Symantec 250-438 practice test

Administration of Symantec Data Loss Prevention 15 Exam


Question 1

What is the Symantec recommended order for stopping Symantec DLP services on a Windows
Enforce server?

  • A. Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller
  • B. Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller
  • C. Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.
  • D. Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.
Answer:

D

Discussions

Question 2

Where in the Enforce management console can a DLP administrator change the “UI.NO_SCAN.int”
setting to disable the “Inspecting data” pop-up?

  • A. Advanced Server Settings from the Endpoint Server Configuration
  • B. Advanced Monitoring from the Agent Configuration
  • C. Advanced Agent Settings from the Agent Configuration
  • D. Application Monitoring from the Agent Configuration
Answer:

C

Discussions

Question 3

Which two automated response rules will be active in policies that include Exact Data Matching
(EDM) detection rule? (Choose two.)

  • A. Endpoint Discover: Quarantine File
  • B. All: Send Email Notification
  • C. Endpoint Prevent: User Cancel
  • D. Endpoint Prevent: Block
  • E. Network Protect: Quarantine File
Answer:

A,D

Discussions

Question 4

Where should an administrator set the debug levels for an Endpoint Agent?

  • A. Setting the log level within the Agent List
  • B. Advanced configuration within the Agent settings
  • C. Setting the log level within the Agent Overview
  • D. Advanced server settings within the Endpoint server
Answer:

C

Discussions

Question 5

Which service encrypts the message when using a Modify SMTP Message response rule?

  • A. Network Monitor server
  • B. SMTP Prevent
  • C. Enforce server
  • D. Encryption Gateway
Answer:

D

Discussions

Question 6

How do Cloud Detection Service and the Enforce server communicate with each other?

  • A. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 8100.
  • B. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 443.
  • C. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 1443.
  • D. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 443.
Answer:

D

Discussions

Question 7

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle
database provided by the Database Administration team.
Which SQL *Plus command should the administrator utilize to determine if the database is using a
supported version of Oracle?

  • A. select database version from <database name>;
  • B. select * from db$version;
  • C. select * from v$version;
  • D. select db$ver from <database name>;
Answer:

C

Discussions

Question 8

A DLP administrator created a new agent configuration for an Endpoint server. However, the
endpoint agents fail to receive the new configuration.
What is one possible reason that the agent fails to receive the new configuration?

  • A. The new agent configuration was saved but not applied to any endpoint groups.
  • B. The new agent configuration was copied and modified from the default agent configuration.
  • C. The default agent configuration must be disabled before the new configuration can take effect.
  • D. The Endpoint server needs to be recycled so that the new agent configuration can take effect.
Answer:

C

Discussions

Question 9

A DLP administrator is checking the System Overview in the Enforce management console, and all of
the detection servers are showing as unknown. The Vontu services are up and running on the
detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection
servers. There is good network connectivity between the detection servers and the Enforce server
when testing with the telnet command.
How should the administrator bring the detection servers to a running state in the Enforce
management console?

  • A. Restart the Vontu Update Service on the Enforce server
  • B. Ensure the Vontu Monitor Controller service is running in the Enforce server
  • C. Delete all of the .BAD files in the Incidents folder on the Enforce server
  • D. Restart the Vontu Monitor Service on all the affected detection servers
Answer:

B

Discussions

Question 10

What detection technology supports partial row matching?

  • A. Vector Machine Learning (VML)
  • B. Indexed Document Matching (IDM)
  • C. described Content Matching (EDM)
  • D. Exact data Matching (EDM)
Answer:

D

Discussions
To page 2