Download Veritas.Testkings.ST0-237.v2015-03-27.by.Alex.362q

Testkings.ST0-237.362 questions
Number: ST0-237
Passing Score: 800
Time Limit: 120 min
File Version: 6.8
http://www.gratisexam.com/
ST0-237
Symantec Data Loss Prevention 12 Technical Assessment
Start your career with this assistance and you will never regret investing in its
amazing study tools that are for you and your training in any kind of certification exam
preparation.
It offers easy understanding exam guide so that anyone can pass exam without any
hesitation. This was good opportunity for me to grab exam certification with ease and for
guide I did not have to go any further away it was just like that it was at my door step.
Its magic did work on me as I passed exam with superb score. It has very
mesmerizing patterned guidance.
Its team has put a lot of knowledge and they have come up with all their experience
in the field. I tried it and passed with graceful score and now it is your chance to do so.
This is a wonderful exam guide for those who doesn't compromise with quality of
knowledge. Save you time in buy and reading faulty guides just use this.
Exam A
QUESTION 1
You are turning on the quota on a file system for the first time. You want to ensure you are able to establish
quota for a group of users named finance.
What should you do?
A.
B.
C.
D.
Create a file named quota and assign it to the finance group.
Create a file named quota and place it in the root directory of the file system.
Create a file named quota.grp and assign it to the group of users.
Create a file named quota.grp that is owned by the root of the file system.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 2
How many free partitions do you need to encapsulate a boot disk?
A.
B.
C.
D.
1
2
3
4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 3
Which user store is essential for using the user risk summary feature?
A.
B.
C.
D.
Tomcat
Active Directory
MySQL
Samba
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 4
When you are mounting a file system, which mode sets the policy for handling I/O errors on mounted file
system?
A.
B.
C.
D.
disable
ioerror
cio
minicache
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 5
In which two ways can the default listener port for a detection server be modified? (Select two.)
A.
B.
C.
D.
E.
through the Enforce user interface under System > Overview
by editing the Communication.properties file on a detection server
through the Enforce user interface under Manage > Policies
by editing the MonitorController.properties file on a detection server
by editing the model.notification.port file on a detection server
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 6
What is the correct traffic flow for the Symantec Data Loss Prevention for Mobile Prevent?
http://www.gratisexam.com/
A.
B.
C.
D.
mobile device (iOS) > VPN > Mobile Prevent Server > Web proxy > Enforce Server > final destination
mobile device (iOS) > VPN > Web proxy > Mobile Prevent Server > final destination
mobile device (iOS) > VPN > Web proxy > Mobile Prevent Server > Enforce Server > final destination
mobile device (iOS) > VPN > Mobile Prevent Server > Web proxy > final destination
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 7
Which detection server requires two physical network interface cards?
A.
B.
C.
D.
Network Protect
Network Discover
Endpoint Discover
Network Monitor
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 8
Which option describes the three-tier installation type for Symantec Data Loss Prevention?
A. Install the database, the Enforce Server, and a detection server all on the same computer.
B. Install the Oracle database and the Enforce Server on the same computer, then install detection servers
on separate computers.
C. Install the Oracle Client (SQL*Plus and Database Utilities) on three detection servers.
D. Install the Oracle database, the Enforce Server, and a detection server on separate computers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 9
Which interface provides single sign-on access for the purpose of administering Data Loss Prevention
servers, managing policies, and remediating incidents?
A.
B.
C.
D.
Symantec Information Manager
Symantec Protection Center
Symantec Data Insight
Symantec Messaging Gateway
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 10
Which two operating systems are supported for Symantec Data Loss Prevention 12 servers? (Select two.)
A.
B.
C.
D.
E.
Windows 2003 Enterprise Edition 64-bit
Red Hat Linux 5 Enterprise 64-bit
Windows 2008 Server 32-bit
Red Hat Linux 6 Enterprise 64-bit
Windows 2008 R2 Enterprise Edition 64-bit
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 11
Which is the correct installation sequence?
A.
B.
C.
D.
Enforce > Oracle > detection server > Solution pack
Oracle > Enforce > Solution pack > detection server
Oracle > Enforce > detection server > Solution pack
Enforce > Oracle > Solution pack > detection server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 12
A company needs to secure the content of all Mergers and Acquisitions Agreements. However, the
standard text included in all company literature needs to be excluded. How should the company ensure that
this standard text is excluded from detection?
A.
B.
C.
D.
create a whitelisted.txt file after creating the Vector Machine Learning (VML) profile
create a whitelisted.txt file before creating the Exact Data Matching (EDM) profile
create a whitelisted.txt file after creating the Indexed Document Matching (IDM) profile
create a whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 13
A policy template called Customer Credit Card Numbers is being imported into the system.
What is the default result for this action?
A.
B.
C.
D.
the policy template will be listed under US Regulatory Enforcement Templates and be available
the policy template will be enabled by default
the policy template will be available after logging off and on to Enforce
the policy template will be listed under Imported Templates
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 14
You are not able to find a physical device corresponding to the disk ID in the disk media record when one of
the subdisks associated with the plex fails. You need to check the plex state to solve the problem. What will
be the status of the plex in this situation?
A.
B.
C.
D.
UNENABLED
NODEVICE
DISCONNECTED
INACTIVE
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 15
A software company needs to protect its source code including new source code between indexing times.
Which detection method should the company use to meet this requirement?
A.
B.
C.
D.
Exact Data Matching (EDM)
Described Content Matching (DCM)
Indexed Document Matching (IDM)
Vector Machine Learning (VML)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 16
An organization needs to determine whether at least 50% of a sensitive document is being sent outside the
organization. Which action should the company take to accomplish this?
A.
B.
C.
D.
use a whitelisted.txt document
use match on selected fields
use match count
use minimum document exposure
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 17
A company needs to implement Data Owner Exception so that incidents are avoided when employees send
or receive their own personal information.
Which underlying technology should the company use?
A.
B.
C.
D.
Vector Machine Learning (VML)
Described Content Matching (DCM)
Indexed Document Matching (IDM)
Exact Data Matching (EDM)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 18
An incident responder needs to change the status of an incident to 'Escalate and Notify'. Which two places
in the user interface can this Smart Response rule be invoked? (Select two.)
A.
B.
C.
D.
E.
Policy page
Incident List
Incident Snapshot
Incident Summary
Response Rules page
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Which action is available for use in Smart Response rules and Automated Response rules?
A.
B.
C.
D.
modify SMTP message
block email message
limit incident data retention
post log to a syslog server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Which response rule action will be ignored when using an Exact Data Matching (EDM) policy?
A.
B.
C.
D.
Network Prevent: Remove HTTP/HTTPS Content
All: Send Email Notification
Network Protect: Copy File
Endpoint Prevent: Notify
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 21
Which automated response action can be performed for data loss incidents caused by confidential data
found on Windows shares?
A.
B.
C.
D.
Block Message
Quarantine File
User Cancel
Notify User
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 22
When deploying Network Monitor, an administrator needs to implement monitoring of port-based protocols.
Which protocol is supported by Network Monitor?
A.
B.
C.
D.
secure tunneling
IP
TCP
UDP
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 23
Which two protocols are available by default and recognized by Network Monitor based on their individual
signatures? (Select two.)
A.
B.
C.
D.
E.
FTP
HTTPS
IM: AIM
SNMP
IM: Google Talk
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 24
Refer to the exhibit.
An administrator needs to implement a Mobile Email Monitor solution to inspect corporate emails on mobile
devices. Where should the administrator place the web proxy?
A. 1
B. 2
C. 3
D. 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 25
An administrator needs to deploy a Symantec Data Loss Prevention solution that will monitor network
traffic. Which traffic type is excluded from inspection when using the default configuration?
A.
B.
C.
D.
HTTP-get
NNTP
FTP-put
HTTP-post
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 26
Which incidents appear in the Network Incident List report when the Network Prevent Action filter is set to
Modified?
A. incidents in which confidential content was removed from the body of an SMTP email
B. incidents in which an SMTP email was changed to include one or more SMTP headers
C. incidents in which digital rights were applied to SMTP email attachments containing confidential
information
D. incidents in which confidential attachments were removed from an SMTP email
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 27
Which server encrypts the message when using a Modify SMTP Message response rule?
A.
B.
C.
D.
Encryption Gateway
SMTP Prevent server
Network Monitor server
Enforce server
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 28
An administrator implements a policy to block confidential data from being posted to Facebook. The policy
generates incidents but allows the content to be posted. Which action should the administrator take to
resolve this issue?
A.
B.
C.
D.
Turn off Trial mode
Turn on default settings
Enable Get Processing
Enable ICAP.Allowhosts
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 29
A DLP administrator needs to have the Email Prevent Server return inspected emails to the same MTA
from which it receives the message. In which mode should the Email Prevent server be configured?
A.
B.
C.
D.
forward
reflect
mirror
trial
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 30
The VxVM operation fails while importing a disk group and you get an error message "VxVM vxdg ERROR
V-5-1-2907 diskgroup: Disk group does not exist"
How will you solve this problem?
A.
B.
C.
D.
Export a disk group from another host.
Export a disk group from the current host and import the disk group to another host.
If the disk group already exists on the exported host, import it to the current host.
Restore the configuration for the disk group from the backup.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 31
Which valid automated response option should an administrator choose for Email Prevent?
A.
B.
C.
D.
Modify the message subject or add specific RFC-2822 headers
Add metadata to email headers of confidential email
Modify the body of email messages containing confidential data
Process confidential email re-routed to a specified email list
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 32
How should an administrator apply a policy to Network Discover scans?
A.
B.
C.
D.
Assign the policy group to the scan target
Choose the correct policy in the scan target
Assign the policy to the Network Discover Server
Choose the correct scan target in the policy destination
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 33
A DLP administrator needs to modify a Network Discover scan that has started.
How should the administrator ignore files larger than 20 MB for the remaining shares?
A. Pause the scan, edit the scan target filters to ignore files greater than 20 MB, resume the scan
B. Modify the server settings for the Discover server running the scan, adjust the maxfilesize.level setting
to greater than 20 MB, restart the Discover server
C. Stop the Vontu Monitor Controller Service, go to Manage > Discover Scanning > Discover Targets, set a
new filter, restart the service
D. Create a new scan with updated file size filters and start the scan
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 34
Refer to the exhibit.
An administrator needs to implement the use of a scanner, but is unfamiliar with the general, high-level
process associated with scanners. Which action occurs in step 3?
A.
B.
C.
D.
the scanner reviews and confirms configuration parameters
the scanner connects to target and reads the content and metadata
the scanner process is started by a user or scheduled event
the scanner packages filtered content and posts the data to Discover server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 35
A DLP administrator is attempting to use Encryption Insight to detect confidential information in encrypted
files but has been unsuccessful. It is determined that the process was unable to retrieve the appropriate
PGP key because the user key was using the incorrect encryption mode. What is the correct encryption
mode that must be used by the user key?
A.
B.
C.
D.
Client Key Mode
Server Key Mode
Client Server Key Mode
Guarded Key Mode
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 36
While performing a VxVM operation, you discover that the disk group configuration has become corrupt.
You want to check the changes in the VxVM configuration data and automatically record any configuration
changes that occur.
What would you do in this situation?
A.
B.
C.
D.
Use the vxconfigd daemon to monitor changes to the VxVM configuration.
Use the vxrelocd daemon to monitor monitors changes to the VxVM configuration.
Use the vxconfigbackupd daemon to monitors changes to the VxVM configuration.
Use vxdctl daemon to monitors changes to the VxVM configuration.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 37
A DLP administrator has determined that a Network Discover server is unable to scan a remote file server.
Which action should the administrator take to successfully scan the remote file server?
A.
B.
C.
D.
restart the discover scan
verify that the target file server is a Windows 2008 server
use the fully qualified name (FQDN) of the server
verify that the file server has .NET services running
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 38
An administrator is applying a newly created agent configuration to an Endpoint server. Upon inspection,
the new configuration is unassigned in the Endpoint Server Details. What is a possible cause for the new
configuration failing to be assigned?
A.
B.
C.
D.
the system default settings were saved to the new agent configuration
the server that the new agent configuration was applied to needs to be recycled
the new agent configuration was saved without applying it to the Endpoint server
the new agent configuration was copied and modified from the default agent configuration
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 39
You have encapsulated the disk for swap partitions and created mirrors under the VxVM control. Which
files in /etc get modified when the root disk is encapsulated?
A.
B.
C.
D.
vfstab and file system
vfstab and rootdisk
mnttab and file system
volboot and file system
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 40
You have a system that has two disks--disk01 and disk02, which are mapped into the system configuration
during boot as disks c0t0d0s2 and c0t1d0s2, respectively. A failure has caused disk01 to become
detached. What would you do to view the status of the failed disk01?
A.
B.
C.
D.
Use the vxdg list command
Use the vxdg s list command
Use the vxprint command
Use the vxdisk list command
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 41
What is the default limit to the number of subdisks that can be attached to a single plex?
A.
B.
C.
D.
1024
2048
4096
Unlimited
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 42
A DLP administrator is writing one policy to block sensitive data from being copied to removable media. The
administrator is applying two response rules to the policy: 'Endpoint Prevent: Notify' and 'Endpoint Prevent:
Block'.
Why are some copies blocked while others are only notified?
A.
B.
C.
D.
There are different conditions for the different response actions
The monitor and ignore filters are defined incorrectly
The DLP administrator needs to fine tune the throttling options
The Directory Group Matching (DGM) profile has users in different groups
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 43
An incident response team has determined that multiple incidents are resulting from the same user action
of copying sensitive data to USB devices.
Which action should the incident response team take to fix this issue so only one incident per action is
detected?
A.
B.
C.
D.
Create separate policies for the different detection methods
Combine multiple conditions into one compound rule
Change which 'Endpoint Destinations' are monitored
Change the monitor/ignore filters in the agent configuration
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 44
Which option should be used to optimize the performance of a network share Discover scan?
A.
B.
C.
D.
Ensure that the target file system is defragmented regularly
Use an incremental scan to only include previously unscanned items
Configure credential prefetching to reduce delay in authentication
Disable antivirus scanning for network shares on the detection server
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 45
What is the most efficient method for designing filters to remove unwanted traffic?
A.
B.
C.
D.
policy-based exceptions
IP-based filtering per protocol
L7 filtering per protocol
sampling per protocol
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 46
An administrator running a company's first Discover scan needs to minimize network load. The duration of
the scan is unimportant. Which method should the administrator use to run the Discover scan?
A.
B.
C.
D.
ignore smaller than
ignore larger than
throttling
date last accessed
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 47
A network administrator needs to be notified if someone attempts to tamper with or shut down the VPN
connection on an iPad or iPhone. Which product should the administrator use to configure the notification
alert?
A.
B.
C.
D.
Mobile Email Monitor
Mobile Device Management
Network Prevent
Mobile Prevent
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 48
Which command attempts to find the name of the drive in the private region and to match it to a disk media
record that is missing a disk access record?
A.
B.
C.
D.
vxdisk
vxdctl
vxreattach
vxrecover
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 49
What is the correct configuration for BoxMonitor.Channels that will allow the server to start as a Network
Monitor server?
A.
B.
C.
D.
Packet Capture, Span Port
Packet Capture, Network Monitor
Packet Capture, Network Tap
Packet Capture, Copy Rule
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Real answer.
QUESTION 50
Refer to the exhibit.
An administrator is testing the DLP installation by placing .EML files into the drop folder, but has been
unsuccessful in generating any incidents. The administrator is checking the Advanced Server Settings page
to see if it can help diagnose the issue.
What could be causing this problem?
A.
B.
C.
D.
BoxMonitor.IncidentWriter setting needs to be set to Test
BoxMonitor.FileReader needs to be set to default
BoxMonitor.IncidentWriterMemory is set too high
BoxMonitor.Channels contains an incompatible entry
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 51
An administrator needs to remove an agent and its associated events from a specific Endpoint Server.
Which Agent Task does the administrator need to perform to disable its visibility in the Enforce UI?
A.
B.
C.
D.
Delete action from the Agent Summary page
Disable action from Symantec Management Console
Change Endpoint Server action from the Agent Overview page
Delete action from the Agent Health dashboard
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 52
An administrator pulls the Services and Operation logs off of a DLP Agent by using the Pull Logs action.
What happens to the log files after the administrator performs the Pull Logs action?
A.
B.
C.
D.
they are stored directly on the Enforce server
they are transferred directly to the Enforce Server and deleted from the DLP Agent
they are created on the DLP Agent then pulled down to the Enforce server
they are temporarily stored on the DLP Agent's Endpoint server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 53
A company needs to disable USB devices on computers that are generating a number of recurring DLP
incidents. It decides to implement Endpoint Lockdown using Endpoint Prevent, which integrates with
Symantec Endpoint Protection Manager and Symantec Management Platform. After incidents are still
detected from several agents, the company determines that a component is missing.
Which component needs to be added to disable the USB devices once incidents are detected?
A.
B.
C.
D.
Control Compliance Suite
Workflow Solution
pcAnywhere
Risk Automation Suite
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 54
A compliance officer needs to understand how the company is complying with its data security policies over
time. Which report should the compliance officer generate to obtain the compliance information?
A.
B.
C.
D.
Policy Trend report, summarized by policy, then quarter
Policy Trend report, summarized by policy, then severity
Policy report, filtered on quarter, and summarized by policy
Policy report, filtered on date, and summarized by policy
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 55
A divisional executive requests a report of all incidents generated by a particular region, summarized by
department. What must be populated to generate this report?
A.
B.
C.
D.
remediation attributes
sender correlations
status groups
custom attributes
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 56
A divisional executive requests a report of all incidents generated by a particular region and summarized by
department. Which incident information must be populated to generate this report?
A.
B.
C.
D.
remediation attributes
custom attributes
sender correlations
status groups
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 57
What should an incident responder select to remediate multiple incidents simultaneously?
A.
B.
C.
D.
Smart Response on the Incident Snapshot page
Automated Response on an Incident List report
Smart Response on an Incident List report
Automated Response on the Incident Snapshot page
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 58
Which two options are available when selecting an incident for deletion? (Select two.)
A.
B.
C.
D.
E.
Delete the incident completely
Delete the original message and retain the incident
Delete the incident and retain the original message
Delete the incident and export incident details to .CSV file
Delete all attachments or files and export incident to .XML file
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 59
A DLP administrator is creating a role that contains an incident access condition that restricts users from
viewing specific incidents.
Which two conditions can the administrator specify when creating the incident access condition in a role?
(Select two.)
A.
B.
C.
D.
E.
file type
custom attribute
recipient
file size
policy group
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 60
An incident responder is viewing a discover incident snapshot and needs to determine which information to
provide to the next level responder. Which information would be most useful in assisting the next level
responder with data clean-up?
A.
B.
C.
D.
Incident Details: Message Body content
Custom Attributes: Most Active User from Data Insight
Incident Details: File Owner metadata
Access Information: File Permissions
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 61
What is the most efficient policy so that incidents are generated only when a specific user under
investigation sends encrypted files?
A.
B.
C.
D.
a policy that has one condition
a policy that has one exception
a policy that has two conditions
a policy that has two exceptions
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 62
Which two locations can the administrator verify a newly created policy was loaded on a detection server?
(Select two.)
A.
B.
C.
D.
E.
System > Servers > Overview
System > Servers > Server Detail
Manage > Policies > Policy List
System > Servers > Overview > Configure Server
System > Servers > Events
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 63
How should an administrator export all policies from a test environment to a production environment?
A.
B.
C.
D.
Choose the option to 'export all' on the Manage > Policies > Policies List page
Export one policy template at a time
Navigate to System > Settings > Export and select 'All'
Locate the 'policy' folder under 'SymantecDLP' and copy all of the .XML files
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 64
Refer to the exhibit.
Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying
and remediating key risk areas without disrupting legitimate business activity. According to this model,
which activity should occur during the baseline phase?
A.
B.
C.
D.
Monitor incidents and tune the policy to reduce false positives
Define and build the incident response team
Establish business metrics and begin sending reports to business unit stakeholders
Test policies to ensure that blocking actions minimize business process disruptions
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 65
The chief information security officer (CISO) is responsible for overall risk reduction and develops high-level
initiatives to respond to security risk trends.
Which report will be useful to the CISO?
A.
B.
C.
D.
all high severity incidents that have occurred during the last week
all dismissed incidents violating a specific policy marked as false positive
all incidents from the previous month summarized by business units and policy
all new incidents that have been generated by a specific business unit during the last week
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 66
Refer to the exhibit.
Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying
and remediating key risk areas without disrupting legitimate business activity.
What occurs during the notification phase?
A. Notification helps define confidential information and assign appropriate levels of protection to it using
classifications.
B. On-Screen Pop-ups compare existing company information protection polices to best practices.
C. Notification helps develop a plan for integrating appropriate data security practices.
D. Automated sender notification educates employees in real-time about company policy violations.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 67
Which structure records are stored in the private region? (Each correct answer presents part of the
solution. Select three.)
A.
B.
C.
D.
Disk group configuration
Disk and disk group ID
File system metadata
Disk group kernel log
E. Partition tables
Correct Answer: ABD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 68
How should an administrator determine which Database version is running?
A.
B.
C.
D.
Run the command select database version from database;
Right click on database folder and select version
Run the command select * from v$version;
Look in add/remove programs for the database program
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 69
Which version of Oracle does Symantec Data Loss Prevention version 12.0 require for new installations or
upgrading from 11.x to 12.0?
A.
B.
C.
D.
10.2.0.1
10.2.0.4
11.2.0.2
11.2.0.3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 70
A user is unable to log in as sysadmin. The Data Loss Prevention system is configured to use Active
Directory authentication. The user is a member of two roles: sysadmin and remediator. How should the
user log in to the user interface in the sysadmin role?
A.
B.
C.
D.
sysadmin\[email protected]
sysadmin\username
domain\username
username\sysadmin
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 71
When attempting to log in as administrator to the UI, the administrator receives a login error:
Invalid Username/Password or Disabled Account
The DBA verifies the account is enabled. The information provided for the environment only includes the
DLP protect database username and password as well as a username and password called Sys Admin
\Admin.
How should the administrator change the built-in 'Administrator' password?
A. log in to the Enforce UI as the Sys Admin account and go to System > Login Management > DLP Users
and reset the administrator password
B. extract the administrator password from the DatabasePassword.properties file
C. update the PasswordEnforcement.properties file with a new administrator password
D. use the AdminPasswordReset utility to update the password
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 72
Consider a situation where you run the vxdmpadm start restore command and encounter an error message
"VxVM vxdmpadm ERROR V-5-1-3243 The VxVM restore daemon is already running"
How will you solve this error?
A.
B.
C.
D.
Stop vxdmpadm and restart vxdmpadm.
Stop vxdmpadm and start vxdarestore.
Stop vxdmpadm and reboot the system.
Restart the all the VxVM daemons.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 73
Which two Diagnostic Logging Settings can be configured under the Systems > Servers > Logs Configuration tab in the Enforce UI? (Select two.)
A.
B.
C.
D.
E.
Discover Trace Logging
Packet Capture Debug Logging
Endpoint Debug Logging
Described Content Matching Incident Logging
Aggregator Debug Logging
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 74
Which two products are leveraged for Network Prevent integration? (Select two.)
A. Mail Transfer Agent
B.
C.
D.
E.
Network Tap
Proxy Server
Span Port
Load Balancer
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 75
Which server target uses the 'Automated Incident Remediation Tracking' feature?
A.
B.
C.
D.
Lotus Notes
File System
SharePoint
Exchange
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 76
Which command will you use to display all the disk groups that are currently imported on the system?
A.
B.
C.
D.
vxdg import
vdisk dglist
vxvm dg list
vxdg list
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 77
A DLP administrator needs to configure an Automated Response rule that can execute while end-users are
off the corporate network. Which response rule condition will enable the administrator to accomplish this
task?
A.
B.
C.
D.
Endpoint Location
Endpoint Device
Protocol or Endpoint Destination
Sender/User Matches Pattern
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 78
A DLP administrator needs to forward data loss incidents to the company's Security Information and Event
Management (SIEM) system. Which response rule action provides the administrator with the ability to
accomplish this task?
A.
B.
C.
D.
All: Send Email Notification
All: Log to a Syslog Server
All: Add Note
All: Set Attribute
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 79
Which traffic type is excluded from analysis when an administrator uses Network Monitor?
A.
B.
C.
D.
Skype
Yahoo! Instant Messenger
NNTP
Telnet
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
correct answer.
QUESTION 80
You execute the vxtrace command without any option to collect I/O trace data on all virtual disk drives
during peak I/O operations. When you start to analyze the data, you notice that vxtrace displays a record
indicating records are lost. You want to reduce the likelihood of the kernel discarding records so that you
don't have to rerun vxtrace to capture the records.
What should you do?
A.
B.
C.
D.
Print vxtrace event records to a file
Increase the kernel buffer
Wait until I/O operations have decreased
Increase the kernel buffer using the o option
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 81
Refer to the exhibit.
A DLP administrator is planning the deployment of the Symantec Data Loss Prevention with Mobile Email
Monitor. Where should the administrator place the Mobile Email Monitor?
A.
B.
C.
D.
1
2
3
4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 82
Which two fallback options are available for a 'Network Prevent: Remove HTTP/HTTPS' content response
rule when a web-based message contains confidential data? (Select two.)
A.
B.
C.
D.
E.
Redirect the content to an alternative destination
Block the content from being posted
Encrypt the content before posting
Remove the content through FlexResponse
Allow the content to be posted
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 83
A network architect needs to install Symantec Data Loss Prevention detection servers in a hosted
environment.
Which action should the network architect take to ensure secured communication between the detection
server and the Enforce server?
A.
B.
C.
D.
use the sslkeytool utility to create multiple unique certificates for each detection server
generate a certificate directly on each detection server
use the built-in Symantec Data Loss Prevention certificate for the hosted server
generate identical certificates for on-premise servers and identical certificates for hosted servers
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 84
Which function does the Email Prevent server provide when integrating into an existing email environment?
A.
B.
C.
D.
inspects, stores, and blocks confidential emails as a Mail Transfer Agent (MTA)
integrates with a Mail Transfer Agent (MTA) to inspect SMTP email messages
maintains each inbound SMTP message transaction until the outbound is inspected
processes and inspects outbound SMTP messages until the email transaction has been closed
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 85
You work in a Server Operations Center (SOC), and you are required to track the status of the VxVM tasks
in progress on a UNIX server. Another member of the administration team is scheduled to execute VxVM
changes; you are also responsible for tracking the progress of those changes. In addition, you are required
to escalate any issues with the change to the team member.
How would you execute this task?
A.
B.
C.
D.
By using vxtask monitor to track active VxVM tasks
By using OS-level process monitoring tools, such as top or prstat
By using vxassist monitor to track active VxVM tasks
By using vxtask status to track active VxVM tasks
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 86
Which two pieces of system information are collected by Symantec Data Loss Prevention Supportability
Telemetry? (Select two.)
A. Currently installed version of the Enforce Server
B. Number of policies currently deployed
C. Cumulative statistics regarding network traffic
D. File types for which there are incidents
E. Number of system alerts generated daily
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 87
While performing a disk group joins operation, you get an error "VxVM vxdg ERROR V-5-1-2866 object:
Record already exists in disk group." You want to resolve this error.
How should you resolve this error?
A.
B.
C.
D.
Change the object name in the disk group.
Change the object name to same as disk group.
Import a disk group and rename it.
Delete the disk group and recreate it with another name.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 88
You are performing a move operation under VxVM control. You cannot find the disk involved in a disk
group. In addition, you get the following error message:
"VxVM vxconfigd ERROR V-5-1-4551 dg_move_recover: can't locate disk(s), giving up"
How should you resolve this error?
A.
B.
C.
D.
Use vxdisk command to import a disk group.
Use vxdg command to clean the disk group to be imported.
Use vxassist command to clean the disk group to be imported.
Use vxconfigd command to import a disk group.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 89
Which two actions should an organization take when deploying Endpoint Prevent according to Symantec
best practices? (Select two.)
A.
B.
C.
D.
E.
Test the agent on a variety of end-user images
Enable monitoring of the local file system
Enable monitoring of many destinations and protocols simultaneously
Configure, test, and tune filters
Delete the pre-defined filters and create its own
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 90
How does the DLP Agent prevent slow response time?
A.
B.
C.
D.
Endpoint Discover queues files until resources are available.
Endpoint Discover pauses any scans if resources are needed.
Endpoint Prevent pauses detection until any scans complete.
Endpoint Prevent queues files until resources are available.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 91
An administrator is configuring an approved Endpoint device and adding it as an exception to a policy that
blocks the transfer of sensitive data. Data transfers to these approved Endpoint devices are still being
blocked. Which action should the administrator take to prevent the data transfers from being blocked?
A.
B.
C.
D.
Disable and enable the policy involved for the changes to take effect
Verify that the proper device ID or class has been entered
Edit the exception rule to ensure Match On is set to 'Attachments'
Assign the Endpoint device configuration to all of the Endpoint servers
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 92
You have just started a relayout operation in a live test environment, and you want to limit the impact of your
work on concurrent testing activities. You also want to accommodate the need to constrain a relayout job's
performance impact on concurrent activities.
What would you do to perform this task?
A.
B.
C.
D.
Use the "set iodelay" option of vxtask to throttle the VxVM task.
Use the "set iowait" option of vxtask to throttle the VxVM task.
Use the "set slow" option of vxtask to throttle the VxVM task.
Use the "set nice" option of vxtask to throttle the VxVM task.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 93
You want to remove the disk named datadg01 from the disk group named datadg. You also want to remove
the public and private regions from the disk. However, you want to retain the data stored on the disk. Which
commands will you use to achieve this?
A. vxdiskunsetup vxdg rmdisk vxevac
B. vxdg rmdisk vxevac vxdiskunsetup
C. vxremove vxdg evac vxdisk rmdisk
D. vxevac vxdg rmdisk vxdiskunsetup
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 94
You have replaced disks on a system under the VxVM control and you get an error "VxVM vxconfigrestore
ERROR V-5-1-6012 There are two backups that have the same disk group name with different disk group
id". How will you resolve this error?
A.
B.
C.
D.
Delete the backup file, in dginfo, /etc/vx/cbr/bk/diskgroup. dgid/ dgid.dginfo.
Rename one of the disk groups.
Specify the disk group by its name rather than by its ID.
Specify the disk group by its ID rather than by its name.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 95
Which two methods should an administrator use to exclude emails going to partner.com and all traffic going
to a specific subnet? (Select two.)
A.
B.
C.
D.
E.
Protocol filter
L7 recipient filter
Sender/User Matches pattern
L7 sender filter
IP filter
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 96
Which command will you run to get the full path name of the file, if you only have the inode number?
A.
B.
C.
D.
vxfsstat
vxquot
vxquota
vxlsino
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 97
You work in a Server Operations Center (SOC) with other administrators monitoring VxVM background
tasks after you initiate them. You need to set up a VxVM task so that these SOC administrators can track
your background tasks against the change control documentation.
What would you do address this requirement?
A.
B.
C.
D.
Use the vxtask label command to mark the task with the change control number.
Use the "-n" flag to associate the task with the change control number.
Use the "-t" flag to mark the task with the change control number.
Use the vxtask tag command to associate the task id with the change control number.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 98
An organization needs to implement a solution that will protect its sensitive information while allowing its
mobile device users to access sites and applications such as Facebook, Dropbox, and Twitter.
Which Symantec Data Loss Prevention solution should the organization use to protect its information?
A.
B.
C.
D.
Mobile Email Monitor
Mobile Prevent
Network Prevent
Endpoint Prevent
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 99
A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of
the Server Detail page, the administrator discovers that all processes are missing from the display. Why are
the processes missing from the Server Detail page display?
A.
B.
C.
D.
The detection server Display Control Process option is disabled on the Server Detail page.
The Display Process Control setting on the Advanced Settings page is disabled.
The detection server PacketCapture process is displayed on the Server Overview page.
The Advanced Process Control setting on the System Settings page is deselected.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 100
How is data moved to the servers at Symantec when auto-transmission of Supportability Telemetry data is
enabled?
A. HTTP POST to Symantec from Agents
B. HTTPS POST to Symantec from Enforce
C. HTTP POST to Symantec from Enforce
D. HTTPS POST to Symantec from Agents
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 101
Which DLP Agent task is unique to the Symantec Management Platform and is unavailable through the
Enforce console?
A.
B.
C.
D.
Change Endpoint server
Restart agent
Pull agent logs
Toggle print screen
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 102
Which endpoint database file should be used to tune and change debugging levels?
A.
B.
C.
D.
cg.ead
ps.ead
am.ead
ks.ead
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 103
Which file is required to decrypt the edpa_ext0.log using the Endpoint Agent logdump utility?
A.
B.
C.
D.
dcs.ead
cg.ead
ks.ead
is.ead
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 104
An incident responder can see basic incident data, but is unable to view specific details of the incident.
What could be wrong with the configuration in the incident responder's role?
A.
B.
C.
D.
View option is selected and all display attributes are deselected.
Incident Access tab conditions are specified.
Available Smart Response rules are deselected.
Server administration rights are deselected.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 105
You have executed the vxdg -g diskgroup adddisk disk_name= command. Which switch needs to be added
to force VxVM to take the disk media name of the failed disk and assign it to the new replacement disk?
A.
B.
C.
D.
-force
-k
-f
-assign
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 106
Refer to the exhibit.
Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying
and remediating key risk areas without disrupting legitimate business activity. According to best practices,
which option should be enabled during the baseline phase of policy risk reduction?
A.
B.
C.
D.
Change automated email responses
EDM/IDM detection
Use secure storage
Enable auto-encryption
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 107
Which command is used to save queries/commands written to the database when one of the following
DMLs is used: Update, Insert, or Delete?
A.
B.
C.
D.
commit
finalize
:wq
exit
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 108
What is the importance of using a CPU in Oracle within the DLP technology?
A.
B.
C.
D.
Central Processing Unit - ensures database has enough processing power
Command Processor Unit - lays out the commands to process for the database
Critical Patch Update - ensures Oracle is securely patched
Communications Processing Unit - sends alerts to administrator
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 109
You are accessing the public region of a drive. You get an error message stating that the disk has failed.
What could be the possible reason for this message?
A. VxVM can access the private region but there are uncorrectable I/O failures on the public region of the
drive.
B. VxVM cannot access the private region or the public region of the drive.
C. VxVM can access the public region of the drive but there are uncorrectable I/O failures on the private
region of the drive.
D. VxVM can access the public and the private region of the drive but the plex on the drive is disabled.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 110
The administrator determines that \SymantecDLP\Protect\Incidents folder on Enforce contains .BAD files
dated today while other .IDC files are flowing in and out of the \Incidents directory. Only .IDC files larger
than 1MB are turning to .BAD.
What could be causing only incident data smaller than 1MB to persist while incidents that are larger than
1MB change to .BAD files?
A.
B.
C.
D.
Enforce hard drive is out of free disk space
detection server has excessive filereader restarts
tablespace is almost full
corrupted policy was deployed
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 111
You execute the qio_convertdbfiles command to convert the database files to use Quick I/O. The command
results with an error that the database files are not on a VxFS file system. You need to convert the
database files to use Quick I/O.
What should you do?
A.
B.
C.
D.
Run the qio_getdbfiles command to get the database files on the VxFS file system.
Remove the files from the mkgio.dat file.
Predefine the DB2 environment variable $DB2DATABASE.
Set the database type to DB2.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 112
A Network Monitor is showing under System Overview as 'Running Selected'. The corresponding detection
server events indicate that packet capture and filereader are crashing. What is a possible cause for the
Network Monitor being in this state?
A.
B.
C.
D.
the license has expired for this detection server
the Enforce server and detection server are running different versions
the detection server is missing the server side certificate
the minimum required amount of available free space has been used
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 113
An administrator is attempting to check the status of the services for a detection server in the UI. The only
option showing under System > Servers > Overview > Server Detail is 'Status'. What is a possible cause for
the server details to show 'Status' only?
A.
B.
C.
D.
the services are failing to run
the user is logged in with a limited role
Advanced Process Control is unchecked
Symantec Data Loss Prevention Standard Edition is installed
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Real answer.
QUESTION 114
Which System Administration page will display a list of the system servers as well as recent error-level and
warning-level system events?
A. System > Servers > Events
B. System > Servers > Overview
C. System > Settings > General
D. System > Servers > Alerts
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 115
Silent installation can be performed for which component of Symantec Control Compliance Suite 9.0?
A.
B.
C.
D.
directory server
Data Processing Service
application server
Response Assessment Module
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 116
What are two benefits that data loss prevention solutions provide? (Select two.)
A.
B.
C.
D.
E.
Provide accurate measurement of encryption strength
Give insight into capacity planning for sensitive data
Identify who has access to sensitive data
Indicate where sensitive data is being sent
Meet data retention requirements for business continuity
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 117
What is the minimum number of computers required to configure each Data Processing Service role?
A.
B.
C.
D.
1
2
3
4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 118
A role is configured for XML export and a user executes the export XML incident action.
What must be done before history information is included in the export?
A.
B.
C.
D.
A remediator must take an action on the incident.
History must be enabled as a tab or panel in the incident snapshot layout.
Incident history must be enabled in the user's role.
The manager.properties must be configured for XML export.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Which service is responsible for starting and controlling the user interface?
A.
B.
C.
D.
VontuManager
VontuMonitor
VontuNotifier
VontuMonitorController
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 120
Which three are components of a Reconciliation Rule? (Select three.)
A.
B.
C.
D.
E.
Save in: Folder Selection
Set Asset Group
Asset Type
Rule Type
Select Asset Filter
Correct Answer: ACD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 121
What can cause an increase in the DLP Agent footprint?
A.
B.
C.
D.
Smart Response rules
additional Agent Components
additional policies
API lookups
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 122
Which four functional roles can be registered to the Data Processing Service? (Select four.)
A.
B.
C.
D.
E.
F.
Load Balancer
Data Provider
Collector
Evaluator
Reporter
Manager
Correct Answer: ACDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 123
In which case will the agent status remain green (healthy) on the Agent Events page?
A.
B.
C.
D.
The Endpoint server detects that the connection with the agent is lost.
There is agent or server authentication failure.
The agent is unable to restore a database file.
The agent service and file-system driver are running.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 124
How many dashboards can be viewed simultaneously on the home page?
A.
B.
C.
D.
1
2
4
8
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 125
A Data Loss Prevention administrator brings a new Endpoint server online and redirects existing DLP
Agents to work with this server. The administrator notices, in the Agent Overview page, that the redirected
agents are showing an offline status.
Which scenario is the most likely cause of this issue?
A. Active policies are disabled on this Endpoint server and pushed out to the DLP Agents.
B. The Agent Monitoring configuration of this new Endpoint server needs to enable the appropriate
monitoring options.
C. The Agent Monitoring configuration of this new Endpoint server has aggressive throttling enabled for
DLP Agents causing them to shut down.
D. The Endpoint server is listening on the default port of 8000 while the DLP Agents are using a custom
port number.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 126
During testing, a Data Loss Prevention administrator configures a Network Discover target to identify and
quarantine confidential files. The target is set up with a default credential that has read-only permissions on
the file server. After running the scan and checking the results, the administrator finds several incidents
from the scan, observes that all confidential files are still in their original location, but the configured
quarantine directory contains the confidential files.
Which two Discover target configuration mistakes might be causing the problem? (Select two.)
A.
B.
C.
D.
E.
The sharelist excludes all directories on the host being scanned.
The Quarantine/Copy Share credentials are invalid.
The Default credentials are invalid.
The Copy option is selected.
The Protect credential is unspecified.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 127
When does the RMS Console Configuration Wizard appear? (Select two.)
A.
B.
C.
D.
E.
every time a new license has been added
the first time that a user opens the console after the installation or the upgrade
after a new Credential database has been applied to the user
after a bv-Control snap-in installation on the console computer
after the user has changed their default information server
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 128
What must be done in order to create a new asset type?
A.
B.
C.
D.
Import assets from this new type
Create the asset type in the asset interface
Extend the asset schema
Install a new bv-Control snapin
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 129
The terms Confidentiality, Integrity, and Availability refer to which aspect of an Evaluation of a Standard?
A.
B.
C.
D.
Standard References
Risk Score
Common Vulnerabilities and Exposures
Compliance Score
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 130
A policy author is creating a policy using a Data Identifier (DI) and needs to add keywords to help eliminate
false positives. The policy author needs to avoid duplicates with the Keyword validators included with the
DI.
Where can the policy author find the list of validators?
A.
B.
C.
D.
Symantec Data Loss Prevention Administration Guide
Symantec Data Loss Prevention Install Guide
User Interface - Manage > Response Rules
User Interface - Edit Policy > Edit Rule > More Info
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 131
What is one of the steps that must take place before comparing entitlements of a control point?
A.
B.
C.
D.
generate entitlement report
request to approve entitlements
approve entitlements at least once
approve entitlements at least twice
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 132
An administrator has completed the example document training process, but is having difficulty deciding
whether or not to accept a VML profile.
Where can the administrator find information regarding the quality of each training set at a granular, per-fold
level?
A. machinelearning_training_process.log file
B. machinelearning_native_filereader.log fil
C. machinelearning_training.log file
D. machinelearning_native_manager.log file
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 133
What should be used to add an Apple iPod device to a list of Endpoint devices?
A.
B.
C.
D.
CLASS/GENERIC/MUSIC/Apple
GLOBAL;MANUFACTURER;Apple*
DEVICESTORE:*APPLE&IPOD*
USBSTOR\\DISK&VEN_APPLE&PROD_IPOD&.*
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 134
To which file system folder does PacketCapture write reconstructed SMTP messages?
A.
B.
C.
D.
drop
drop_pcap
drop_email
drop_smtp
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 135
Which setting allows a user to stop the filereader process from the user interface?
A.
B.
C.
D.
APC (Advanced Process Control)
Filereader.ScheduledInterval
UnicodeNormalizer.Enabled
Lexer.Validate
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 136
Which three functions are provided by Symantec Control Compliance Suite 9.0? (Select three.)
A. Provides the ability to attest to procedural controls
B.
C.
D.
E.
Uses automated agentless or agent-based capabilities to audit and scan technical controls
Verifies and confirms risk and posture compliance assessment
Produces evidence of due care in an IT audit process
Integrates the remediation process
Correct Answer: ABD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 137
An administrator is running a Discover Scanner target scan and the scanner is unable to communicate
back to the Discover Server.
Where will the files be stored?
A.
B.
C.
D.
Discover Server incoming folder
scanner's outgoing folder
scanner's incoming folder
Enforce incident persister
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 138
The Symantec Control Compliance Suite 9.0 (CCS 9.0) stores large amounts of data in databases. The
database administrator must perform tasks on the databases outside of CCS 9.0 to maintain the databases
and to ensure that the databases are performing at an acceptable level.
Which three tasks should be routinely scheduled in SQL Server Management Studio? (Select three.)
A.
B.
C.
D.
E.
Configure the databases
Back up the databases
Refresh the databases
Rebuild the indexes
Update the database statistics
Correct Answer: BDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 139
Which command line diagnostic utilities would give a user the operating system version of the detection
servers?
A.
B.
C.
D.
Environment Check Utility
Log Collection Utility
NormalizationConfigCheck.exe
SC.exe
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 140
Which log should be reviewed first if a database issue is suspected?
A.
B.
C.
D.
manager_operational.log
alert_.log
enforce_diagnostics.log
manager_jdbc.log
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 141
Which two components of Symantec Control Compliance Suite 9.0 must be deployed in an Active Directory
domain? (Select two.)
A.
B.
C.
D.
E.
application server
Data Processing Services
Production database
directory server
web portal server
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 142
Each organization establishes its own priorities around the data they consider important to protect.
What is a common category of data at risk?
A.
B.
C.
D.
competitor financial data
company intellectual property
technical environmental risk data
historical stock share data
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 143
To manually troubleshoot DLP Agent issues, the database and log viewer tools must be executed in which
location?
A.
B.
C.
D.
in the same location as the dcs.ead file location
in the same location as the cg.ead file location
in the same location as the ks.ead file location
in the same location as the is.ead file location
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 144
Which product must run on a physical server?
A.
B.
C.
D.
Endpoint Prevent
Network Monitor
Enforce
Network Prevent
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 145
Which products can be configured on the same detection server?
A.
B.
C.
D.
Network Protect and Network Discover
Endpoint Discover and Network Discover
Network Monitor and Network Prevent
Network Monitor and Network Discover
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 146
When registering Oracle databases in bv-Control for Oracle, which two options are supported? (Select two.)
A.
B.
C.
D.
E.
Registering the database from Active Directory
Registering the database manually
Registering the database from Oracle Internet Directory
Registering the database from tnsnames
Registering the database from DNS
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 147
Which Symantec Control Compliance Suite 9.0 components must be installed in the same domain?
A.
B.
C.
D.
Data Processing Service Collector Role and information server
application server and directory server
Data Processing Service Reporter Role and SQL database server
directory server and SQL database server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 148
A customer has four Enterprise Security Manager (ESM) managers in their environment.
What is the minimum number of Symantec Control Compliance Suite 9.0 sites to which these managers
can be assigned?
A.
B.
C.
D.
1
2
3
4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 149
What are two benefits of the Symantec Data Loss Prevention 11.5 security architecture? (Select two.)
A. Communication is initiated by the detection servers inside the firewall.
B. SSL communication is used for user access to the Enforce Platform.
C. Endpoint Agent to Endpoint Server communication uses the Triple Data Encryption Standard (Triple
DES).
D. Confidential information captured by system components is stored using Advanced Encryption
Standards (AES) symmetric keys.
E. All indexed data uploaded into the Enforce Platform is protected with a two-way hash.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
fine answered.
QUESTION 150
Which three factors must be considered when planning the deployment of the RMS Information Server?
(Select three.)
A.
B.
C.
D.
E.
number of Active Directory domains in scope
geographic location of RMS users
number of RMS users
enterprise network areas to be queried
location of the Information Server database
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 151
What is the function of the Remote Indexer?
A. to create Index Document Matching (IDM) profiles and Exact Data Matching (EDM) profiles on a remote
server
B. to create Exact Data Matching (EDM) profiles on a remote server
C. to create policy templates on a remote server
D. to create Index Document Matching (IDM) profiles on a remote server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 152
Which term refers to organizational rules or requirements that provide guidance to employees?
A.
B.
C.
D.
E.
framework
standard
policy
benchmark
regulation
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 153
Which two job types invoke the Data Processing Service data collector? (Select two.)
A.
B.
C.
D.
E.
Data Collection job
Asset Import job
Evaluation job
Evidence Collection job
Reporting job
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 154
A company has created an Exact Data Matching profile and referenced it in a policy to protect customer
credit card information. New customers are added daily, but the profile is updated weekly.
Until the profile can be updated, which rule should be added to protect new credit card numbers?
A.
B.
C.
D.
A compound rule that also matches on a data identifier
A detection rule that matches on sender/user
A separate detection rule that uses a data identifier
A detection rule that matches on regular expressions
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 155
A company needs to protect all Mergers and Acquisitions Agreements from leaving the organization.
However, there is standard text that is included in all company literature that they would like to exclude.
What should be done to make sure that this standard text is excluded from detection?
A.
B.
C.
D.
create a whitelisted.txt file after creating the Exact Data Matching (EDM) profile
create a whitelisted.txt file before creating the Exact Data Matching (EDM) profile
create a whitelisted.txt file after creating the Indexed Document Matching (IDM) profile
create a whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 156
A company needs to collect data from their AS/400 application servers.
Which data collection component will they need to deploy?
A.
B.
C.
D.
bv-Control for AS/400
Symantec Enterprise Security Manager
Symantec RMS
bv-Control for UNIX
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 157
A policy template called Customer Credit Card Numbers is being imported into the system.
What is the default result for the import of this policy template?
A.
B.
C.
D.
The policy template will be listed under US Regulatory Enforcement Templates and be available.
The policy template will be enabled by default.
The policy template will be listed under Imported Templates.
The policy template will be available after restarting the VontuManager service.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 158
Which user action can be performed on a read-only policy in the Symantec Control Compliance Suite 9.0
web portal?
A.
B.
C.
D.
Request Clarification
Request Exception
Accept
Decline
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 159
A Symantec Control Compliance Suite 9.0 (CCS 9.0) administrator has modified a user's role assignment
to allow access to additional tasks. However, the user is unable to see these tasks.
What must the user do to see these additional tasks?
A.
B.
C.
D.
quit and then restart the CCS console
synchronize the user database
hit the refresh icon
choose Advanced Tasks from the Task menu
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 160
Which three are components of the Symantec Control Compliance Suite 9.0? (Select three.)
A.
B.
C.
D.
E.
web portal
Evidence database
ESM database
Cognos
application server
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 161
In the Symantec Control Compliance Suite 9.0 console, where is the status of Evaluation and Data
Collection jobs displayed?
A.
B.
C.
D.
Home
Manage
Monitor
Reporting
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 162
In which two places in the user interface are Smart Response rules invoked? (Select two.)
A.
B.
C.
D.
E.
Policy page
Incident List reports
Incident Snapshot reports
Incident Summary reports
Response Rules page
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 163
Where are evaluation results stored?
A.
B.
C.
D.
Production database
Evidence database
Reporting database
Response database
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 164
Which two protocols are available by default and recognized by Network Monitor by their individual
signatures? (Select two.)
A.
B.
C.
D.
E.
FTP
HTTPS
IM: AIM
SNMP
TFTP
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 165
A custom logo can replace a default logo in a report. The logo must be added to Symantec Control
Compliance Suite 9.0 before the logo can be used.
In which location is a custom logo added?
A.
B.
C.
D.
Reporting View > Options
Settings > General
Reporting.exe.config file
Report Customization Wizard
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 166
Which two Symantec Control Compliance Suite 9.0 roles are valid for exception management? (Select
two.)
A.
B.
C.
D.
E.
Exception Administrator
Exception Approver
Exception Auditor
Exception Owner
Exception Requestor
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 167
What are two functions of the Enterprise Configuration Service? (Select two.)
A.
B.
C.
D.
E.
It maintains a list of master and slave query engines.
It maintains rules for query engine data collection.
It maintains a list of RMS configured users.
It maintains a list of registered UNIX targets.
It maintains Scope files.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Topic 3, Volume C
QUESTION 168
Which information is required to configure an Enterprise Security Manager (ESM) data collector in
Symantec Control Compliance Suite 9.0? (Select two.)
A. ESM manager
B.
C.
D.
E.
ESM console
ESM agent
ESM user
ESM console user
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 169
After an exception has been requested, which three approver actions are valid? (Select three.)
A.
B.
C.
D.
E.
set the exception request state to In Review
forward the exception request to an alternate approver
deny the exception request
delete the exception request
request clarification for the exception request
Correct Answer: ACE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 170
Who is responsible for approving who has access to which data in an organization?
A.
B.
C.
D.
the business data owner
the owner of the business
the chief security officer
the information technology officer
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 171
Which information is displayed in the Monitor View?
A.
B.
C.
D.
Jobs and reports
Jobs and evaluation results
Tasks and reports
Data collections and evaluation results
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 172
Which step is recommended before scheduling any dashboard job?
A.
B.
C.
D.
Back up the reporting database
Run the Scheduled Reporting Database Purge job
Run the Scheduled Reporting Database Synchronization job
Preview the dashboard
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 173
The amount of discarded packets for a Network Monitor server is increasing throughout the day.
Which Network Monitor configuration changes should be implemented to reduce the number of packets
that are discarded?
A.
B.
C.
D.
Implement filtering in the policies that are applied to the Network Monitor.
Ensure that the traffic handled by Network Monitor is kept at 10,000 messages per second.
Implement Layer-7 filtering in the local Network Monitor configuration.
Uncheck protocols from the Monitor configuration page that are unnecessary.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 174
Which action must be performed immediately after the configuration/modification of Data Processing
Service settings?
A.
B.
C.
D.
register configuration
refresh configuration
synchronize configuration
update configuration
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 175
Which action must be performed when installing a Network Prevent detection server in a hosted
environment to ensure secure communications to Enforce?
A.
B.
C.
D.
Use the sslkeytool utility to create multiple unique certificates for each Network Prevent server
Generate a certificate directly on the Network Prevent server
Use the built-in Symantec Data Loss Prevention certificate
Generate identical certificates for on-premise and hosted detection servers
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 176
Which two Symantec Data Loss Prevention components can be deployed in a hosted service provider?
(Select two.)
A.
B.
C.
D.
E.
Network Prevent (Email)
Network Discover
Network Prevent (Web)
Network Monitor
Network Protect
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 177
If a customer is running Enterprise Security Manager (ESM) 6.5.x in their environment, which two ESM
components must be upgraded for it to work with Symantec Control Compliance Suite 9.0? (Select two.)
A.
B.
C.
D.
E.
ESM manager
ESM agent
ESM console
ESM reporting
ESM relation database link
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 178
There can only be a single instance of which three components in a Control Compliance Suite 9.0
deployment? (Select three.)
A.
B.
C.
D.
E.
directory server
load balancer
Production database
Data Processing Service
application server
Correct Answer: ACE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 179
Which two currently supported ICAP proxies can Web Prevent work with to inspect, block, and remove
HTTPS content? (Select two.)
A.
B.
C.
D.
E.
Bluecoat
Webwasher
Microsoft ISA
Squid
Ironport S-series
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 180
What is required in order to support encrypted communications between the information server and an
Oracle database server?
A.
B.
C.
D.
tnsnames.ora file
Secure Socket Layer (SSL)
Oracle client
Public Key Infrastructure (PKI)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 181
Which Network Discover option is used to determine whether confidential data exists without having to scan
the entire target?
A.
B.
C.
D.
Byte Throttling
File Throttling
Match Thresholds
Inventory Mode Scanning
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 182
Which three operating system versions are supported to run Symantec Control Compliance Suite 9.0
Server components? (Select three.)
A.
B.
C.
D.
E.
Windows Server 2003 SP2 x64
Windows Server 2003 R2 SP2
Windows Server 2008
Windows Vista Business or Enterprise
Windows Server 2008 Server Core
Correct Answer: ABC
Section: (none)
Explanation
Explanation/Reference:
actual answer.
QUESTION 183
Which two types of information are available on a scan listing on the Discover Targets page? (Select two.)
A.
B.
C.
D.
E.
User who initiated the scan
Run time for each scan
Number of items changed since the previous scan
File structure and location
Number of errors encountered
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 184
A Data Loss Prevention administrator notices that several errors occurred during a Network Discover scan.
Which report can the administrator use to determine exactly which errors occurred and when?
A.
B.
C.
D.
Discover Incident report sorted by target name and scan
Full Activity report for that particular scan
Server Event report from Server Overview
Full Statistics report for that particular scan
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 185
Which three roles are associated with policy management in Symantec Control Compliance Suite 9.0?
(Select three.)
A.
B.
C.
D.
E.
Policy Viewer
Policy Requestor
Policy Approver
Policy Administrator
Policy Reviewer
Correct Answer: CDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 186
What are two valid CSV collector settings? (Select two.)
A. Command Threads
B. File(s) Path
C. Job Poll Interval
D. Search Pattern
E. Hostname
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 187
Which two are supported methods of populating the asset system? (Select two.)
A.
B.
C.
D.
E.
by-Control Network Mapper
XML Import
data collectors (ESM/RMS)
CSV Import
Active Directory Import
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 188
Where can a Data Loss Prevention administrator configure the throttling option for a DLP Agent?
A.
B.
C.
D.
Symantec Management Platform
Discover Target Configuration page
Agent Configuration section
Agent Filtering section
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 189
If Endpoint Prevent and Endpoint Discover are competing for resources on an endpoint computer, how
does the system resolve the conflict?
A.
B.
C.
D.
Endpoint Discover queues files until resources are available.
Endpoint Discover pauses any scans if resources are needed.
Endpoint Prevent pauses detection until any scans complete.
Endpoint Prevent queues files until resources are available.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 190
Which Automated Response rule is specific to Endpoint Prevent?
A.
B.
C.
D.
Remove HTTP/HTTPS Content
User Cancel
Copy File
Modify SMTP Message
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 191
Which two are modules of Symantec Control Compliance Suite 9.0? (Select two.)
A.
B.
C.
D.
E.
Standards
bv-Control
ESM
Internet Security
Entitlements
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 192
What should be used to exclude emails going to any email address in the partner.com domain across all
policies?
A.
B.
C.
D.
IP filter
L7 filter
Content filter
Sender/User Matches pattern
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.gratisexam.com/
QUESTION 193
A user receives this error message in the Symantec event log:
An error occurred while attempting to run a scheduled job; Reason for failure: Password doesn't exist for
username.
The Symantec Control Compliance Suite 9.0 is configured to store the user credentials for job runs.
Where must the user supply the correct credentials?
A.
B.
C.
D.
Home > User Preferences
Monitor > Jobs
Settings > General
Settings > Secure Configuration
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 194
Communications between Symantec Control Compliance Suite 9.0 (CCS 9.0) components rely on a signed
digital certificate.
What is the root certificate authority in the CCS 9.0 environment?
A.
B.
C.
D.
Microsoft Certificate Authority Server
Certificate Management Console Server
CCS Management Service
Application Server
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 195
What should a Data Loss Prevention administrator do when the license file expires?
A.
B.
C.
D.
enter a new license key to update the license file
reference a new license file on the System Settings page
overwrite the expired license key
enter a new license file on the Advanced Settings page
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 196
What is the correct sequence of steps in the Symantec Data Loss Prevention policy lifecycle?
A.
B.
C.
D.
Design policy, test policy, deploy policy, identify threat, and tune policy
Identify threat, build policy, deploy policy, test policy, and tune policy
Design policy, deploy policy, identify threat, test policy, and tune policy
Identify threat, design policy, build policy, test policy, tune policy, and deploy policy
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 197
What is required to assign permissions to the asset system?
A.
B.
C.
D.
user/group
role
role and user/group
group
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 198
What is the purpose of the cg.ead endpoint database?
A.
B.
C.
D.
to tune and change debugging levels
to store two-tier detection information
to encrypt communication with the Endpoint server
to log and track agent version changes
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 199
When planning a Symantec Control Compliance Suite 9.0 deployment, the site concept plays an important
role.
What should be the first step when planning the site concept?
A.
B.
C.
D.
identify the number of servers in scope
analyze a diagram of the network
identify the operating systems in scope
analyze a diagram of the Active Directory structure
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 200
Which three supported scopes can be used for a Windows File asset type? (Select three.)
A.
B.
C.
D.
E.
Windows domain
Windows group
Windows machine
Windows directory
Windows site
Correct Answer: ACD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 201
After installing several new DLP Agents, the Data Loss Prevention administrator discovers that none of the
endpoint agents are appearing on the Agent Overview page. After refreshing the page several times, and
determining that the equipment is powered on and connected to the network, the Agent Overview page still
fails to display the new agents.
What is a possible cause for this issue?
A.
B.
C.
D.
The DLP Agents need to be added manually through the Symantec Management Platform.
The DLP Agents were installed with the incorrect Endpoint server IP address.
The assigned Endpoint server needs to be recycled in order to detect the new DLP Agents.
The Endpoint Location is set to "Manually" instead of "Automatically" in the Enforce user interface.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 202
Which Network incident report indicates where employees are most often sending emails in violation of
policies?
A.
B.
C.
D.
Location Summary
Status by Target
Top Recipient Domains
Destination Summary
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 203
Which report helps a compliance officer understand how the company is complying with its data security
policies over time?
A.
B.
C.
D.
Policy Trend report, summarized by policy, then quarter
Policy Trend report, summarized by policy, then severity
Policy report, filtered on quarter, and summarized by policy
Policy report, filtered on date, and summarized by policy
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 204
What is the maximum number of port lets that can be used in a dashboard?
A.
B.
C.
D.
4
6
8
10
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 205
A Data Collection job fails for a Windows machine in Symantec Control Compliance Suite 9.0 (CCS 9.0). All
components appear to have been correctly installed and configured in the console.
What is the recommended step to take outside of the CCS 9.0 console to troubleshoot the issue?
A.
B.
C.
D.
Reinstall the MQE
Run a bv-Control query
Delete and recreate the Credentials database
Verify the Enterprise Configuration Service
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 206
Which three bv-Control for Windows services may be checked when troubleshooting agentless data
collection? (Select three.)
A.
B.
C.
D.
E.
bvProcessManager
Data Processing Service
Directory Support Service
BindView Query Engine
Enterprise Configuration Service
Correct Answer: ADE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 207
Which two options can incident responders select when deleting incidents? (Select two.)
A.
B.
C.
D.
E.
Delete the incident completely
Delete the original message and retain the incident
Delete the incident and retain the violating attachments or files
Delete the incident and export incident details to .csv file
Delete all attachments or files and log the incident
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 208
Which two functions does Data Owner Exception provide? (Select two.)
A.
B.
C.
D.
E.
Allows data owners to send or receive their own data
Prevents confidential data from being sent to the wrong recipient
Allows individuals to send confidential data about a family member
Allows individuals to send confidential data to any recipient
Prevents individuals from sending confidential data to a group of recipients in the recipient list
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 209
Where are roles and permissions stored?
A.
B.
C.
D.
SQL
Credential database
ADAM
Active Directory
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 210
What must a policy manager do when working with Exact Data Matching (EDM) indexes?
A.
B.
C.
D.
Re-index large data sources on a daily or weekly basis
Index the original data source on the detection server
Deploy the index only to specific detection servers
Create a new data profile if data source schema changes
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 211
What is a feature of keyword proximity matching?
A. It will match on whole keywords only.
B. It has a maximum distance between keywords of 99.
C. It only matches on message body.
D. It evaluates each keyword pair independently.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Real answer.
QUESTION 212
What needs to be configured in order to collect common fields during a asset import using the default data
collector?
A.
B.
C.
D.
ESM data collector
CSV data collector
Automatic Entitlements Import job
a policy with associated assets
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is updated.
QUESTION 213
A dashboard can be exported to a folder from which two areas? (Select two.)
A.
B.
C.
D.
E.
Home
Monitor > Jobs
Reporting > My Reports
Reporting > My Dashboards
Reporting > Dashboard Templates
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 214
A business unit is generating a large number of high severity incidents on a Network Prevent credit card
policy.
What are two likely causes? (Select two.)
A.
B.
C.
D.
E.
The business unit's employees are storing credit card data insecurely on a local file share.
A business process within the business unit violates corporate security policies.
The business unit's employees are copying credit card data to removable drives.
The business unit's employees may be unaware of correct credit card handling procedures.
The policy is unable to detect corporate security policies with respect to credit cards.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 215
Within an evaluation result, the status Unknown is primarily defined with which check setting?
A.
B.
C.
D.
missing data items
check expression
precondition
data items filter
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 216
An administrator has received the system event: "Tablespace is almost full".
How should the administrator resolve this issue?
A.
B.
C.
D.
Restart the Oracle database services
Create additional data files for the Oracle database
Restart the Vontu services
Purge incidents from the \Vontu\Protect\incidents folder
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 217
Refer to the exhibit.
Symantec Data Loss Prevention's four phases of risk reduction model provides a blueprint for identifying
and remediating key risk areas without disrupting legitimate business activity.
Which two actions are involved with the remediation phase of risk reduction? (Select two.)
A.
B.
C.
D.
E.
employee and business unit communication
sender auto notification
blocking and notifying response rules
fixing broken business processes
enabling Exact Data Matching (EDM)/Indexed Document Matching (IDM)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 218
The following steps have been taken:
Which job will be executed?
A. Entitlements Import job
B. Asset Import job
C. Automatic Entitlements Import job
D. Evaluation job
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 219
A Data Processing Service in a Load Balancer role distributes jobs to Data Processing Services in which
two roles? (Select two.)
A.
B.
C.
D.
E.
Evaluator
BladeRunner
Collector
Load Balancer
Scheduler
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
updated answer.
QUESTION 220
Which three can be used to install a bv-Control for Windows MQE? (Select three.)
A.
B.
C.
D.
E.
bv-Config Utility
bv-Control for Windows Configuration Wizard
configuration settings
RMS configuration
setup.exe
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 221
The business data owner is unavailable.
Who can approve the entitlements in his absence?
A.
B.
C.
D.
Alternate approver
Alternate data owner
Any user with the approver role
IT administrator
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 222
A report template has been scheduled.
Where will the resulting report be located?
A.
B.
C.
D.
My Reports
Predefined Reports
Monitor > Jobs
My Documents folder
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 223
How can an administrator validate that once a policy is updated and saved it has been enabled on a
specific detection server?
A.
B.
C.
D.
Check the status of the policy on the policy list page
Check to see whether the policy was loaded under System > Servers > Alerts
Check the policy and validate the date and time it was last updated
Check to see whether the policy was loaded under System > Servers > Events
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 224
Which four bv-Control platforms are supported in Symantec Control Compliance Suite 9.0 Standards?
(Select four.)
A.
B.
C.
D.
E.
F.
Oracle
Windows
UNIX
Exchange
SQL
NetWare
Correct Answer: ABCE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 225
What is a possible solution when a Network Discover server is unable to scan a remote file server?
A.
B.
C.
D.
Mount the IPC$ share on the file server
Verify that the target file server is a Windows 2000 server
Use the fully qualified name (FQDN) of the server
Verify that the file server has .NET services running
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
correct answer.
QUESTION 226
Which tool is provided by default to edit a database on an endpoint?
A.
B.
C.
D.
vontu_sqlite3.exe
update_configuration.exe
logdump.exe
wdp.exe
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 227
What are two reasons why a company should implement data loss prevention? (Select two.)
A.
B.
C.
D.
E.
To prevent the threat of malware
To demonstrate regulatory compliance
To protect the CISO from liability due to a security breach
To prevent employee malicious activity
To protect brand and reputation
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 228
Which three Enterprise Security Manager policy-run options can be configured in Symantec Control
Compliance Suite 9.0? (Select three.)
A.
B.
C.
D.
E.
Collect data from last policy run
Run policy before collecting data
Collect data from last n policy runs
Run policy n days before collecting data
Run policy if data is older than n days
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 229
From which organization are Symantec Control Compliance Suite 9.0 Predefined Standards most
commonly derived?
A.
B.
C.
D.
National Institute of Standards and Technology
National Security Agency
Center for Internet Security
International Organization for Standardization
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 230
When manually installing the Symantec DLP Agent, how can the Data Loss Prevention administrator hide
the agent from registering itself in the Windows control panel?
A.
B.
C.
D.
Add ARPSYSTEMCOMPONENT="1" to the installer batch file
Select the "Hide from Control Panel" checkbox in the installation user interface
Add HIDECONTROLPANEL="YES" to the installer batch file
Select the "ARPSYSTEMCOMPONENT" checkbox in the installation user interface
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 231
In Symantec Control Compliance Suite 9.0, if an administrator wants to evaluate assets compared to a
referenced asset, what is used?
A.
B.
C.
D.
reference evaluation
baseline standard
gold standard
policy mapping
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 232
Symantec recommends that new deployments of Data Loss Prevention replace the default encryption
certificates used for securing communication between the Enforce Server and detection servers. What is
the correct utility for generating new certificates for this communication?
A.
B.
C.
D.
sslkeytool.exe
certutil.exe
endpointkeytool.exe
kinit.exe
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 233
Which two can a detection server match on with a recipient matches pattern rule? (Select two.)
A.
B.
C.
D.
E.
IP address of a Web server
Windows username
Instant Messaging Name
MAC address
Webmail server URL
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 234
An organization needs to determine whether anyone other than the CEO is emailing PDF documents that
contain the phrase "Revenue Operating Report".
What is the most efficient way to write this policy and generate the fewest false positives?
A.
B.
C.
D.
One rule without conditions and one exception rule
Two rules and one L7 Sender exception
One rule with two conditions and one exception rule
Two rules with one condition each and one exception rule
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 235
What should be used to detect existing source code information for a customer?
A.
B.
C.
D.
Exact Data Matching (EDM)
Index Document Matching (IDM)
file type rule condition
data identifier rules
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 236
What is the process of assigning meta information to an asset?
A.
B.
C.
D.
Dynamic asset grouping
Implementing Reconciliation Rules
Tagging
CSV Import
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 237
Which two detection condition types match on all Envelope, Subject, Body, and Attachment components?
(Select two.)
A.
B.
C.
D.
E.
Exact Data Match
Indexed Document Match
Keyword
File Name
Data Identifier
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 238
Which technique is used to select a Data Processing Service data collector when multiple data collectors
are configured to support a site?
A.
B.
C.
D.
round robin
most recently used
load based
shortest job next
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 239
Data can be collected using which two data collectors in Symantec Control Compliance Suite 9.0? (Select
two.)
A.
B.
C.
D.
E.
ESM
XML
ODBC
CSV
AS400
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 240
Which use case would be solved by using a "Sender/User matches Group based on Directory Server
Group" as a detection rule?
A.
B.
C.
D.
Allow login to Enforce based on Active Directory (AD) group membership
Generate an incident based on the business unit custom attribute
Resolve the business unit custom attribute using the LDAP lookup plugin
Detect a group of users based on Active Directory (AD) group membership
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 241
Which two collector types can be used to import assets into the Symantec Control Compliance Suite 9.0
asset system? (Select two.)
A.
B.
C.
D.
E.
Domain
Default
DPS
XML
CSV
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 242
How are the Enterprise Security Manager settings configured for use by the Data Processing Service?
A.
B.
C.
D.
per site
per domain
per organizational unit
per group
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 243
Which response rule condition allows a policy manager to configure an Automated Response rule to
execute while a user is travelling?
A.
B.
C.
D.
Endpoint Location
Endpoint Device
Protocol or Endpoint Monitoring
Sender/User Matches Pattern
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 244
How many attachments can be associated with an exception request?
A.
B.
C.
D.
1
2
3
4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 245
An Endpoint Prevent: Notify response rule is defined in Korean, English, and Chinese (in that order).
Which pop-up language will a Japanese Windows locale user see?
A.
B.
C.
D.
Korean
Japanese
English
Chinese
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 246
Which two benefits does the Policy Module provide? (Select two.)
A. determines coverage gaps for multiple, overlapped regulatory, industry-specific, or best practices
frameworks
B. lowers the cost of policy creation and maintenance and measures policy knowledge and retention
C. defines, reviews, and disseminates written policies to end users as mapped to specific measurable
controls
D. integrates the policy compliance process with existing asset management systems
E. identifies problems within policies or internal controls and prevents policy compliance failure or data
breach
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 247
Which two fields are common to all asset types? (Select two.)
A. Asset Administrator
B. Confidentiality
C. Asset Location
D. Access Vector
E. Authentication
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 248
On which protocols does Symantec Data Loss Prevention use port-based protocol recognition?
A.
B.
C.
D.
Secure tunnelling protocols
User-defined IP protocols
User-configured TCP protocols
System-defined UDP and TCP protocols
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 249
What does Symantec Control Compliance Suite 9.0 use to help organize how and where data is collected?
A.
B.
C.
D.
collections
sites
domains
organizational units
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 250
Which two requirements must be met to successfully use Network Monitor on a Windows based detection
server? (Select two.)
A.
B.
C.
D.
E.
Wireshark must be installed on the Windows system.
WinPCAP must be installed on the Windows system.
ARP proxy must be enabled to ensure the Windows system captures all traffic.
At least two network interfaces must be available.
The network interface card must support Jumbo frames.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 251
A test is performed against one or more assets in order to determine a pass or fail status.
What is this test called?
A.
B.
C.
D.
Standard
Filter
Check
Evaluation
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 252
Which two are categorized as unprocessable components in the traffic report? (Select two.)
A.
B.
C.
D.
E.
traffic stream that is corrupted
Traffic that contains jpg image
Extraction limit that has been exceeded
Traffic containing a password protected doc file
Packets arriving out of order
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 253
Which traffic type will be excluded from analysis?
A.
B.
C.
D.
Skype
Yahoo! Instant Messenger
NNTP
Telnet
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 254
What does Network Monitor use to identify SMTP network traffic going to a nonstandard port?
A.
B.
C.
D.
string matching
port range
regular expressions
protocol signature
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 255
Which incidents appear in the Network Incident List when the Network Prevent Action filter is set to
Modified?
A.
B.
C.
D.
incidents in which confidential content was removed from an SMTP email
incidents in which an SMTP email was changed to include a specified header
incidents in which digital rights were applied to SMTP email attachments
incidents in which attachments were removed from an SMTP email
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 256
Which two fallback options are available for a Network Prevent: Remove HTTP/HTTPS Content response
rule? (Select two.)
A.
B.
C.
D.
E.
Determine a secondary site for posts
Block content from being posted
Send to an encryption gateway
Remove content through FlexResponse
Allow content to be posted
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Topic 4, Volume D
QUESTION 257
Which two options can be used to notify users when SMTP emails are blocked with Network Prevent?
(Select two.)
A.
B.
C.
D.
E.
MTA generated delivery status notification
Web Proxy server generated email notification
Symantec FlexResponse plug-in generated email notification
Symantec detection rule generated email notification
Symantec response rule generated email notification
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 258
Which databases are created by Symantec Control Compliance Suite 9.0 Reporting and Analytics during
installation?
A. Production, Reporting, Evidence
B. bv, Compliance Manager, Policy Manager
C. Dashboard, Reporting, SMC
D. Evidence, Standards, Policies
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 259
Which functionality must a Mail Transfer Agent (MTA) have to integrate with an Email Prevent Server?
A.
B.
C.
D.
The MTA is strict ESMTP compliant.
The MTA is ICAP compliant.
The MTA filters spam.
The MTA supports TLS.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 260
What can Email Prevent do to protect confidential data in an outgoing email?
A.
B.
C.
D.
modify the email attachment to remove confidential information
add a header to an email to route to an encryption gateway
use a FlexReponse plug-in to modify the email header
modify the email body to redirect to a quarantine location
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 261
How many instances of the Enterprise Configuration Service should be installed?
A.
B.
C.
D.
One per Windows domain
One per enterprise
Two (cluster configuration)
One per query engine
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 262
Which three are valid Reconciliation Rule types in Symantec Control Compliance Suite 9.0? (Select three.)
A. Pre Rule
B.
C.
D.
E.
Add Rule
Delete Rule
Update Rule
Change Rule
Correct Answer: ABD
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 263
When configuring bv-Control for Microsoft SQL Server, which two authentication options are available?
(Select two.)
A.
B.
C.
D.
E.
Certificate-based authentication
Windows authentication
Pass-through authentication
Basic authentication
SQL authentication
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 264
Which Symantec Control Compliance Suite 9.0 component is responsible for routing data collection,
evaluation, and reporting jobs?
A.
B.
C.
D.
application server
collector
load balancer
Management Service
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 265
How can a user monitor compliance to policies?
A.
B.
C.
D.
via statements
via questions
via regulations
via frameworks
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 266
When approving an exception, which field requires input from the approver?
A.
B.
C.
D.
Requestor
Requestor Group
Requestor Email ID
Comments
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 267
How are Reconciliation Rules processed?
A.
B.
C.
D.
by priority, first matching rule
by CIA values
by asset type
by best fit matching, multiple rule matches
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 268
How is a policy applied to Network Discover scans?
A.
B.
C.
D.
by assigning policy groups to the scan target
by choosing the correct policies in the scan target
by assigning policies to the Network Discover Server
by choosing the correct targets to run the policies
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 269
With respect to the entitlements workflow, what is the first step that is performed?
A.
B.
C.
D.
Assign a data owner
Mark control point
Import entitlements
Gather business data
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 270
Which two remediation actions are available for Network Protect? (Select two.)
A.
B.
C.
D.
E.
Copy
Move
Block
Rename
Quarantine
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 271
In the Reports > Predefined folder, which two actions can the user perform? (Select two.)
A.
B.
C.
D.
E.
Add report templates from CSV files
Delete report templates
Customize certain report templates
Edit the report template properties to add user-defined values
Schedule report templates
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 272
To run a bv-Control query targeting Microsoft SQL Server 2005, which Microsoft component is required on
the information server?
A.
B.
C.
D.
SQL Agent
Reporting Services
Integration Services
Distributed Management Objects
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 273
When should Network Discover Scanners be used?
A.
B.
C.
D.
to scan data repositories that require special access methods to be readable
to find open file shares on the network
to scan and index documents from remote file servers for use in policies
to automatically remove sensitive files from data repositories
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 274
A company needs to scan all of its file shares on a weekly basis to make sure sensitive data is being stored
correctly. The total volume of data on the file servers is greater than 1 TB.
Which approach will allow the company to quickly scan all of this data on a weekly basis?
A. run an initial complete scan of all the file shares, then modify the scan target to add date filters and
exclude any files created or modified before the initial scan was run
B. run an initial complete scan of all the file shares, then modify the scan target to an incremental scan
type
C. create a separate scan target for each file share and exclude files accessed before the start of each
scan
D. run an initial complete scan of all file shares, create a summary report of all incidents created by the
scan, then run weekly scans and compare incidents from weekly scans to incidents from the complete
scan
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 275
In the context of IT compliance, what are standards?
A.
B.
C.
D.
a set of generally accepted best practices
a protector against a specific risk or threat
statements of goals and objectives
a collection of methods to evaluate compliance efforts
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 276
Which two recommendations should an organization follow when deploying Endpoint Prevent? (Select two.)
A.
B.
C.
D.
E.
Test the agent on a variety of end-user images.
Initially enable monitoring of the local file system.
Enable monitoring of many destinations and protocols simultaneously.
Configure, test, and tune filters.
Configure blocking as soon as the agents are deployed.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 277
Which application or destination is selected for endpoint monitoring by default?
A.
B.
C.
D.
email
removable storage
instant messaging
local drive
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 278
An administrator is applying a newly created agent configuration to a server. Upon inspection, however,
none of the new configuration settings are displayed.
What is a possible cause of this issue?
A.
B.
C.
D.
The administration access rights restricts access to apply new configurations.
The server that the new agent configuration was applied to needs to be recycled.
The new agent configuration was saved without applying it to the Endpoint server.
The new agent configuration was copied and modified from the default agent configuration.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 279
An information security officer has detected an unauthorized tool on desktops being used to transmit data
with encrypted communications.
Which Data Loss Prevention feature can prevent this tool from accessing confidential data?
A.
B.
C.
D.
Removable storage monitoring
Network protocol monitoring
Application path filtering
Application monitoring
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 280
Which situation can be monitored by both Network Monitor and Endpoint Prevent?
A.
B.
C.
D.
An employee uses a Chrome 2 browser to post confidential data to a newsgroup using http.
An employee uses Skype to send an instant message to a friend at a competitor site.
An employee uses AIM to send an instant message while off the corporate network.
An employee uses Internet Explorer 7 to send confidential data from a Gmail account using https.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 281
Which object applies to an entitlement exception?
A.
B.
C.
D.
section
standard
control point
policy
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 282
What are two available options when accessing the Configure Server page of a Network Monitor server to
configure protocol filters? (Select two.)
A.
B.
C.
D.
E.
HTTPS
FTP
SMTP
ICMP
UDP
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 283
Which throttling option is available when creating a Server SharePoint Discover target?
A.
B.
C.
D.
maximum
maximum
maximum
maximum
sites per hour
items per minute
request per front-end server
encountered errors
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 284
What is the correct syntax sequence when creating an IP filter for Network Monitor?
A. +/-, source, destination
B. include/exclude, destination, source
C. include/exclude, source, destination
D. +/-, destination, source
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 285
Which two components are required for the Symantec Data Loss Prevention for Tablets solution in addition
to the Tablet Prevent and Enforce servers? (Select two.)
A.
B.
C.
D.
E.
DLP Agent
Virtual Private Network Gateway
Web Proxy
2010 Exchange Server
Mobile Device Management
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 286
Which step can be excluded from the install and configuration process for a valid Mobile Device
Management solution that is used for Symantec Data Loss Prevention for Tablets?
A.
B.
C.
D.
configure VPN and SCEP profiles
target profiles and deliver them to the devices
configure the VPN profile for tamper-proofing
set up backup and load-balancing VPN connections
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 287
Which profile contains information to enable the VPN on Demand functionality for the Data Loss Prevention
for Tablets solution?
A.
B.
C.
D.
DLP Agent profile
SCEP profile
iOS profile
VPN client profile
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 288
Which VPN configuration for the Data Loss Prevention for Tablets solution is unsupported?
A.
B.
C.
D.
use the Juniper JunOS Pulse client when using the Juniper Networks SA VPN appliances
use the native iPad IPSec client when using the Juniper Networks SA VPN appliances
use the Cisco AnyConnect client when using the Cisco ASA series VPN devices
use the native iPad IPSec client when using the Cisco ASA series VPN devices
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 289
How does a Data Loss Prevention administrator verify the health of a Network Monitor server?
A.
B.
C.
D.
by checking Incident Queue and Message Wait Time on the System Overview page
by verifying the configuration details of the System Settings page
by determining whether system alert message emails are generated or received
by reviewing the results of the Environment Check Utility (ECU)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 290
Which command line utility generates custom authentication keys to improve the security of the data that is
transmitted between the Enforce server and detection servers?
A.
B.
C.
D.
endpointkeytool
keytool
servertool
sslkeytool
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 291
Where does a Data Loss Prevention administrator recycle the FileReader process on a detection server?
A.
B.
C.
D.
System Overview page
Server Detail page
command prompt
Windows Services
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 292
The dashboard run date is displayed in which format?
A.
B.
C.
D.
the date and time of the local computer
the date and time of the Data Processing Service computers
the Coordinated Universal Time (UTC) date and time
the date and time format of the application server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 293
When configuring DLP Agents, what does the File Recovery Area Location setting determine?
A.
B.
C.
D.
the secure filestore of incidents and data while agents are offline
the location of files quarantined through Endpoint Discover scans
the temporary backup location of blocked files
the location of files for redeployment or upgrade of agents
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 294
How should reports be configured in the system for secure distribution?
A.
B.
C.
D.
as email body text
as links
as a Web Archive
as filtered Incident List reports
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 295
How are permissions granted to predefined objects?
A.
B.
C.
D.
The administrator must manually add permissions.
Permissions can only be granted to CCS administrators.
Permissions are granted through Active Directory.
Permissions are automatically granted when the user is added to a role.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 296
Which feature should an incident responder use to begin to determine where an attachment has created
other violations?
A.
B.
C.
D.
Report Filters
Incident History
Incident Details
Policy Matches
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 297
Which three database types are suitable for the RMS Information Server? (Select three.)
A.
B.
C.
D.
E.
local Microsoft SQL Server 2005 Express
local Oracle 10g
local Microsoft SQL Server 2005 Standard
remote Microsoft SQL Server 2005 Standard
local Microsoft SQL Server 2005 Enterprise
Correct Answer: ACE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 298
When reviewing an SMTP incident snapshot, which reporting feature would a Data Loss Prevention
administrator use to quickly find recent incidents with the same subject and sender?
A.
B.
C.
D.
Incident History
Incident Summary report
Incident Notes
Incident Correlations
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 299
For most organizations, the password for the database accounts is changed on a regular basis.
Which action is recommended for the account that is used by Symantec Control Compliance Suite 9.0
(CCS 9.0)?
A. Require that the CCS 9.0 have a password exception
B. Coordinate the password change to ensure database connectivity
C. Require that the CCS 9.0 administrator also have database administrator rights
D. Create a job that refreshes the settings information automatically
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 300
How are incidents classified in a Network Prevent plus Data Loss Prevention for Tablets hybrid
deployment?
A.
B.
C.
D.
All incidents are classified under the Network category.
Classification for all incidents depends on traffic destination.
Incidents created by all traffic sources are generically categorized.
Incidents are classified specifically based on traffic source.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 301
In order to generate reports in Symantec Control Compliance Suite 9.0 (CCS 9.0), where must the Crystal
Reports 2008 Engine be installed?
A.
B.
C.
D.
The Data Processing Service computer configured with the Reporter role
The application server that manages the reporting jobs
All Data Processing Service computers
The server that hosts the CCS 9.0 console
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 302
Which feature enables data extraction with incident data from the Enforce platform based on report ID?
A.
B.
C.
D.
Data Extraction API
CSV Export
Reporting API
Report Save As
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 303
An incident responder can see basic incident data, but is unable to view any specific details of the incident.
What is the configuration for this role?
A.
B.
C.
D.
The View option is selected and all display attributes are deselected.
Server administration rights have been deselected.
Custom attributes have been selected and set to View Only.
Incident Access tab conditions are specified.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 304
Which term refers to rules created by a government in response to legislation?
A.
B.
C.
D.
E.
framework
standard
policy
benchmark
regulation
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 305
Which two conditions can be specified when creating an incident access condition in a role? (Select two.)
A.
B.
C.
D.
E.
File types
A custom attribute
Last modified by
File size
Policy group
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 306
Which Symantec Control Compliance Suite 9.0 component is responsible for most inter-component
transactions?
A.
B.
C.
D.
Directory Support Service
Data Processing Service
Information Server Service
Application Server Service
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 307
Which feature moves confidential data to a secure location when scanning endpoint targets?
A.
B.
C.
D.
Network Protect Quarantine
Network Discover Remediation
Endpoint Quarantine
Endpoint Prevent Block
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 308
Which service is responsible for importing assets via a CSV file?
A.
B.
C.
D.
Application Server Service
Data Processing Service
Directory Support Service
Management Services Service
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 309
Which delimiter is acceptable in Exact Data Matching (EDM) data sources?
A.
B.
C.
D.
space
semi-colon (;)
pipe (|)
slash (/)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Real answer.
QUESTION 310
Which three are prerequisites for RMS installation? (Select three.)
A.
B.
C.
D.
E.
Internet Information Server
Microsoft .NET Framework 2.0
Windows Installer 3.1
Microsoft SQL Server 2005 Express
Crystal Report 2008
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 311
A user has deleted a report template in a user-defined folder.
What must the user do to use that report template again?
A.
B.
C.
D.
Find the report template in the Application Server Recycle Bin
Recreate the report template from the predefined report template
Recreate the Report Generation job
Select Add in My Reports
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 312
Which minimum right is required for a standard user to open the RMS console and use the query- related
features?
A.
B.
C.
D.
must be part of the RMS Console Users local group
must have a Symantec Control Compliance Suite 9.0 Administrator role
must be configured as an RMS Console User
must be part of the RMS Admin Users local group
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 313
For greater accuracy, what is the minimum recommended number of columns in a data source for use in
an Exact Data Matching (EDM) profile?
A.
B.
C.
D.
2
3
4
5
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 314
Which two dates must be selected when creating an exception request? (Select two.)
A. expiration date
B. start date
C. effective date
D. due date
E. evaluation date
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 315
The Response Assessment Module (RAM) was installed after Symantec Control Compliance Suite 9.0
(CCS 9.0) reporting and analytics.
What must be modified in order to connect CCS 9.0 to the RAM?
A.
B.
C.
D.
RAMServer.exe.config file
RAM DB configuration
DPS settings
RAM Server connection string
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 316
A company has SMTP Prevent deployed with email blocking enabled in their confidential data policy. The
finance department reports that emails containing sensitive data sent to external business partners are
being blocked. The company maintains a list of the external business partner domains.
How can a policy be modified so that emails are sent only to authorized recipients?
A. duplicate the confidential data policy, add a rule based on "Sender Matches Pattern", and add the email
addresses of all employees in the finance department, select "All senders must match" for Match
Counting
B. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains
of business partners to the recipient pattern and select "All recipients must match" for Match Counting
C. create a new rule in the policy based on "Recipient Matches Pattern", add the authorized email domains
of business partners to the recipient pattern and select "At least 1 recipient must match" for Match
Counting
D. add an exception to the policy based on "Recipient Matches Pattern", add the authorized email domains
of business partners to the recipient pattern and select "At least 1 recipient must match" for Match
Counting
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 317
How can agentless asset data collection speed be improved on a large network?
A. Install the console on a faster machine
B. Tune the SQL database for performance
C. Set up multiple information server deployments on the network
D. Install RMS and Symantec Control Compliance Suite 9.0 on the same box
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 318
Which two policy management actions can result in a reduced number of incidents for a given traffic flow?
(Select two.)
A.
B.
C.
D.
E.
Adding additional component matching to the rule
Adding data owner exceptions
Deploying to additional detection servers
Increasing condition match count
Adding additional severities
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 319
What is the main difference between data loss prevention and other security technologies?
A.
B.
C.
D.
It is designed to take a content aware approach to security.
It determines the data owner of inbound sensitive information.
It quarantines adware before it is able to extract confidential information.
It is designed to give visibility into where the company's least sensitive data is stored.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
accurate answer.
QUESTION 320
You move a set of files from a VxFS file system to another file system. When the files are moved, the
extent attributes are not moved along with the files and are lost during the migration.
What could be a possible cause for this problem?
A.
B.
C.
D.
The target file system is not a VxFS type file system.
There is a variation in the block size of source and target VxFS file system.
The target VxFS file system does not have enough free space to accommodate the extent attributes.
The target VxFS file system uses mixed block size.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 321
What causes the majority of data loss prevention violations?
A.
B.
C.
D.
hackers exploit vulnerabilities and exfiltrate confidential data
companies lack security policies to prevent loss of confidential data
employees unintentionally expose confidential data
system backups are performed improperly
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 322
You execute the command ps ef | grep vxatd.
What is the expected output of this command?
A.
B.
C.
D.
The command verifies the Fully Qualified Host Name.
The command verifies the status of Symantec Authentication service.
The command verifies the status of Root Broker.
The command verifies the status of Authentication Broker.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 323
What is the minimum number of plexes required for true mirroring to provide redundancy of data?
A.
B.
C.
D.
One
Two
Three
Four
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Real answer.
QUESTION 324
Which product can replace a confidential document residing on a share with a marker file explaining why
the document was removed?
A.
B.
C.
D.
Network Discover
Network Protect
Mobile Prevent
Endpoint Discover
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 325
Which command will you use to determine the operating mode of vxconfigd?
A.
B.
C.
D.
vxdctl enable
vxdctl mode
vxmode
ps ef |grep vxconfig
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 326
Which structures are parts of the Cross-platform Data Sharing (CDS) format?
A.
B.
C.
D.
E.
An Operating System-reserved area
A directory area
A private region
A public region
A Bad Block Relocation Area
Correct Answer: ACD
Section: (none)
Explanation
Explanation/Reference:
definite answer.
QUESTION 327
Which two components can perform a scan of a workstation? (Select two.)
A.
B.
C.
D.
E.
Endpoint Server
DLP Agent
Network Prevent
Enforce Server
Discover Server
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 328
While accessing a node in the Dynamic Multipathing (DMP) database you get an error "VxVM vxdmp
NOTICE V-5-0-111 disabled dmpnode dmpnode_device_number".
How will you resolve this error? (Each correct answer presents part of the solution. Select two.)
A.
B.
C.
D.
Enable the appropriate controllers to allow at least one path under this DMP node.
Check the underlying hardware to recover the desired path.
If possible correct the hardware failures Then, recover the volume using the vxrecover command.
Replace the hardware because there may be a problem with host-bus adapter.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 329
What is the recommended maximum number of agents registered to a manager in Enterprise Security
Manager 9.0?
A.
B.
C.
D.
400
1500
2000
4000
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 330
A user attempts to run Lookup Attributes manually on an incident. On the Incident List page under Incident
Actions, the option for Lookup Attributes is missing.
Which section in the Plugins.properties file is misconfigured?
A.
B.
C.
D.
Plugin Execution Chain is undefined.
Attribute Lookup parameters is set to "message".
Automatic plugin reload is set to false.
Automatic Lookup is set to false.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 331
What are two possible ways to provide incident match text information? (Select two.)
A.
B.
C.
D.
E.
CSV export
Email notification
Reporting API
Syslog notification
XML export
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 332
Which two should be used to collect log information from Enforce servers? (Select two.)
A.
B.
C.
D.
E.
Enable the VontuSNMP service and set the community strings accordingly
Use the Log Collection and Configuration tool
Navigate manually to the log directory of the Enforce server installation
Access the Enforce Log Viewer page at https:///logs?view=true
Use dbgmonitor from sysinternals to connect to the debug output of the service
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 333
Which three database maintenance tasks must be performed outside of Symantec Control Compliance
Suite 9.0? (Select three.)
A.
B.
C.
D.
E.
Purge evidence
Back up the databases
Purge stale data
Shrink the databases
Defragment the databases
Correct Answer: BDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 334
Which two tasks are performed in the Symantec Management Platform? (Select two.)
A.
B.
C.
D.
E.
Change Monitor operational log levels
Change Endpoint Agent log levels
Restart Agents
Gather Enforce logs
Gather Monitor logs
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
correct answer.
QUESTION 335
A DLP Agent is connected to the corporate network through VPN. The administrator sees a Warning icon
associated with the agent on the Agent Overview page of the Enforce user interface. The administrator
determines the warning is related to a failure to update Active Directory group membership.
What should the administrator do?
A.
B.
C.
D.
Reinstall the DLP Agent
Restart the DLP Agent
Restart the Endpoint server services
Refresh the Active Directory services
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 336
What is a prerequisite for viewing exported dashboards?
A.
B.
C.
D.
Cognos
Crystal Reports
Java
Adobe Flash
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 337
Which three asset types can be imported using the default Symantec Control Compliance Suite 9.0 data
collection import feature? (Select three.)
A.
B.
C.
D.
E.
Windows machines
Windows users
Windows domains
UNIX machines
Exchange mailboxes
Correct Answer: ACD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 338
A scanner fails to return results upon completion of the scan process.
Which file should be removed to eliminate previous scan issues?
A.
B.
C.
D.
scanner_typeScanner.cfg
Clean.exe
ScannerControllerLogging.properties
logs
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 339
When collecting data from assets, what is the primary factor in determining the types of data that will be
collected?
A. scope
B. standard
C. baseline
D. reference asset
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 340
An administrator is attempting to add a new detection server to the Enforce UI. However, the administrator
only has the ability to add Network Monitor and Endpoint servers. The option to add a Discover server is
missing. What does the administrator need to do to add an additional server type?
A.
B.
C.
D.
log in as Sys Admin/Server Administrator role
update the software license file
restart the Vontu Monitor service
restart Vontu Monitor Controller service
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 341
A DLP administrator needs to decide if using Symantec Management Console (SMC) will provide additional
functionality over the built-in Agent Actions that can be performed via Agents > Overview > Summary
Reports.
What are two of the Agent Actions that can be performed with SMC that are unable to be used with the
built-in Agent Actions? (Select two.)
A.
B.
C.
D.
E.
Set Under Investigation
Get Agent Configuration
Toggle Print Screen
Set Log Level
Gather Endpoint detection server logs
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 342
Ten test agents are being deployed that use an uninstall password required to uninstall the DLP Agent. The
agents deploy and install correctly. Upon testing to remove the Agent, the uninstall password fails to work.
The deployment team used 'Symantec' for the UninstallPasswordKey. Why does the uninstall fail when
using the same password?
A.
B.
C.
D.
uninstall passwords are restricted from containing the word 'Symantec'
the UninstallPwdKeyGenerator must be used to create an UninstallPasswordKey
the PGPsdk.dll file was missing when the key was created
the uninstall agent password needs to match the uninstall password key
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 343
An administrator is attempting to uninstall a version 11.6 DLP Agent, but the uninstall password fails to
remove the agent. The group who set the initial password is unavailable. Which two options are available to
address the password issue? (Select two.)
A. manually uninstall the agent by stopping the EDPA and WDP services, then remove all related program
files
B. upgrade the agent to version 12 with a newly generated UninstallPasswordKey
C. reboot and login to Safe Mode and use Add / Remove Programs to uninstall the Agent
D. contact Symantec Support to obtain the Clean Agent tool
E. use Regedit.exe and delete the related Endpoint registry entries
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 344
A Network Monitor server has been installed and the networking components configured accordingly. The
server is receiving traffic, but fails to detect incidents. Running Wireshark indicates that the desired traffic is
reaching the detection server.
What is the most likely cause for this behavior?
A.
B.
C.
D.
The mirrored port is sending corrupted packets.
The wrong interface is selected in the configuration.
The configuration is set to process GET requests.
The communication to the database server is interrupted.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 345
A DLP administrator needs to inspect HTTP traffic using a Network Monitor, including data pushed up to
the web and data pulled down from the web.
Which configuration changes should the administrator make under the advanced server settings to include
all cases?
A.
B.
C.
D.
L7.processGets=false, PacketCapture.DISCARD_HTTP_GET=true, L7.minSizeofGetURL=1000
L7.processGets=true, PacketCapture.DISCARD_HTTP_GET=true, L7.minSizeofGetURL=100
L7.processGets=false, PacketCapture.DISCARD_HTTP_GET=false, L7.minSizeofGetURL=10
L7.processGets=true, PacketCapture.DISCARD_HTTP_GET=false, L7.minSizeofGetURL=10
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 346
An administrator receives the following error:
Error Code:3018 lt;profile name> has reached maximum size. Only 44245 out of 97737 documents are
indexed.
What must the administrator do to resolve this error?
A.
B.
C.
D.
increase the advanced server setting Lexer.MaximumNumberOfTokens to 90k
reindex the current IDM to refresh the .IDX files
split the IDM into multiple indexes when the index is too large
increase the advanced server setting FileReader.MaxFileSize to 300M
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 347
In System Overview, the status of a detection server is shown as 'unknown'. Examination of the detection
server reveals all Vontu services are running. Which port is blocked and causing the server to be in the
'unknown' state?
A.
B.
C.
D.
443
8000
8100
8300
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 348
The DLP services on an Endpoint Server keep stopping. The only events displayed in the Enforce UI are
that the server processes have stopped. What is the first step the administrator should take to keep the
services on the Endpoint server running?
A.
B.
C.
D.
Perform a complete uninstall and reinstall of the Product
Install malware detection software on the server
Remove the Endpoint server from the UI and add it again
Exclude the DLP directories from any scheduled or real-time virus scanning
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 349
What is the minimum percentage of spare disks in a disk group?
A. 10%
B. 15%
C. 20%
D. 25%
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 350
An administrator is checking System Overview and all of the detection servers are showing as 'unknown'.
The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in
the Incidents directory on the detection servers. There is good network connectivity between the detection
servers and the Enforce server when testing with the telnet command. How can the administrator bring the
detection servers to a running state in the Enforce UI?
A.
B.
C.
D.
Delete all of the .BAD files in the incidents folder on the Enforce server
Restart the Vontu Monitor Service on all of the detection servers affected
Ensure the Vontu Monitor Controller service is running on the Enforce server
Ensure port 8300 is configured as open on the firewall
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 351
Where in the Enforce UI can the administrator find the option to participate in the Supportability Telemetry
Program?
A.
B.
C.
D.
System
System
System
System
> System Reports
> Incident Data
> Servers
> Settings
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 352
Which Oracle utility can be run from the Enforce box to test network connectivity between Enforce and the
Oracle database?
A.
B.
C.
D.
rconfig
sqlplus
netca
rman
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 353
In order to allow users to accept or decline policies, which option can be set during the creation of the
policy?
A.
B.
C.
D.
Allow User Accept/Decline
Allow User Response
Allow User Interaction
Allow Users to Interface
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 354
Which three are available Export Formats for Symantec Control Compliance Suite 9.0 reports? (Select
three.)
A.
B.
C.
D.
E.
Comma Separated Values (CSV)
Adobe Reader (PDF)
Crystal Reports (RPT)
Rich Text
Microsoft Access (MDB)
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
good choice of answer.
QUESTION 355
How are permissions to user-defined objects granted to individual users?
A.
B.
C.
D.
Permissions are automatically assigned by role.
A custom role must be created to grant access.
The administrator must manually assign permissions.
They are granted through Active Directory.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 356
When and how is the license for Symantec Data Loss Prevention 11.5 applied during installation?
A.
B.
C.
D.
by moving the license file to the bin directory after installation
by copying and pasting the license key when prompted during the installation
by uploading the license file when prompted by the installer
by copying and pasting the license key after logging in to the console for the first time
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 357
When installing an Endpoint Server, at which point does it register with the Enforce Server?
A.
B.
C.
D.
After installation, the Endpoint Server automatically registers itself with the Enforce Server.
after recycling the server in the user interface
after adding the server from within the Enforce user interface
after restarting the Enforce Server
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 358
Where are assets stored?
A.
B.
C.
D.
Assets.XML
Production database
RMS database
ADAM
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 359
Which two database versions does Symantec Data Loss Prevention 11.5 support for incident and policy
storage? (Select two.)
A.
B.
C.
D.
E.
Oracle 10g version 10.2.0.4
IBM DB2 version 8.2
SQL Server 2008 R2 version 10.50.1753
Oracle 11g version 11.2
Oracle 9i version 9.2.0.4
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 360
In order to have a proper Disaster Recovery Plan, all Symantec Control Compliance Suite 9.0 server
components need to be included in the backup strategy. For some components, it is easiest to recreate the
installation of a failed component. For other components, the data is backed up and the component
software is reinstalled.
For which three components is a data backup needed? (Select three.)
A.
B.
C.
D.
E.
application server
Data Processing Service
Production database
Evidence database
directory server
Correct Answer: CDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 361
In Symantec Control Compliance Suite 9.0, on which console section is Managing Reconciliation Rules
located?
A.
B.
C.
D.
Monitor > Jobs
Manage > Assets
Manage > Content
Settings > General
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 362
Which detection method is used for fingerprinting and protecting unstructured data, such as merger and
acquisition documents?
A.
B.
C.
D.
Exact Data Matching (EDM)
Directory Group Matching (DGM)
Indexed Document Matching (IDM)
Described Content Matching (DCM)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.gratisexam.com/