250-428 information - Administration of Symantec Endpoint Protection 14 Updated: 2023
 |
 |
 |
 |
 |
 |
 |
 |
250-428 Administration of Symantec Endpoint Protection 14
Exam ID : 250-428
Exam Title : Administration of Symantec Endpoint Protection 14
Questions: 65 - 75
Exam Duration: 90 minutes
Passing Score: 70%
Languages: English
The Symantec Endpoint Protection 14: Plan and Implement course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with planning and implementing a Symantec Endpoint Protection environment. This course covers how to architect and size a Symantec Endpoint Protection environment, install or upgrade the Symantec Endpoint Protection Manager (SEPM), benefit from a SEPM disaster recovery plan, and manage replication and failover. The class also covers how to deploy new endpoints and upgrade existing Windows, Mac, and Linux endpoints.
Course Objectives
By the completion of this course, you will be able to:
• Architect a Symantec Endpoint Protection Environment
• Prepare and deliver a successful Symantec Endpoint Installation
• Build a Disaster Recovery plan to ensure successful SEPM backups and restores
• Manage failover and replication
• Deploy endpoint clients
Introduction
• Course environment
• Lab environment
Preparing and Delivering a Successful Symantec Endpoint Protection Implementation
• Architecting and Sizing the Symantec Endpoint Protection Environment
• Installing the SEPM
• Benefiting from a SEPM Disaster Recovery Plan
• Managing Replication and Failover
Discovering Endpoint Client Implementation and Strategies
• Implementing the Best Method to Deploy Windows, Mac, and Linux Endpoints
• Migrating a SEP 12.1.6 client to SEP 14
Symantec Endpoint Protection 14.x: Configure and Protect
The Symantec Endpoint Protection 14.x: Configure and Protect course is designed for the network, IT security, and systems administration professionals in a Security Operations position who are tasked with configuring optimum security settings for endpoints protected by Symantec Endpoint Protection 14. This class brings context and examples of attacks and tools used by cybercriminals.
Introduction
• Course environment
• Lab environment
Securing Endpoints against Network-Based Attacks
Introducing Network Threats
ï‚· Describing how Symantec Endpoint Protection protects each layer of the network stack
ï‚· Discovering the tools and methods used by attackers
ï‚· Describing the stages of an attack Protecting against Network Attacks and Enforcing Corporate Policies using the Firewall Policy
ï‚· Preventing network attacks
ï‚· Examining Firewall Policy elements
ï‚· Evaluating built-in rules
ï‚· Creating custom firewall rules
ï‚· Enforcing corporate security policy with firewall rules
ï‚· Blocking network attacks using protection and stealth settings
ï‚· Configuring advanced firewall feature Blocking Threats with Intrusion Prevention
ï‚· Introducing Intrusion Prevention technologies
ï‚· Configuring the Intrusion Prevention policy
ï‚· Managing custom signatures
ï‚· Monitoring Intrusion Prevention events
Introducing File-Based Threats
ï‚· Describing threat types
ï‚· Discovering how attackers disguise their malicious applications
ï‚· Describing threat vectors
ï‚· Describing Advanced Persistent Threats and a typical attack scenario
ï‚· Following security best practices to reduce risks Preventing Attacks with SEP Layered Security
ï‚· Virus and Spyware protection needs and solutions
ï‚· Describing how Symantec Endpoint Protection protects each layer of the network stack
ï‚· Examining file reputation scoring
ï‚· Describing how SEP protects against zero-day threats and threats downloaded through files and email
ï‚· Describing how endpoints are protected with the Intelligent Threat Cloud Service
ï‚· Describing how the emulator executes a file in a sandbox and the machine learning engines role and function
Securing Windows Clients
ï‚· Platform and Virus and Spyware Protection policy overview
ï‚· Tailoring scans to meet an environments needs
ï‚· Ensuring real-time protection for clients
ï‚· Detecting and remediating risks in downloaded files
ï‚· Identifying zero-day and unknown threats
ï‚· Preventing email from downloading malware
ï‚· Configuring advanced options
ï‚· Monitoring virus and spyware activity Securing Mac Clients
ï‚· Touring the SEP for Mac client
ï‚· Securing Mac clients
ï‚· Monitoring Mac clients
Securing Linux Clients
ï‚· Navigating the Linux client
ï‚· Tailoring Virus and Spyware settings for Linux clients
ï‚· Monitoring Linux clients Controlling endpoint integrity and compliance
Providing Granular Control with Host Integrity
ï‚· Ensuring client compliance with Host Integrity
ï‚· Configuring Host Integrity
ï‚· Troubleshooting Host Integrity
ï‚· Monitoring Host Integrity
Controlling Application and File Access
ï‚· Describing Application Control and concepts
ï‚· Creating application rulesets to restrict how applications run
ï‚· Monitoring Application Control events Restricting Device Access for Windows and Mac Clients
ï‚· Describing Device Control features and concepts for Windows and Mac clients
ï‚· Enforcing access to hardware using Device Control
ï‚· Discovering hardware access policy violations with reports, logs, and notifications
Hardening Clients with System Lockdown
ï‚· What is System Lockdown?
ï‚· Determining to use System Lockdown in Whitelist or Blacklist mode
ï‚· Creating whitelists for blacklists
ï‚· Protecting clients by testing and Implementing System Lockdown.
Enforcing Adaptive Security Posture
Customizing Policies based on Location
ï‚· Creating locations to ensure the appropriate level of security when logging on remotely
ï‚· Determining the criteria and order of assessment before assigning policies
ï‚· Assigning policies to locations
ï‚· Monitoring locations on the SEPM and SEP client
Managing Security Exceptions
ï‚· Creating file and folder exceptions for different scan types
ï‚· Describing the automatic exclusion created during installation
ï‚· Managing Windows and Mac exclusions
ï‚· Monitoring security exceptions
Symantec Endpoint Protection 14.x: Manage and Administer
The Symantec Endpoint Protection 14.x: Manage and Administer course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with the day-to-day operation of the SEPM management console. The class covers configuring sever-client communication, domains, groups, and locations and Active Directory integration. You also learn how Symantec Endpoint Protection uses LiveUpdate servers and Group Update Providers to deliver content to clients. In addition, you learn how to respond to incidents using monitoring and reporting
Course Objectives
By the completion of this course, you will be able to:
• Describe how the Symantec Endpoint Protection Manager (SEPM) communicates with clients and make appropriate changes as necessary.
• Design and create Symantec Endpoint Protection group structures to meet the needs of your organization.
• Respond to threats using SEPM monitoring and reporting.
• Analyze the content delivery system (LiveUpdate).
• Reduce bandwidth consumption using the best method to deliver content updates to clients.
• Configure Group Update Providers.
• Create location aware content updates
.
• Use Rapid Release definitions to remediate a virus outbreak.
Monitoring and Managing Endpoints
Managing Console Access and Delegating
Responsibility
• Creating administrator accounts
• Managing administrators and delegating responsibility
Managing Client-to-SEPM Communication
• Analyzing client-to-SEPM communication
• Restoring communication between clients and SEPM
• Verifying clients are online with the SEPM
Managing the Client Architecture and Active
Directory Integration
• Describing the interaction between sites, domains, and groups
• Managing groups, locations, and policy inheritance
• Assigning policies to multiple locations
• Importing Active Directory Organizational Units
• Controlling access to client user interface settings
Managing Clients and Responding to Threats
• Identifying and verifying the protection status for all computers
• Monitoring for health status and anomalies
• Responding to incidents
Monitoring the Environment and Responding to Threats
• Monitoring critical log data
• Identifying new incidents
• Responding to incidents
• Proactively respond to incidents
Creating Incident and Health Reports
• Reporting on your environments security status
• Reporting on the health of your environment
Enforcing Content Updates on
Endpoints using the Best Method
Introducing Content Updates using LiveUpdate
ï‚· Describing the LiveUpdate ecosystem
ï‚· Configuring LiveUpdate sources
ï‚· Troubleshooting LiveUpdate
ï‚· Examining the need for an internal LiveUpdate
Administration server
ï‚· Describe the high-level steps to configure an internal
LiveUpdate server
Analyzing the SEPM Content Delivery System
ï‚· Describing content updates
ï‚· Configuring LiveUpdate on the SEPM and clients
ï‚· Monitoring a LiveUpdate session
ï‚· Managing content on the SEPM
ï‚· Monitoring content distribution for clients
Managing Group Update Providers
ï‚· Identifying the advantages of using group update providers
ï‚· Adding group update providers
ï‚· Adding multiple and explicit group update providers
ï‚· Identifying and monitoring group update providers
ï‚· Examining group update provider health and status
Configuring Location Aware Content Updates
ï‚· Examining location awareness
ï‚· Configuring location aware content updates
ï‚· Monitoring location aware content updates
Managing Certified and Rapid Release Definitions
ï‚· Managing Certified SEPM definitions from Symantec
Security Response
ï‚· Managing Certified Windows client definitions from Symantec Security Response
ï‚· Managing Rapid Release definitions from Symantec Security Response
ï‚· Managing Certified and Rapid Release definitions from Symantec Security Response for Mac and Linux clients
ï‚· Using static definitions in scripts to obtain content
Symantec Administration information
Other Symantec exams
250-251 Administration of HA Solutions for UNIX (VCS 5.0)250-351 Administration of HA Solutions for Windows using VCS 5.0
250-406 Administration of Clearwell eDiscovery Platform 7.x
250-407 Prepare for Symantec Symantec Client Management Suite 7.x
850-001 Cloud Security 1.0
250-428 Administration of Symantec Endpoint Protection 14
250-428
Administration of Symantec Endpoint Protection 14
https://killexams.com/pass4sure/exam-detail/250-428
Question: 112
What happens when the license expires in Symantec Endpoint Protection 14 enterprise
Edition?
A. Live Update stops.
B. Group Update Providers (GUP) stop.
C. Symantec Insight is disabled.
D. Content updates continue.
Answer: D
Question: 113
A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread
evenly across two sites. The administrator needs to direct replication activity to SEPM3
server in Site 1 and SEPM4 in Site 2. Which two actions should the administrator take to
direct replication activity to SEPM3 and SEPM4? (Select two.)
A. Install SEPM3 and SEPM4 after the other SEPMs
B. Install the SQL Server databases on SEPM3 and SEPM4
C. Ensure SEPM3 and SEPM4 are defined as the top priority server in the Site Settings
D. Ensure SEPM3 and SEPM4 are defined as remote servers in the replication partner
configuration
E. Install IT Analytics on SEPM3 and SEPM4
Answer: C, D
Question: 114
An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP)
deployment. The administrator needs to determine whether replication is viable without
needing to make network firewall changes or change defaults in SEP. Which port should
the administrator verify is open on the path of communication between the two proposed
sites?
A. 1433
B. 2967
C. 8014
D. 8443
Answer: D
Question: 115
An administrator uses the scorch criteria displayed in the image below.
Which results ore returned from the query?
A. Only VMware Servers in the Default Group
B. All Windows 2012 Servers in the Default Group
C. Only Windows 2012 Servers that are Virtualized in the Default Group
D. All Windows 2012 Servers and all Virtualized Servers in the Default Group
Answer: D
Question: 116
Where can an administrator obtain the Sylink.xml file?
A. C:\Program Files\Symantec\Symantec Endpoint Protection\ folder on the client
B. C:\Program Files\Symantec\Symantec Endpoint
Protection\Manager\data\inbox\agent\ folder on the Symantec Endpoint Protection
Manager
C. by selecting the client group and exporting the communication settings in the
Symantec Endpoint Protection Manager Console
D. by selecting the location and exporting the communication settings in the Symantec
Endpoint Protection Manager Console
Answer: C
Question: 117
An administrator needs to configure Secure Socket Layer (SSL) communication for
clients. In the httpd.conf file, located on the Symantec Endpoint Protection Manager
(SEPM), the administrator removes the hashmark (#) from the text string displayed
below. #Include conf/ssl/sslForcClients.conf< Which two tasks must the administrator
perform to complete the SSL configuration? (Select two.)
A. edit site.properties and change the port to 443
B. restart the Symantec Endpoint Protection Manager Webserver service
C. change the default certificates on the SEPM and reboot
D. change the Management Server List and enable HTTPs
E. change the port in Clients > Group > Policies > Settings > Communication Settings
and force the clients to reconnect
Answer: B, D
Question: 118
In which two areas can host groups be used? (Select two.)
A. Locations
B. obtain Insight
C. IPS
D. Application and Device Control
E. Firewall
Answer: C, E
Question: 119
A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block
FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team
informs the administrator that a client system is making an FTP connection to a server.
While investigating the problem from the SEP client GUI, the administrator notices that
there are zero entries pertaining to FTP traffic in the SEP Traffic log or Packet log.
While viewing the Network Activity dialog, there is zero inbound/outbound traffic for
the FTP process. What is the most likely reason?
A. The block rule is below the blue line.
B. The server has an IPS exception for that traffic.
C. Peer-to-peer authentication is allowing the traffic.
D. The server is in the IPS policy excluded hosts list.
Answer: D
Question: 120
You have just started a relayout operation in a live test environment, and you want to
limit the impact of your work on concurrent testing activities. You also want to
accommodate the need to constrain a relayout job’s performance impact on concurrent
activities. What would you do to perform this task?
A. Use the "set iodelay" option of vxtask to throttle the VxVM task.
B. Use the "set iowait" option of vxtask to throttle the VxVM task.
C. Use the "set slow" option of vxtask to throttle the VxVM task.
D. Use the "set nice" option of vxtask to throttle the VxVM task.
Answer: C
For More exams visit https://killexams.com/vendors-exam-list
Kill your exam at First Attempt....Guaranteed!
Preparing for the Evaluation Period
Please be aware that classes need to meet minimum enrollment, have at least one instructor listed, and not be on an exceptions list (more information available in the CTEC Guidelines section) in order to be evaluated. Individuals listed as Course Coordinator in CAESAR are not considered instructors and also not evaluated.
All instructors and TAs who should be evaluated need to be listed in CAESAR. If they are not listed in CAESAR on the primary scheduled component (i.e. lecture rather than discussions), they will not be included on the evaluation form.
Please make sure to review all instructor/TA assignments for your department's classes to ensure the correct individuals are evaluated, and to prevent issues with missing instructors/TAs.
Accessing Reports as an Administrator
To access available individual admin reports for instructors and TAs in your department (security access required), select from the following options:
- Sign in to CAESAR as an administrator and navigate to "Search CTECs for Admin" Instructions: https://www.northwestern.edu/ses/staff/ctecs/running-ctec-instructor-reports-in-ses-caesar.html
- Visit the Blue system directly (https://northwestern.bluera.com/northwestern)
To access available individual reports published to students for instructors outside of your department, sign in to CAESAR as an administrator and navigate to "Search CTECs" or "Search CTECs FLUID".
To request administrative access to department instructor reports (only recommended for those who should also have Student Records access), please submit the Request New or Additional Administrative Access to CAESAR form (select "CTEC Department Reports"). Contact ctec@northwestern.edu with any questions.
- Access to course survey data gathered prior to Winter 2016 will only be through CAESAR and the Cognos BI reporting application.
- Course survey data gathered Winter 2016 and later will be linked through both CAESAR and Blue, and also available through the Cognos BI reporting application.
- Reports for courses taught prior to 2009 can be requested from the CTEC Office: ctec@northwestern.edu
Cognos BI - Aggregate Reports
Aggregate reports (the data can be queried across terms, courses, instructors, etc.) for instructors and TAs are available through Cognos BI. The data available in BI include numerical response averages to core standard questions, and do not include department specific or qualitative questions. Those with Administrative access to CAESAR should have access to pull BI reports. Full instructor reports can currently only be pulled individually through CAESAR or Blue.
Spring 2020 Reports
Per the recommendation of the Provost office, deans, and faculty senate, Spring 2020 reports are not published to administrators and may not be used to inform faculty hiring, tenure, and promotion decisions.
This is your page for information, help, and resources related to the impact latest events have had on you as an employee here at Sac State. Information changes rapidly, so this webpage should serve as your one-stop shop for information, curated from all of our campus partners.
The Virtual Calming Room is a resource for you to redefine your self-care and highlights the need and commitment for tools and strategies to cope with on-going stress. We recognize that many members of campus community are currently experiencing pain and trauma caused by racism and bias, as well as the ongoing stress of the pandemic. We hope that these resources and tools provide some assistance.
Energy Information Administration (EIA) Administrator Joseph DeCarolis and Assistant Administrator for Energy Analysis Angelina LaRose discussed energy supply and demand and analyzed global trends at an event hosted by the Center for Strategic and International Studies (CSIS). subjects included industrial energy consumption, natural gas, electric vehicle adoption and oil consumption trends. close
Our network team administers the connectivity components of our campus technology infrastructure. We ensure that networks - such as eduroam, the official campus wi-fi - are secure, performing as expected, and can communicate across the internet. If you're looking to add, modify, or change your network service, we're ready to partner with you on solutions.
What We Do
Wi-Fi Management
To meet growing campus needs, we continually Excellerate the performance, coverage and security of our campus wireless network, eduroam. We also ensure that all equipment, software, and technologies work as expected.
Device Connectivity
Connectivity services ensure that devices on campus are properly configured, perform as expected, and securely communicate with campus technology resources. This includes the following types of devices:
- Facilities IoT Devices: Facilities and climate automation such as smart locks and thermostats.
- Personal Smart Devices and Appliances: Home automation devices such as Alexa, Google Home, and/or gaming consoles such as a PS4, Switch, or Xbox.
- University-Managed Devices: University workstations, phones, photocopier/fax machines, TVs, Kiosks, among many others.
Network Service Management
Ports and Jacks
Also known as Ethernet ports, these physical connection points are essential in allowing your workstation and office phone to be a part of the campus network. We install and maintain these connection points to make sure that network service is consistently delivered throughout campus.
DNS, DHCP, and IP Addresses (DDI)
DNS, DHCP and IP address management (DDI) allows devices and services to identify and communicate with each another, similar to how we have names, locations, and phone numbers.
We plan and manage the assignment of these resources so that you can find and get to where you need.
Request a Network Service Change
| Qty | Wall Jack type | Cost |
|---|---|---|
| 1 | CAT 6 | $392.44 |
| 2 | CAT 6 | $627.90 |
| 3 | CAT 6 | $687.70 |
| 4 | CAT 6 | $748.65 |
| 1 | CAT 5e | $313.95 |
| 2 | CAT 5e | $483.00 |
| 3 | CAT 5e | $531.30 |
| 4 | CAT 5e | $555.45 |
The use of network distribution devices on CSUS network is not allowed. These devices include hubs, repeaters, switches, routers, firewalls, and wireless access points. While these devices might work just fine when used in a home office environment, they are not intended for use as part of a large network such as CSUS network and may have adverse effects on the security and reliability of your devices.
The supported method of connecting multiple machines to CSUS network is to have a dedicated network drop installed for each machine. This gives you greater reliability and a higher quality of network service than using a hub, and it will not cause service problems for other users of the network.
Options for adding devices that require network connectivity are:
- New wiring
Network team will provide an estimate bases on a site survey, estimates and schedule installation upon approval - The network team can provide temporary loaner switches for special temporary (No more than 5 working days) occasions
The request should be made through service desk and approved by ISO team before the network equipment can be installed. - Network switches are only approved for special purposes areas such as Computer LAB deployment or Computer repair stations on campus:
The request should be made through service desk and approved by ISO team before the network equipment can be installed. The network support team will consult with the users to understand the need and authorized the use and supply the equipment based on a chargeback model.
Information Resources and Technology (IR&T) reserves the right to turn off network service to illegal devices (and any machines connected to such a device) in order to keep the network running smoothly for everyone.
Underground Service Alert Utility Marking
Our Network team often partners with the Underground Service Alert to ensure common goals for safe digging and excavations. By marking underground network or power lines, we can help prevent damage to our campus network infrastructure.
The undergraduate concentration in Management Information Systems (MIS) is geared towards preparing students for careers in a variety of IT-related fields. It provides students with hands-on knowledge of information technology and business process, in preparing them for a bright career in IS/IT that includes Systems Analyst, Information Systems Consultant, Network Administrator, Database Administrator, Web Developer, Programmer, IT Support and Help Desk Services.Â
The MIS concentration coursework helps student:
- Learn the fundamentals of applying information technologies in business.
- Develop the skills to manage and maintain information systems in business.
- Solve real-world business problems with IT systems.
- Acquire the knowledge to design and develop information systems to solve business problems.Â
Students whose primary interest is in MIS are encourage to take additional business elective courses for a second business concentration to help their careers. Â
View the Degree Pathway.Â
For additional information contact the Manning School of Business.
There are currently no Tribe Alerts.
William & Mary is committed to providing a safe and secure environment for its students, faculty, employees and visitors to learn, teach, work and enjoy our beautiful campus and all it offers.
In pursuit of that goal, the university takes a comprehensive approach to protecting the campus community and preparing for any emergency. Although a university campus is among the safest places you can be, we work every day to make our campus safer.
Information provided here will help you familiarize yourself with William & Mary's emergency planning and to prepare yourself in case of an emergency.
The ability to deal with any incident depends on good communication. The university is committed to informing the community of an emergency, disaster or potential disaster immediately upon determining the nature of the emergency. It is important, however, for you to take an active role in staying informed.
Using the university's emergency notification system, the Emergency Management Team will notify the campus community of any confirmed emergency or dangerous situation that presents an immediate threat to the health or safety of the community.
Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront) Request ID: 1Nc4Q4I41mJjZAPnm3zoKPNuQJkjtJRW-uSzKir5R8souX4DWUEB6g==
250-428 exam syllabus | 250-428 study help | 250-428 testing | 250-428 exam format | 250-428 exam contents | 250-428 thinking | 250-428 guide | 250-428 plan | 250-428 mock | 250-428 test |
Killexams exam Simulator
Killexams Questions and Answers
Killexams Exams List
Search Exams
