Browsed by
Tag: 250-438 exam dumps

Free Sharing Updated 250-438 VCE and PDF Exam Practice Materials

Free Sharing Updated 250-438 VCE and PDF Exam Practice Materials

Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your Symantec Other Certification Apr 26,2022 Hotest 250-438 study guide Administration of Symantec Data Loss Prevention 15 exam. We will assist you clear the Hotest 250-438 vce exam with Symantec Other Certification 250-438 new questions. We 250-438 exam questions are the most comprehensive ones.

We Geekcert has our own expert team. They selected and published the latest 250-438 preparation materials from Official Exam-Center.

The following are the 250-438 free dumps. Go through and check the validity and accuracy of our 250-438 dumps.If you need to check sample questions of the 250-438 free dumps, go through the Q and As from 250-438 dumps below.

Question 1:

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected.

B. Modify the agent config.db to include the file

C. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D. Modify the agent configuration and select the option “Retain Original Files”

Correct Answer: A


Question 2:

Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

A. Any customer-hosted private cloud

B. Amazon Web Services

C. ATandT

D. Verizon

E. Rackspace

Correct Answer: BE

Reference: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/8000/DOC8244/en_US/Symantec_DLP_15.0_Cloud_Prevent_O365.pdf? __gda__=1554430310_584ffada3918e15ced8b6483a2bfb6fb (14)


Question 3:

Which detection method depends on “training sets”?

A. Form Recognition

B. Vector Machine Learning (VML)

C. Index Document Matching (IDM)

D. Exact Data Matching (EDM)

Correct Answer: B

Reference: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-dlp_machine_learning.WP_en-us.pdf


Question 4:

Which two detection technology options run on the DLP agent? (Choose two.)

A. Optical Character Recognition (OCR)

B. Described Content Matching (DCM)

C. Directory Group Matching (DGM)

D. Form Recognition

E. Indexed Document Matching (IDM)

Correct Answer: BE


Question 5:

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate this report?

A. Custom attributes

B. Status attributes

C. Sender attributes

D. User attributes

Correct Answer: A


Question 6:

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. What are the processes missing from the Server Detail page display?

A. The Display Process Control setting on the Advanced Settings page is disabled.

B. The Advanced Process Control setting on the System Settings page is deselected.

C. The detection server Display Control Process option is disabled on the Server Detail page.

D. The detection server PacketCapture process is displayed on the Server Overview page.

Correct Answer: B

Reference: https://support.symantec.com/content/unifiedweb/en_US/article.TECH220250.html


Question 7:

When managing an Endpoint Discover scan, a DLP administrator notices some endpoint computers are NOT completing their scans. When does the DLP agent stop scanning?

A. When the agent sends a report within the “Scan Idle Timeout” period

B. When the endpoint computer is rebooted and the agent is started

C. When the agent is unable to send a status report within the “Scan Idle Timeout” period

D. When the agent sends a report immediately after the “Scan Idle Timeout” period

Correct Answer: C


Question 8:

Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

A. Exchange

B. File System

C. Lotus Notes

D. SharePoint

Correct Answer: B

Reference: https://help.symantec.com/cs/DLP15.0/DLP/v83981880_v120691346/Troubleshooting-automated-incident-remediation-tracking?locale=EN_US


Question 9:

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.” How should the administrator log in to the Enforce console with the “sysadmin” role?

A. sysadmin\username

B. sysadmin\[email protected]

C. domain\username

D. username\sysadmin

Correct Answer: C


Question 10:

Refer to the exhibit.

What activity should occur during the baseline phase, according to the risk reduction model?

A. Define and build the incident response team

B. Monitor incidents and tune the policy to reduce false positives

C. Establish business metrics and begin sending reports to business unit stakeholders

D. Test policies to ensure that blocking actions minimize business process disruptions

Correct Answer: C


Question 11:

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

A. Endpoint Prevent

B. Cloud Service for Email

C. Network Prevent for Email

D. Network Discover

E. Cloud Detection Service

Correct Answer: BC


Question 12:

Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

A. Allow the content to be posted

B. Remove the content through FlexResponse

C. Block the content before posting

D. Encrypt the content before posting

E. Redirect the content to an alternative destination

Correct Answer: AE


Question 13:

Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

A. An absence of a trained incident response team

B. A disgruntled employee for a job with a competitor

C. Merger and Acquisition activities

D. Lack of training and awareness

E. Broken business processes

Correct Answer: BD


Question 14:

Which option is an accurate use case for Information Centric Encryption (ICE)?

A. The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.

B. The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.

C. The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.

D. The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Correct Answer: B

Reference: https://help.symantec.com/cs/ICE1.0/ICE/v126756321_v120576779/Using-ICE-with-Symantec-Data-Loss-Preventionabout_dlp?locale=EN_US


Question 15:

A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers. What should the administrator do to make the Network Discover option available?

A. Restart the Symantec DLP Controller service

B. Apply a new software license file from the Enforce console

C. Install a new Network Discover detection server

D. Restart the Vontu Monitor Service

Correct Answer: C