovers that none of the endpoint agents are appearing on the Agent Overview page. After refreshing the page several times, and determining that the equipment is powered on and connected to the network, the Agent Overview page still fails to display the new agents. What is a possible cause for this issue? A. B. C. D. The DLP Agents need to be added manually through the Symantec Management Platform. The DLP Agents were installed with the incorrect Endpoint server IP address. The assigned Endpoint server needs to be recycled in order to detect the new DLP Agents. The Endpoint Location is set to "Manually" instead of "Automatically" in the Enforce user interface. Correct Answer: B Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 202 Which Network incident report indicates where employees are most often sending emails in violation of policies? A. B. C. D. Location Summary Status by Target Top Recipient Domains Destination Summary Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 203 Which report helps a compliance officer understand how the company is complying with its data security policies over time? A. B. C. D. Policy Trend report, summarized by policy, then quarter Policy Trend report, summarized by policy, then severity Policy report, filtered on quarter, and summarized by policy Policy report, filtered on date, and summarized by policy Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 204 What is the maximum number of port lets that can be used in a dashboard? A. B. C. D. 4 6 8 10 Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 205 A Data Collection job fails for a Windows machine in Symantec Control Compliance Suite 9.0 (CCS 9.0). All components appear to have been correctly installed and configured in the console. What is the recommended step to take outside of the CCS 9.0 console to troubleshoot the issue? A. B. C. D. Reinstall the MQE Run a bv-Control query Delete and recreate the Credentials database Verify the Enterprise Configuration Service Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 206 Which three bv-Control for Windows services may be checked when troubleshooting agentless data collection? (Select three.) A. B. C. D. E. bvProcessManager Data Processing Service Directory Support Service BindView Query Engine Enterprise Configuration Service Correct Answer: ADE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 207 Which two options can incident responders select when deleting incidents? (Select two.) A. B. C. D. E. Delete the incident completely Delete the original message and retain the incident Delete the incident and retain the violating attachments or files Delete the incident and export incident details to .csv file Delete all attachments or files and log the incident Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 208 Which two functions does Data Owner Exception provide? (Select two.) A. B. C. D. E. Allows data owners to send or receive their own data Prevents confidential data from being sent to the wrong recipient Allows individuals to send confidential data about a family member Allows individuals to send confidential data to any recipient Prevents individuals from sending confidential data to a group of recipients in the recipient list Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 209 Where are roles and permissions stored? A. B. C. D. SQL Credential database ADAM Active Directory Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 210 What must a policy manager do when working with Exact Data Matching (EDM) indexes? A. B. C. D. Re-index large data sources on a daily or weekly basis Index the original data source on the detection server Deploy the index only to specific detection servers Create a new data profile if data source schema changes Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 211 What is a feature of keyword proximity matching? A. It will match on whole keywords only. B. It has a maximum distance between keywords of 99. C. It only matches on message body. D. It evaluates each keyword pair independently. Correct Answer: D Section: (none) Explanation Explanation/Reference: Real answer. QUESTION 212 What needs to be configured in order to collect common fields during a asset import using the default data collector? A. B. C. D. ESM data collector CSV data collector Automatic Entitlements Import job a policy with associated assets Correct Answer: B Section: (none) Explanation Explanation/Reference: answer is updated. QUESTION 213 A dashboard can be exported to a folder from which two areas? (Select two.) A. B. C. D. E. Home Monitor > Jobs Reporting > My Reports Reporting > My Dashboards Reporting > Dashboard Templates Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 214 A business unit is generating a large number of high severity incidents on a Network Prevent credit card policy. What are two likely causes? (Select two.) A. B. C. D. E. The business unit's employees are storing credit card data insecurely on a local file share. A business process within the business unit violates corporate security policies. The business unit's employees are copying credit card data to removable drives. The business unit's employees may be unaware of correct credit card handling procedures. The policy is unable to detect corporate security policies with respect to credit cards. Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 215 Within an evaluation result, the status Unknown is primarily defined with which check setting? A. B. C. D. missing data items check expression precondition data items filter Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 216 An administrator has received the system event: "Tablespace is almost full". How should the administrator resolve this issue? A. B. C. D. Restart the Oracle database services Create additional data files for the Oracle database Restart the Vontu services Purge incidents from the \Vontu\Protect\incidents folder Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 217 Refer to the exhibit. Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimate business activity. Which two actions are involved with the remediation phase of risk reduction? (Select two.) A. B. C. D. E. employee and business unit communication sender auto notification blocking and notifying response rules fixing broken business processes enabling Exact Data Matching (EDM)/Indexed Document Matching (IDM) Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 218 The following steps have been taken: Which job will be executed? A. Entitlements Import job B. Asset Import job C. Automatic Entitlements Import job D. Evaluation job Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 219 A Data Processing Service in a Load Balancer role distributes jobs to Data Processing Services in which two roles? (Select two.) A. B. C. D. E. Evaluator BladeRunner Collector Load Balancer Scheduler Correct Answer: AC Section: (none) Explanation Explanation/Reference: updated answer. QUESTION 220 Which three can be used to install a bv-Control for Windows MQE? (Select three.) A. B. C. D. E. bv-Config Utility bv-Control for Windows Configuration Wizard configuration settings RMS configuration setup.exe Correct Answer: ABE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 221 The business data owner is unavailable. Who can approve the entitlements in his absence? A. B. C. D. Alternate approver Alternate data owner Any user with the approver role IT administrator Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 222 A report template has been scheduled. Where will the resulting report be located? A. B. C. D. My Reports Predefined Reports Monitor > Jobs My Documents folder Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 223 How can an administrator validate that once a policy is updated and saved it has been enabled on a specific detection server? A. B. C. D. Check the status of the policy on the policy list page Check to see whether the policy was loaded under System > Servers > Alerts Check the policy and validate the date and time it was last updated Check to see whether the policy was loaded under System > Servers > Events Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 224 Which four bv-Control platforms are supported in Symantec Control Compliance Suite 9.0 Standards? (Select four.) A. B. C. D. E. F. Oracle Windows UNIX Exchange SQL NetWare Correct Answer: ABCE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 225 What is a possible solution when a Network Discover server is unable to scan a remote file server? A. B. C. D. Mount the IPC$ share on the file server Verify that the target file server is a Windows 2000 server Use the fully qualified name (FQDN) of the server Verify that the file server has .NET services running Correct Answer: C Section: (none) Explanation Explanation/Reference: correct answer. QUESTION 226 Which tool is provided by default to edit a database on an endpoint? A. B. C. D. vontu_sqlite3.exe update_configuration.exe logdump.exe wdp.exe Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 227 What are two reasons why a company should implement data loss prevention? (Select two.) A. B. C. D. E. To prevent the threat of malware To demonstrate regulatory compliance To protect the CISO from liability due to a security breach To prevent employee malicious activity To protect brand and reputation Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 228 Which three Enterprise Security Manager policy-run options can be configured in Symantec Control Compliance Suite 9.0? (Select three.) A. B. C. D. E. Collect data from last policy run Run policy before collecting data Collect data from last n policy runs Run policy n days before collecting data Run policy if data is older than n days Correct Answer: ABE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 229 From which organization are Symantec Control Compliance Suite 9.0 Predefined Standards most commonly derived? A. B. C. D. National Institute of Standards and Technology National Security Agency Center for Internet Security International Organization for Standardization Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 230 When manually installing the Symantec DLP Agent, how can the Data Loss Prevention administrator hide the agent from registering itself in the Windows control panel? A. B. C. D. Add ARPSYSTEMCOMPONENT="1" to the installer batch file Select the "Hide from Control Panel" checkbox in the installation user interface Add HIDECONTROLPANEL="YES" to the installer batch file Select the "ARPSYSTEMCOMPONENT" checkbox in the installation user interface Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 231 In Symantec Control Compliance Suite 9.0, if an administrator wants to evaluate assets compared to a referenced asset, what is used? A. B. C. D. reference evaluation baseline standard gold standard policy mapping Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 232 Symantec recommends that new deployments of Data Loss Prevention replace the default encryption certificates used for securing communication between the Enforce Server and detection servers. What is the correct utility for generating new certificates for this communication? A. B. C. D. sslkeytool.exe certutil.exe endpointkeytool.exe kinit.exe Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 233 Which two can a detection server match on with a recipient matches pattern rule? (Select two.) A. B. C. D. E. IP address of a Web server Windows username Instant Messaging Name MAC address Webmail server URL Correct Answer: AE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 234 An organization needs to determine whether anyone other than the CEO is emailing PDF documents that contain the phrase "Revenue Operating Report". What is the most efficient way to write this policy and generate the fewest false positives? A. B. C. D. One rule without conditions and one exception rule Two rules and one L7 Sender exception One rule with two conditions and one exception rule Two rules with one condition each and one exception rule Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 235 What should be used to detect existing source code information for a customer? A. B. C. D. Exact Data Matching (EDM) Index Document Matching (IDM) file type rule condition data identifier rules Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 236 What is the process of assigning meta information to an asset? A. B. C. D. Dynamic asset grouping Implementing Reconciliation Rules Tagging CSV Import Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 237 Which two detection condition types match on all Envelope, Subject, Body, and Attachment components? (Select two.) A. B. C. D. E. Exact Data Match Indexed Document Match Keyword File Name Data Identifier Correct Answer: CE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 238 Which technique is used to select a Data Processing Service data collector when multiple data collectors are configured to support a site? A. B. C. D. round robin most recently used load based shortest job next Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 239 Data can be collected using which two data collectors in Symantec Control Compliance Suite 9.0? (Select two.) A. B. C. D. E. ESM XML ODBC CSV AS400 Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 240 Which use case would be solved by using a "Sender/User matches Group based on Directory Server Group" as a detection rule? A. B. C. D. Allow login to Enforce based on Active Directory (AD) group membership Generate an incident based on the business unit custom attribute Resolve the business unit custom attribute using the LDAP lookup plugin Detect a group of users based on Active Directory (AD) group membership Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 241 Which two collector types can be used to import assets into the Symantec Control Compliance Suite 9.0 asset system? (Select two.) A. B. C. D. E. Domain Default DPS XML CSV Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 242 How are the Enterprise Security Manager settings configured for use by the Data Processing Service? A. B. C. D. per site per domain per organizational unit per group Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 243 Which response rule condition allows a policy manager to configure an Automated Response rule to execute while a user is travelling? A. B. C. D. Endpoint Location Endpoint Device Protocol or Endpoint Monitoring Sender/User Matches Pattern Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 244 How many attachments can be associated with an exception request? A. B. C. D. 1 2 3 4 Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 245 An Endpoint Prevent: Notify response rule is defined in Korean, English, and Chinese (in that order). Which pop-up language will a Japanese Windows locale user see? A. B. C. D. Korean Japanese English Chinese Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 246 Which two benefits does the Policy Module provide? (Select two.) A. determines coverage gaps for multiple, overlapped regulatory, industry-specific, or best practices frameworks B. lowers the cost of policy creation and maintenance and measures policy knowledge and retention C. defines, reviews, and disseminates written policies to end users as mapped to specific measurable controls D. integrates the policy compliance process with existing asset management systems E. identifies problems within policies or internal controls and prevents policy compliance failure or data breach Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 247 Which two fields are common to all asset types? (Select two.) A. Asset Administrator B. Confidentiality C. Asset Location D. Access Vector E. Authentication Correct Answer: BC Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 248 On which protocols does Symantec Data Loss Prevention use port-based protocol recognition? A. B. C. D. Secure tunnelling protocols User-defined IP protocols User-configured TCP protocols System-defined UDP and TCP protocols Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 249 What does Symantec Control Compliance Suite 9.0 use to help organize how and where data is collected? A. B. C. D. collections sites domains organizational units Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 250 Which two requirements must be met to successfully use Network Monitor on a Windows based detection server? (Select two.) A. B. C. D. E. Wireshark must be installed on the Windows system. WinPCAP must be installed on the Windows system. ARP proxy must be enabled to ensure the Windows system captures all traffic. At least two network interfaces must be available. The network interface card must support Jumbo frames. Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 251 A test is performed against one or more assets in order to determine a pass or fail status. What is this test called? A. B. C. D. Standard Filter Check Evaluation Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 252 Which two are categorized as unprocessable components in the traffic report? (Select two.) A. B. C. D. E. traffic stream that is corrupted Traffic that contains jpg image Extraction limit that has been exceeded Traffic containing a password protected doc file Packets arriving out of order Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 253 Which traffic type will be excluded from analysis? A. B. C. D. Skype Yahoo! Instant Messenger NNTP Telnet Correct Answer: A Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 254 What does Network Monitor use to identify SMTP network traffic going to a nonstandard port? A. B. C. D. string matching port range regular expressions protocol signature Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 255 Which incidents appear in the Network Incident List when the Network Prevent Action filter is set to Modified? A. B. C. D. incidents in which confidential content was removed from an SMTP email incidents in which an SMTP email was changed to include a specified header incidents in which digital rights were applied to SMTP email attachments incidents in which attachments were removed from an SMTP email Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 256 Which two fallback options are available for a Network Prevent: Remove HTTP/HTTPS Content response rule? (Select two.) A. B. C. D. E. Determine a secondary site for posts Block content from being posted Send to an encryption gateway Remove content through FlexResponse Allow content to be posted Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: Topic 4, Volume D QUESTION 257 Which two options can be used to notify users when SMTP emails are blocked with Network Prevent? (Select two.) A. B. C. D. E. MTA generated delivery status notification Web Proxy server generated email notification Symantec FlexResponse plug-in generated email notification Symantec detection rule generated email notification Symantec response rule generated email notification Correct Answer: AE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 258 Which databases are created by Symantec Control Compliance Suite 9.0 Reporting and Analytics during installation? A. Production, Reporting, Evidence B. bv, Compliance Manager, Policy Manager C. Dashboard, Reporting, SMC D. Evidence, Standards, Policies Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 259 Which functionality must a Mail Transfer Agent (MTA) have to integrate with an Email Prevent Server? A. B. C. D. The MTA is strict ESMTP compliant. The MTA is ICAP compliant. The MTA filters spam. The MTA supports TLS. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 260 What can Email Prevent do to protect confidential data in an outgoing email? A. B. C. D. modify the email attachment to remove confidential information add a header to an email to route to an encryption gateway use a FlexReponse plug-in to modify the email header modify the email body to redirect to a quarantine location Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 261 How many instances of the Enterprise Configuration Service should be installed? A. B. C. D. One per Windows domain One per enterprise Two (cluster configuration) One per query engine Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 262 Which three are valid Reconciliation Rule types in Symantec Control Compliance Suite 9.0? (Select three.) A. Pre Rule B. C. D. E. Add Rule Delete Rule Update Rule Change Rule Correct Answer: ABD Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 263 When configuring bv-Control for Microsoft SQL Server, which two authentication options are available? (Select two.) A. B. C. D. E. Certificate-based authentication Windows authentication Pass-through authentication Basic authentication SQL authentication Correct Answer: BE Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 264 Which Symantec Control Compliance Suite 9.0 component is responsible for routing data collection, evaluation, and reporting jobs? A. B. C. D. application server collector load balancer Management Service Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 265 How can a user monitor compliance to policies? A. B. C. D. via statements via questions via regulations via frameworks Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 266 When approving an exception, which field requires input from the approver? A. B. C. D. Requestor Requestor Group Requestor Email ID Comments Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 267 How are Reconciliation Rules processed? A. B. C. D. by priority, first matching rule by CIA values by asset type by best fit matching, multiple rule matches Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 268 How is a policy applied to Network Discover scans? A. B. C. D. by assigning policy groups to the scan target by choosing the correct policies in the scan target by assigning policies to the Network Discover Server by choosing the correct targets to run the policies Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 269 With respect to the entitlements workflow, what is the first step that is performed? A. B. C. D. Assign a data owner Mark control point Import entitlements Gather business data Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 270 Which two remediation actions are available for Network Protect? (Select two.) A. B. C. D. E. Copy Move Block Rename Quarantine Correct Answer: AE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 271 In the Reports > Predefined folder, which two actions can the user perform? (Select two.) A. B. C. D. E. Add report templates from CSV files Delete report templates Customize certain report templates Edit the report template properties to add user-defined values Schedule report templates Correct Answer: CE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 272 To run a bv-Control query targeting Microsoft SQL Server 2005, which Microsoft component is required on the information server? A. B. C. D. SQL Agent Reporting Services Integration Services Distributed Management Objects Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 273 When should Network Discover Scanners be used? A. B. C. D. to scan data repositories that require special access methods to be readable to find open file shares on the network to scan and index documents from remote file servers for use in policies to automatically remove sensitive files from data repositories Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 274 A company needs to scan all of its file shares on a weekly basis to make sure sensitive data is being stored correctly. The total volume of data on the file servers is greater than 1 TB. Which approach will allow the company to quickly scan all of this data on a weekly basis? A. run an initial complete scan of all the file shares, then modify the scan target to add date filters and exclude any files created or modified before the initial scan was run B. run an initial complete scan of all the file shares, then modify the scan target to an incremental scan type C. create a separate scan target for each file share and exclude files accessed before the start of each scan D. run an initial complete scan of all file shares, create a summary report of all incidents created by the scan, then run weekly scans and compare incidents from weekly scans to incidents from the complete scan Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 275 In the context of IT compliance, what are standards? A. B. C. D. a set of generally accepted best practices a protector against a specific risk or threat statements of goals and objectives a collection of methods to evaluate compliance efforts Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 276 Which two recommendations should an organization follow when deploying Endpoint Prevent? (Select two.) A. B. C. D. E. Test the agent on a variety of end-user images. Initially enable monitoring of the local file system. Enable monitoring of many destinations and protocols simultaneously. Configure, test, and tune filters. Configure blocking as soon as the agents are deployed. Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 277 Which application or destination is selected for endpoint monitoring by default? A. B. C. D. email removable storage instant messaging local drive Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 278 An administrator is applying a newly created agent configuration to a server. Upon inspection, however, none of the new configuration settings are displayed. What is a possible cause of this issue? A. B. C. D. The administration access rights restricts access to apply new configurations. The server that the new agent configuration was applied to needs to be recycled. The new agent configuration was saved without applying it to the Endpoint server. The new agent configuration was copied and modified from the default agent configuration. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 279 An information security officer has detected an unauthorized tool on desktops being used to transmit data with encrypted communications. Which Data Loss Prevention feature can prevent this tool from accessing confidential data? A. B. C. D. Removable storage monitoring Network protocol monitoring Application path filtering Application monitoring Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 280 Which situation can be monitored by both Network Monitor and Endpoint Prevent? A. B. C. D. An employee uses a Chrome 2 browser to post confidential data to a newsgroup using http. An employee uses Skype to send an instant message to a friend at a competitor site. An employee uses AIM to send an instant message while off the corporate network. An employee uses Internet Explorer 7 to send confidential data from a Gmail account using https. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 281 Which object applies to an entitlement exception? A. B. C. D. section standard control point policy Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 282 What are two available options when accessing the Configure Server page of a Network Monitor server to configure protocol filters? (Select two.) A. B. C. D. E. HTTPS FTP SMTP ICMP UDP Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 283 Which throttling option is available when creating a Server SharePoint Discover target? A. B. C. D. maximum maximum maximum maximum sites per hour items per minute request per front-end server encountered errors Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 284 What is the correct syntax sequence when creating an IP filter for Network Monitor? A. +/-, source, destination B. include/exclude, destination, source C. include/exclude, source, destination D. +/-, destination, source Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 285 Which two components are required for the Symantec Data Loss Prevention for Tablets solution in addition to the Tablet Prevent and Enforce servers? (Select two.) A. B. C. D. E. DLP Agent Virtual Private Network Gateway Web Proxy 2010 Exchange Server Mobile Device Management Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 286 Which step can be excluded from the install and configuration process for a valid Mobile Device Management solution that is used for Symantec Data Loss Prevention for Tablets? A. B. C. D. configure VPN and SCEP profiles target profiles and deliver them to the devices configure the VPN profile for tamper-proofing set up backup and load-balancing VPN connections Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 287 Which profile contains information to enable the VPN on Demand functionality for the Data Loss Prevention for Tablets solution? A. B. C. D. DLP Agent profile SCEP profile iOS profile VPN client profile Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 288 Which VPN configuration for the Data Loss Prevention for Tablets solution is unsupported? A. B. C. D. use the Juniper JunOS Pulse client when using the Juniper Networks SA VPN appliances use the native iPad IPSec client when using the Juniper Networks SA VPN appliances use the Cisco AnyConnect client when using the Cisco ASA series VPN devices use the native iPad IPSec client when using the Cisco ASA series VPN devices Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 289 How does a Data Loss Prevention administrator verify the health of a Network Monitor server? A. B. C. D. by checking Incident Queue and Message Wait Time on the System Overview page by verifying the configuration details of the System Settings page by determining whether system alert message emails are generated or received by reviewing the results of the Environment Check Utility (ECU) Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 290 Which command line utility generates custom authentication keys to improve the security of the data that is transmitted between the Enforce server and detection servers? A. B. C. D. endpointkeytool keytool servertool sslkeytool Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 291 Where does a Data Loss Prevention administrator recycle the FileReader process on a detection server? A. B. C. D. System Overview page Server Detail page command prompt Windows Services Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 292 The dashboard run date is displayed in which format? A. B. C. D. the date and time of the local computer the date and time of the Data Processing Service computers the Coordinated Universal Time (UTC) date and time the date and time format of the application server Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 293 When configuring DLP Agents, what does the File Recovery Area Location setting determine? A. B. C. D. the secure filestore of incidents and data while agents are offline the location of files quarantined through Endpoint Discover scans the temporary backup location of blocked files the location of files for redeployment or upgrade of agents Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 294 How should reports be configured in the system for secure distribution? A. B. C. D. as email body text as links as a Web Archive as filtered Incident List reports Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 295 How are permissions granted to predefined objects? A. B. C. D. The administrator must manually add permissions. Permissions can only be granted to CCS administrators. Permissions are granted through Active Directory. Permissions are automatically granted when the user is added to a role. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 296 Which feature should an incident responder use to begin to determine where an attachment has created other violations? A. B. C. D. Report Filters Incident History Incident Details Policy Matches Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 297 Which three database types are suitable for the RMS Information Server? (Select three.) A. B. C. D. E. local Microsoft SQL Server 2005 Express local Oracle 10g local Microsoft SQL Server 2005 Standard remote Microsoft SQL Server 2005 Standard local Microsoft SQL Server 2005 Enterprise Correct Answer: ACE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 298 When reviewing an SMTP incident snapshot, which reporting feature would a Data Loss Prevention administrator use to quickly find recent incidents with the same subject and sender? A. B. C. D. Incident History Incident Summary report Incident Notes Incident Correlations Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 299 For most organizations, the password for the database accounts is changed on a regular basis. Which action is recommended for the account that is used by Symantec Control Compliance Suite 9.0 (CCS 9.0)? A. Require that the CCS 9.0 have a password exception B. Coordinate the password change to ensure database connectivity C. Require that the CCS 9.0 administrator also have database administrator rights D. Create a job that refreshes the settings information automatically Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 300 How are incidents classified in a Network Prevent plus Data Loss Prevention for Tablets hybrid deployment? A. B. C. D. All incidents are classified under the Network category. Classification for all incidents depends on traffic destination. Incidents created by all traffic sources are generically categorized. Incidents are classified specifically based on traffic source. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 301 In order to generate reports in Symantec Control Compliance Suite 9.0 (CCS 9.0), where must the Crystal Reports 2008 Engine be installed? A. B. C. D. The Data Processing Service computer configured with the Reporter role The application server that manages the reporting jobs All Data Processing Service computers The server that hosts the CCS 9.0 console Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 302 Which feature enables data extraction with incident data from the Enforce platform based on report ID? A. B. C. D. Data Extraction API CSV Export Reporting API Report Save As Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 303 An incident responder can see basic incident data, but is unable to view any specific details of the incident. What is the configuration for this role? A. B. C. D. The View option is selected and all display attributes are deselected. Server administration rights have been deselected. Custom attributes have been selected and set to View Only. Incident Access tab conditions are specified. Correct Answer: A Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 304 Which term refers to rules created by a government in response to legislation? A. B. C. D. E. framework standard policy benchmark regulation Correct Answer: E Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 305 Which two conditions can be specified when creating an incident access condition in a role? (Select two.) A. B. C. D. E. File types A custom attribute Last modified by File size Policy group Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 306 Which Symantec Control Compliance Suite 9.0 component is responsible for most inter-component transactions? A. B. C. D. Directory Support Service Data Processing Service Information Server Service Application Server Service Correct Answer: D Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 307 Which feature moves confidential data to a secure location when scanning endpoint targets? A. B. C. D. Network Protect Quarantine Network Discover Remediation Endpoint Quarantine Endpoint Prevent Block Correct Answer: C Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 308 Which service is responsible for importing assets via a CSV file? A. B. C. D. Application Server Service Data Processing Service Directory Support Service Management Services Service Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 309 Which delimiter is acceptable in Exact Data Matching (EDM) data sources? A. B. C. D. space semi-colon (;) pipe (|) slash (/) Correct Answer: C Section: (none) Explanation Explanation/Reference: Real answer. QUESTION 310 Which three are prerequisites for RMS installation? (Select three.) A. B. C. D. E. Internet Information Server Microsoft .NET Framework 2.0 Windows Installer 3.1 Microsoft SQL Server 2005 Express Crystal Report 2008 Correct Answer: BCD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 311 A user has deleted a report template in a user-defined folder. What must the user do to use that report template again? A. B. C. D. Find the report template in the Application Server Recycle Bin Recreate the report template from the predefined report template Recreate the Report Generation job Select Add in My Reports Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 312 Which minimum right is required for a standard user to open the RMS console and use the query- related features? A. B. C. D. must be part of the RMS Console Users local group must have a Symantec Control Compliance Suite 9.0 Administrator role must be configured as an RMS Console User must be part of the RMS Admin Users local group Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 313 For greater accuracy, what is the minimum recommended number of columns in a data source for use in an Exact Data Matching (EDM) profile? A. B. C. D. 2 3 4 5 Correct Answer: B Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 314 Which two dates must be selected when creating an exception request? (Select two.) A. expiration date B. start date C. effective date D. due date E. evaluation date Correct Answer: AC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 315 The Response Assessment Module (RAM) was installed after Symantec Control Compliance Suite 9.0 (CCS 9.0) reporting and analytics. What must be modified in order to connect CCS 9.0 to the RAM? A. B. C. D. RAMServer.exe.config file RAM DB configuration DPS settings RAM Server connection string Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 316 A company has SMTP Prevent deployed with email blocking enabled in their confidential data policy. The finance department reports that emails containing sensitive data sent to external business partners are being blocked. The company maintains a list of the external business partner domains. How can a policy be modified so that emails are sent only to authorized recipients? A. duplicate the confidential data policy, add a rule based on "Sender Matches Pattern", and add the email addresses of all employees in the finance department, select "All senders must match" for Match Counting B. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select "All recipients must match" for Match Counting C. create a new rule in the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select "At least 1 recipient must match" for Match Counting D. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains of business partners to the recipient pattern and select "At least 1 recipient must match" for Match Counting Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 317 How can agentless asset data collection speed be improved on a large network? A. Install the console on a faster machine B. Tune the SQL database for performance C. Set up multiple information server deployments on the network D. Install RMS and Symantec Control Compliance Suite 9.0 on the same box Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 318 Which two policy management actions can result in a reduced number of incidents for a given traffic flow? (Select two.) A. B. C. D. E. Adding additional component matching to the rule Adding data owner exceptions Deploying to additional detection servers Increasing condition match count Adding additional severities Correct Answer: BD Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 319 What is the main difference between data loss prevention and other security technologies? A. B. C. D. It is designed to take a content aware approach to security. It determines the data owner of inbound sensitive information. It quarantines adware before it is able to extract confidential information. It is designed to give visibility into where the company's least sensitive data is stored. Correct Answer: C Section: (none) Explanation Explanation/Reference: accurate answer. QUESTION 320 You move a set of files from a VxFS file system to another file system. When the files are moved, the extent attributes are not moved along with the files and are lost during the migration. What could be a possible cause for this problem? A. B. C. D. The target file system is not a VxFS type file system. There is a variation in the block size of source and target VxFS file system. The target VxFS file system does not have enough free space to accommodate the extent attributes. The target VxFS file system uses mixed block size. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 321 What causes the majority of data loss prevention violations? A. B. C. D. hackers exploit vulnerabilities and exfiltrate confidential data companies lack security policies to prevent loss of confidential data employees unintentionally expose confidential data system backups are performed improperly Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 322 You execute the command ps ef | grep vxatd. What is the expected output of this command? A. B. C. D. The command verifies the Fully Qualified Host Name. The command verifies the status of Symantec Authentication service. The command verifies the status of Root Broker. The command verifies the status of Authentication Broker. Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 323 What is the minimum number of plexes required for true mirroring to provide redundancy of data? A. B. C. D. One Two Three Four Correct Answer: B Section: (none) Explanation Explanation/Reference: Real answer. QUESTION 324 Which product can replace a confidential document residing on a share with a marker file explaining why the document was removed? A. B. C. D. Network Discover Network Protect Mobile Prevent Endpoint Discover Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 325 Which command will you use to determine the operating mode of vxconfigd? A. B. C. D. vxdctl enable vxdctl mode vxmode ps ef |grep vxconfig Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 326 Which structures are parts of the Cross-platform Data Sharing (CDS) format? A. B. C. D. E. An Operating System-reserved area A directory area A private region A public region A Bad Block Relocation Area Correct Answer: ACD Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 327 Which two components can perform a scan of a workstation? (Select two.) A. B. C. D. E. Endpoint Server DLP Agent Network Prevent Enforce Server Discover Server Correct Answer: BE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 328 While accessing a node in the Dynamic Multipathing (DMP) database you get an error "VxVM vxdmp NOTICE V-5-0-111 disabled dmpnode dmpnode_device_number". How will you resolve this error? (Each correct answer presents part of the solution. Select two.) A. B. C. D. Enable the appropriate controllers to allow at least one path under this DMP node. Check the underlying hardware to recover the desired path. If possible correct the hardware failures Then, recover the volume using the vxrecover command. Replace the hardware because there may be a problem with host-bus adapter. Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 329 What is the recommended maximum number of agents registered to a manager in Enterprise Security Manager 9.0? A. B. C. D. 400 1500 2000 4000 Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 330 A user attempts to run Lookup Attributes manually on an incident. On the Incident List page under Incident Actions, the option for Lookup Attributes is missing. Which section in the Plugins.properties file is misconfigured? A. B. C. D. Plugin Execution Chain is undefined. Attribute Lookup parameters is set to "message". Automatic plugin reload is set to false. Automatic Lookup is set to false. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 331 What are two possible ways to provide incident match text information? (Select two.) A. B. C. D. E. CSV export Email notification Reporting API Syslog notification XML export Correct Answer: CE Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 332 Which two should be used to collect log information from Enforce servers? (Select two.) A. B. C. D. E. Enable the VontuSNMP service and set the community strings accordingly Use the Log Collection and Configuration tool Navigate manually to the log directory of the Enforce server installation Access the Enforce Log Viewer page at https:///logs?view=true Use dbgmonitor from sysinternals to connect to the debug output of the service Correct Answer: BC Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 333 Which three database maintenance tasks must be performed outside of Symantec Control Compliance Suite 9.0? (Select three.) A. B. C. D. E. Purge evidence Back up the databases Purge stale data Shrink the databases Defragment the databases Correct Answer: BDE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 334 Which two tasks are performed in the Symantec Management Platform? (Select two.) A. B. C. D. E. Change Monitor operational log levels Change Endpoint Agent log levels Restart Agents Gather Enforce logs Gather Monitor logs Correct Answer: BC Section: (none) Explanation Explanation/Reference: correct answer. QUESTION 335 A DLP Agent is connected to the corporate network through VPN. The administrator sees a Warning icon associated with the agent on the Agent Overview page of the Enforce user interface. The administrator determines the warning is related to a failure to update Active Directory group membership. What should the administrator do? A. B. C. D. Reinstall the DLP Agent Restart the DLP Agent Restart the Endpoint server services Refresh the Active Directory services Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 336 What is a prerequisite for viewing exported dashboards? A. B. C. D. Cognos Crystal Reports Java Adobe Flash Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 337 Which three asset types can be imported using the default Symantec Control Compliance Suite 9.0 data collection import feature? (Select three.) A. B. C. D. E. Windows machines Windows users Windows domains UNIX machines Exchange mailboxes Correct Answer: ACD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 338 A scanner fails to return results upon completion of the scan process. Which file should be removed to eliminate previous scan issues? A. B. C. D. scanner_typeScanner.cfg Clean.exe ScannerControllerLogging.properties logs Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 339 When collecting data from assets, what is the primary factor in determining the types of data that will be collected? A. scope B. standard C. baseline D. reference asset Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 340 An administrator is attempting to add a new detection server to the Enforce UI. However, the administrator only has the ability to add Network Monitor and Endpoint servers. The option to add a Discover server is missing. What does the administrator need to do to add an additional server type? A. B. C. D. log in as Sys Admin/Server Administrator role update the software license file restart the Vontu Monitor service restart Vontu Monitor Controller service Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 341 A DLP administrator needs to decide if using Symantec Management Console (SMC) will provide additional functionality over the built-in Agent Actions that can be performed via Agents > Overview > Summary Reports. What are two of the Agent Actions that can be performed with SMC that are unable to be used with the built-in Agent Actions? (Select two.) A. B. C. D. E. Set Under Investigation Get Agent Configuration Toggle Print Screen Set Log Level Gather Endpoint detection server logs Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 342 Ten test agents are being deployed that use an uninstall password required to uninstall the DLP Agent. The agents deploy and install correctly. Upon testing to remove the Agent, the uninstall password fails to work. The deployment team used 'Symantec' for the UninstallPasswordKey. Why does the uninstall fail when using the same password? A. B. C. D. uninstall passwords are restricted from containing the word 'Symantec' the UninstallPwdKeyGenerator must be used to create an UninstallPasswordKey the PGPsdk.dll file was missing when the key was created the uninstall agent password needs to match the uninstall password key Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 343 An administrator is attempting to uninstall a version 11.6 DLP Agent, but the uninstall password fails to remove the agent. The group who set the initial password is unavailable. Which two options are available to address the password issue? (Select two.) A. manually uninstall the agent by stopping the EDPA and WDP services, then remove all related program files B. upgrade the agent to version 12 with a newly generated UninstallPasswordKey C. reboot and login to Safe Mode and use Add / Remove Programs to uninstall the Agent D. contact Symantec Support to obtain the Clean Agent tool E. use Regedit.exe and delete the related Endpoint registry entries Correct Answer: BD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 344 A Network Monitor server has been installed and the networking components configured accordingly. The server is receiving traffic, but fails to detect incidents. Running Wireshark indicates that the desired traffic is reaching the detection server. What is the most likely cause for this behavior? A. B. C. D. The mirrored port is sending corrupted packets. The wrong interface is selected in the configuration. The configuration is set to process GET requests. The communication to the database server is interrupted. Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 345 A DLP administrator needs to inspect HTTP traffic using a Network Monitor, including data pushed up to the web and data pulled down from the web. Which configuration changes should the administrator make under the advanced server settings to include all cases? A. B. C. D. L7.processGets=false, PacketCapture.DISCARD_HTTP_GET=true, L7.minSizeofGetURL=1000 L7.processGets=true, PacketCapture.DISCARD_HTTP_GET=true, L7.minSizeofGetURL=100 L7.processGets=false, PacketCapture.DISCARD_HTTP_GET=false, L7.minSizeofGetURL=10 L7.processGets=true, PacketCapture.DISCARD_HTTP_GET=false, L7.minSizeofGetURL=10 Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 346 An administrator receives the following error: Error Code:3018 lt;profile name> has reached maximum size. Only 44245 out of 97737 documents are indexed. What must the administrator do to resolve this error? A. B. C. D. increase the advanced server setting Lexer.MaximumNumberOfTokens to 90k reindex the current IDM to refresh the .IDX files split the IDM into multiple indexes when the index is too large increase the advanced server setting FileReader.MaxFileSize to 300M Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 347 In System Overview, the status of a detection server is shown as 'unknown'. Examination of the detection server reveals all Vontu services are running. Which port is blocked and causing the server to be in the 'unknown' state? A. B. C. D. 443 8000 8100 8300 Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 348 The DLP services on an Endpoint Server keep stopping. The only events displayed in the Enforce UI are that the server processes have stopped. What is the first step the administrator should take to keep the services on the Endpoint server running? A. B. C. D. Perform a complete uninstall and reinstall of the Product Install malware detection software on the server Remove the Endpoint server from the UI and add it again Exclude the DLP directories from any scheduled or real-time virus scanning Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 349 What is the minimum percentage of spare disks in a disk group? A. 10% B. 15% C. 20% D. 25% Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 350 An administrator is checking System Overview and all of the detection servers are showing as 'unknown'. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command. How can the administrator bring the detection servers to a running state in the Enforce UI? A. B. C. D. Delete all of the .BAD files in the incidents folder on the Enforce server Restart the Vontu Monitor Service on all of the detection servers affected Ensure the Vontu Monitor Controller service is running on the Enforce server Ensure port 8300 is configured as open on the firewall Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 351 Where in the Enforce UI can the administrator find the option to participate in the Supportability Telemetry Program? A. B. C. D. System System System System > System Reports > Incident Data > Servers > Settings Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 352 Which Oracle utility can be run from the Enforce box to test network connectivity between Enforce and the Oracle database? A. B. C. D. rconfig sqlplus netca rman Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 353 In order to allow users to accept or decline policies, which option can be set during the creation of the policy? A. B. C. D. Allow User Accept/Decline Allow User Response Allow User Interaction Allow Users to Interface Correct Answer: B Section: (none) Explanation Explanation/Reference: genuine answer. QUESTION 354 Which three are available Export Formats for Symantec Control Compliance Suite 9.0 reports? (Select three.) A. B. C. D. E. Comma Separated Values (CSV) Adobe Reader (PDF) Crystal Reports (RPT) Rich Text Microsoft Access (MDB) Correct Answer: BCD Section: (none) Explanation Explanation/Reference: good choice of answer. QUESTION 355 How are permissions to user-defined objects granted to individual users? A. B. C. D. Permissions are automatically assigned by role. A custom role must be created to grant access. The administrator must manually assign permissions. They are granted through Active Directory. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 356 When and how is the license for Symantec Data Loss Prevention 11.5 applied during installation? A. B. C. D. by moving the license file to the bin directory after installation by copying and pasting the license key when prompted during the installation by uploading the license file when prompted by the installer by copying and pasting the license key after logging in to the console for the first time Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 357 When installing an Endpoint Server, at which point does it register with the Enforce Server? A. B. C. D. After installation, the Endpoint Server automatically registers itself with the Enforce Server. after recycling the server in the user interface after adding the server from within the Enforce user interface after restarting the Enforce Server Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 358 Where are assets stored? A. B. C. D. Assets.XML Production database RMS database ADAM Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 359 Which two database versions does Symantec Data Loss Prevention 11.5 support for incident and policy storage? (Select two.) A. B. C. D. E. Oracle 10g version 10.2.0.4 IBM DB2 version 8.2 SQL Server 2008 R2 version 10.50.1753 Oracle 11g version 11.2 Oracle 9i version 9.2.0.4 Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 360 In order to have a proper Disaster Recovery Plan, all Symantec Control Compliance Suite 9.0 server components need to be included in the backup strategy. For some components, it is easiest to recreate the installation of a failed component. For other components, the data is backed up and the component software is reinstalled. For which three components is a data backup needed? (Select three.) A. B. C. D. E. application server Data Processing Service Production database Evidence database directory server Correct Answer: CDE Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 361 In Symantec Control Compliance Suite 9.0, on which console section is Managing Reconciliation Rules located? A. B. C. D. Monitor > Jobs Manage > Assets Manage > Content Settings > General Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 362 Which detection method is used for fingerprinting and protecting unstructured data, such as merger and acquisition documents? A. B. C. D. Exact Data Matching (EDM) Directory Group Matching (DGM) Indexed Document Matching (IDM) Described Content Matching (DCM) Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: http://www.gratisexam.com/