250-441 Online Practice Questions and Answers

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Koobface

B. Brain

C. Flamer

D. Creeper

Which prerequisite is necessary to extend the ATP: Network solution service in order to correlate email detections?

A. Email Security.cloud

B. Web security.cloud

C. Skeptic

D. Symantec Messaging Gateway

How can an Incident Responder generate events for a site that was identified as malicious but has NOT triggered any events or incidents in ATP?

A. Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

B. Run an indicators of compromise (IOC) search in ATP manager.

C. Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

D. Add the site to a blacklist in ATP manager.

What impact does changing from Inline Block to SPAN/TAP mode have on blacklisting in ATP?

A. ATP will continue to block previously blacklisted addresses but NOT new ones.

B. ATP does NOT block access to blacklisted addresses unless block mode is enabled.

C. ATP will clear the existing blacklists.

D. ATP does NOT block access to blacklisted addresses unless TAP mode is enabled.

Which stage of an Advanced Persistent Threat (APT) attack do attackers map an organization's defenses from the inside?

A. Discovery

B. Capture

C. Exfiltration

D. Incursion

Malware is currently spreading through an organization's network. An Incident Responder sees some detections in SEP, but there is NOT an apparent relationship between them.

How should the responder look for the source of the infection using ATP?

A. Check for the file hash for each detection

B. Isolate a system and collect a sample

C. Submit the hash to Virus Total

D. Check of the threats are downloaded from the same domain or IP by looking at incidents

Which stage of an Advanced Persistent Threat (APT) attack do attackers break into an organization's network to deliver targeted malware?

A. Incursion

B. Discovery

C. Capture

D. Exfiltration

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A. Capture

B. Incursion

C. Discovery

D. Exfiltration

An Incident Responder has reviewed a STIX report and now wants to ensure that their systems have NOT been compromised by any of the reported threats.

Which two objects in the STIX report will ATP search against? (Choose two.)

A. SHA-256 hash

B. MD5 hash

C. MAC address

D. SHA-1 hash

E. Registry entry

An organization is considering an ATP: Endpoint and Network deployment with multiple appliances. Which form factor will be the most effective in terms of performance and costs?

A. Virtual for management, physical for the network scanners and ATP: Endpoint

B. Physical for management and ATP: Endpoint, virtual for the network scanners

C. Virtual for management and ATP: Endpoint, physical for the network scanners

D. Virtual for management, ATP: Endpoint, and the network scanners