Symantec 250-438 ExamAdministration of Symantec Data Loss Prevention 15

Total Question: 70 Last Updated: Oct 16,2020
  • Updated 250-438 Dumps
  • Based on Real 250-438 Exams Scenarios
  • Free 250-438 pdf Demo Available
  • Check out our 250-438 Dumps in a new PDF format
  • Instant 250-438 download
  • Guarantee 250-438 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $85.95 $39.99

Buy Now Free Trial

The Rebirth Guide To 250-438 Exam Answers

It is more faster and easier to pass the Symantec 250-438 exam by using Top Quality Symantec Administration of Symantec Data Loss Prevention 15 questuins and answers. Immediate access to the Update 250-438 Exam and find the same core area 250-438 questions with professionally verified answers, then PASS your exam with a high score now.

Free 250-438 Demo Online For Symantec Certifitcation:

NEW QUESTION 1
What detection technology supports partial row matching?

  • A. Vector Machine Learning (VML)
  • B. Indexed Document Matching (IDM)
  • C. Described Content Matching (DCM)
  • D. Exact Data Matching (EDM)

Answer: D

Explanation:
Reference: https://www.slideshare.net/iftikhariqbal/technology-overview-symantec-data-loss-prevention-dlp

NEW QUESTION 2
What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

  • A. Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller
  • B. Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller
  • C. Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.
  • D. Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v23042736_v125428396/Stopping-an-Enforce-Server-on-Windows?locale=EN_US

NEW QUESTION 3
A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration. What is one possible reason that the agent fails to receive the new configuration?

  • A. The new agent configuration was saved but not applied to any endpoint groups.
  • B. The new agent configuration was copied and modified from the default agent configuration.
  • C. The default agent configuration must be disabled before the new configuration can take effect.
  • D. The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Answer: C

NEW QUESTION 4
Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)

  • A. Exchange
  • B. Jiveon
  • C. File store
  • D. SharePoint
  • E. Confluence

Answer: CD

Explanation:
Reference: https://www.symantec.com/content/dam/symantec/docs/data-sheets/information-centric-encryption-en.pdf

NEW QUESTION 5
Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

  • A. Endpoint Discover: Quarantine File
  • B. All: Send Email Notification
  • C. Endpoint Prevent: User Cancel
  • D. Endpoint Prevent: Block
  • E. Network Protect: Quarantine File

Answer: AD

NEW QUESTION 6
A DLP administrator needs to remove an agent its associated events from an Endpoint server.
Which Agent Task should the administrator perform to disable the agent’s visibility in the Enforce management console?

  • A. Delete action from the Agent Health dashboard
  • B. Delete action from the Agent List page
  • C. Disable action from Symantec Management Console
  • D. Change Endpoint Server action from the Agent Overview page

Answer: C

NEW QUESTION 7
A DLP administrator determines that the SymantecDLPProtectIncidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the Incidents directory. Only .IDC files larger than 1MB are turning to .BAD files.
What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

  • A. A corrupted policy was deployed.
  • B. The Enforce server’s hard drive is out of space.
  • C. A detection server has excessive filereader restarts.
  • D. Tablespace is almost full.

Answer: D

NEW QUESTION 8
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?

  • A. There is insufficient disk space on the Network Monitor server.
  • B. The Network Monitor server’s certificate is corrupt or missing.
  • C. The Network Monitor server’s license file has expired.
  • D. The Enforce and Network Monitor servers are running different versions of DLP.

Answer: D

NEW QUESTION 9
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

  • A. Apply a new global agent uninstall password in the Enforce management console.
  • B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.
  • C. Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server
  • D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Answer: D

NEW QUESTION 10
Which detection server is available from Symantec as a hardware appliance?

  • A. Network Prevent for Email
  • B. Network Discover
  • C. Network Monitor
  • D. Network Prevent for Web

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122938258_v120691346/Setting-up-the-DLP-S500-Appliance?locale=EN_US

NEW QUESTION 11
Which channel does Endpoint Prevent protect using Device Control?

  • A. Bluetooth
  • B. USB storage
  • C. CD/DVD
  • D. Network card

Answer: B

Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO80865.html#v36651044

NEW QUESTION 12
An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.” How should the administrator log in to the Enforce console with the “sysadmin” role?

  • A. sysadminusername
  • B. sysadminusername@domain
  • C. domainusername
  • D. usernamesysadmin

Answer: C

NEW QUESTION 13
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked. What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

  • A. Disable and re-enable the Endpoint Prevent policy to activate the changes
  • B. Double-check that the correct device ID or class has been entered for each device
  • C. Verify Application File Access Control (AFAC) is configured to monitor the specific application
  • D. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Answer: D

NEW QUESTION 14
Which action is available for use in both Smart Response and Automated Response rules?

  • A. Log to a Syslog Server
  • B. Limit incident data retention
  • C. Modify SMTP message
  • D. Block email message

Answer: D

NEW QUESTION 15
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?

  • A. Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
  • B. Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
  • C. Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.
  • D. Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

Answer: A

Explanation:
Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620185.html

NEW QUESTION 16
Where should an administrator set the debug levels for an Endpoint Agent?

  • A. Setting the log level within the Agent List
  • B. Advanced configuration within the Agent settings
  • C. Setting the log level within the Agent Overview
  • D. Advanced server settings within the Endpoint server

Answer: C

Explanation:
Reference: https://support.symantec.com/en_US/article.TECH248581.html

NEW QUESTION 17
Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

  • A. The OCR engine must be installed on detection server other than the Enforce server.
  • B. The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.
  • C. The OCR engine must be directly on the Enforce server.
  • D. The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122760174_v120691346/Setting-up-OCR-Servers?locale=EN_US

NEW QUESTION 18
Which two detection technology options run on the DLP agent? (Choose two.)

  • A. Optical Character Recognition (OCR)
  • B. Described Content Matching (DCM)
  • C. Directory Group Matching (DGM)
  • D. Form Recognition
  • E. Indexed Document Matching (IDM)

Answer: BE

NEW QUESTION 19
What is the correct order for data in motion when a customer has integrated their CloudSOC and DLP solutions?

  • A. User > CloudSOC Gatelet > DLP Cloud Detection Service > Application
  • B. User > Enforce > Application
  • C. User > Enforce > CloudSOC > Application
  • D. User > CloudSOC Gatelet > Enforce > Application

Answer: C

NEW QUESTION 20
What is the correct configuration for “BoxMonitor.Channels” that will allow the server to start as a Network Monitor server?

  • A. Packet Capture, Span Port
  • B. Packet Capture, Network Tap
  • C. Packet Capture, Copy Rule
  • D. Packet capture, Network Monitor

Answer: C

Explanation:
Reference: https://support.symantec.com/en_US/article.TECH218980.html

NEW QUESTION 21
Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

  • A. Allow the content to be posted
  • B. Remove the content through FlexResponse
  • C. Block the content before posting
  • D. Encrypt the content before posting
  • E. Redirect the content to an alternative destination

Answer: AE

NEW QUESTION 22
Which option is an accurate use case for Information Centric Encryption (ICE)?

  • A. The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.
  • B. The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.
  • C. The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.
  • D. The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/ICE1.0/ICE/v126756321_v120576779/Using-ICE-with-Symantec-Data-Loss-Preventionabout_dlp?locale=EN_US

NEW QUESTION 23
Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

  • A. Network Discover
  • B. Cloud Service for Email
  • C. Endpoint Prevent
  • D. Network Protect

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v15600645_v125428396/Configuring-Network-Protect-for-file-shares?locale=EN_US

NEW QUESTION 24
......

100% Valid and Newest Version 250-438 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/250-438/ (New 70 Q&As)