Up To The Immediate Present Administration Of Symantec Data Loss Prevention 15 250-438 Exam Answers

NEW QUESTION 1
Which two technologies should an organization utilize for integration with the Network Prevent products? (choose two.)

• A. Network Tap
• B. Network Firewall
• C. Proxy Server
• D. Mail Transfer Agent
• E. Encryption Appliance

Answer: CD

Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent

NEW QUESTION 2
Which service encrypts the message when using a Modify SMTP Message response rule?

• A. Network Monitor server
• B. SMTP Prevent
• C. Enforce server
• D. Encryption Gateway

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent

NEW QUESTION 3
An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.
Which detection method should the organization use to meet this requirement?

• A. Exact Data Matching (EDM)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Vector Machine Learning (VML)

Answer: D

NEW QUESTION 4
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

• A. Apply a new global agent uninstall password in the Enforce management console.
• B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.
• C. Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server
• D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Answer: D

NEW QUESTION 5
What detection technology supports partial row matching?

• A. Vector Machine Learning (VML)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Exact Data Matching (EDM)

Answer: D

Explanation:
Reference: https://www.slideshare.net/iftikhariqbal/technology-overview-symantec-data-loss-prevention-dlp

NEW QUESTION 6
Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

• A. Network Discover
• B. Cloud Service for Email
• C. Endpoint Prevent
• D. Network Protect

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v15600645_v125428396/Configuring-Network-Protect-for-file-shares?locale=EN_US

NEW QUESTION 7
What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

• A. Smart Response on the Incident page
• B. Automated Response on the Incident Snapshot page
• C. Smart Response on an Incident List report
• D. Automated Response on an Incident List report

Answer: B

NEW QUESTION 8
A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.
How should the administrator bring the detection servers to a running state in the Enforce management console?

• A. Restart the Vontu Update Service on the Enforce server
• B. Ensure the Vontu Monitor Controller service is running in the Enforce server
• C. Delete all of the .BAD files in the Incidents folder on the Enforce server
• D. Restart the Vontu Monitor Service on all the affected detection servers

Answer: B

NEW QUESTION 9
Which channel does Endpoint Prevent protect using Device Control?

• A. Bluetooth
• B. USB storage
• C. CD/DVD
• D. Network card

Answer: B

Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO80865.html#v36651044

NEW QUESTION 10
A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. What are the processes missing from the Server Detail page display?

• A. The Display Process Control setting on the Advanced Settings page is disabled.
• B. The Advanced Process Control setting on the System Settings page is deselected.
• C. The detection server Display Control Process option is disabled on the Server Detail page.
• D. The detection server PacketCapture process is displayed on the Server Overview page.

Answer: B

Explanation:
Reference: https://support.symantec.com/content/unifiedweb/en_US/article.TECH220250.html

NEW QUESTION 11
What detection technology supports partial contents matching?

• A. Indexed Document Matching (IDM)
• B. Described Content Matching (DCM)
• C. Exact Data Matching (EDM)
• D. Optical Character Recognition (OCR)

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US

NEW QUESTION 12
A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information.
What detection method should the company use?

• A. Indexed Document Matching (IDM)
• B. Vector Machine Learning (VML)
• C. Exact Data Matching (EDM)
• D. Described Content Matching (DCM)

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.5/DLP/v40148006_v128674454/About-Data-Owner-Exception?locale=EN_US

NEW QUESTION 13
A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should be compliance officer generate to obtain the compliance information?

• A. Policy report, filtered on date and summarized by policy
• B. Policy Trend report, summarized by policy, then quarter
• C. Policy report, filtered on quarter and summarized by policy
• D. Policy Trend report, summarized by policy, then severity

Answer: A

NEW QUESTION 14
A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

• A. Change the “Ignore requests Smaller Than” value to 1
• B. Add the filename to the Inspect Content Type field
• C. Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”
• D. Uncheck trial mode under the ICAP tab

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/id-SF0B0161467_v120691346/Configuring-Network-Prevent-for-Web-Server?locale=EN_US

NEW QUESTION 15
A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers. What should the administrator do to make the Network Discover option available?

• A. Restart the Symantec DLP Controller service
• B. Apply a new software license file from the Enforce console
• C. Install a new Network Discover detection server
• D. Restart the Vontu Monitor Service

Answer: C

NEW QUESTION 16
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked. What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

• A. Disable and re-enable the Endpoint Prevent policy to activate the changes
• B. Double-check that the correct device ID or class has been entered for each device
• C. Verify Application File Access Control (AFAC) is configured to monitor the specific application
• D. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Answer: D

NEW QUESTION 17
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?

• A. Only DLP administrators are permitted to access and view data for high risk users.
• B. The Enforce server has insufficient permissions for importing user attributes.
• C. User attribute data must be configured separately from incident data attributes.
• D. User attributes have been incorrectly mapped to Active Directory accounts.

Answer: D

NEW QUESTION 18
Which option correctly describes the two-tier installation type for Symantec DLP?

• A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
• B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
• C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
• D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers

NEW QUESTION 19
What is required on the Enforce server to communicate with the Symantec DLP database?

• A. Port 8082 should be opened
• B. CryptoMasterKey.properties file
• C. Symbolic links to .dbf files
• D. SQL*Plus Client

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/articles/three-tier-installation-dlp-product

NEW QUESTION 20
A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards.
Which feature should a third party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

• A. Export incidents using the CSV format
• B. Incident Reporting and Update API
• C. Incident Data Views
• D. A Web incident extraction report

Answer: B

NEW QUESTION 21
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?

• A. Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
• B. Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
• C. Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.
• D. Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

Answer: A

Explanation:
Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620215.html

NEW QUESTION 22
What detection server is used for Network Discover, Network Protect, and Cloud Storage?

• A. Network Protect Storage Discover
• B. Network Discover/Cloud Storage Discover
• C. Network Prevent/Cloud Detection Service
• D. Network Protect/Cloud Detection Service

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-Network-Discover-Cloud-Storage-Discover-Server-configuration?locale=EN_US

NEW QUESTION 23
......