250-428 information - Administration of Symantec Endpoint Protection 14 Updated: 2023 | |||||||||||||||||||||||||||
Just memorize these 250-428 dumps questions before you go for test. | |||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
Exam Code: 250-428 Administration of Symantec Endpoint Protection 14 information November 2023 by Killexams.com team | |||||||||||||||||||||||||||
250-428 Administration of Symantec Endpoint Protection 14 Exam ID : 250-428 Exam Title : Administration of Symantec Endpoint Protection 14 Questions: 65 - 75 Exam Duration: 90 minutes Passing Score: 70% Languages: English The Symantec Endpoint Protection 14: Plan and Implement course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with planning and implementing a Symantec Endpoint Protection environment. This course covers how to architect and size a Symantec Endpoint Protection environment, install or upgrade the Symantec Endpoint Protection Manager (SEPM), benefit from a SEPM disaster recovery plan, and manage replication and failover. The class also covers how to deploy new endpoints and upgrade existing Windows, Mac, and Linux endpoints. Course Objectives By the completion of this course, you will be able to: • Architect a Symantec Endpoint Protection Environment • Prepare and deliver a successful Symantec Endpoint Installation • Build a Disaster Recovery plan to ensure successful SEPM backups and restores • Manage failover and replication • Deploy endpoint clients Introduction • Course environment • Lab environment Preparing and Delivering a Successful Symantec Endpoint Protection Implementation • Architecting and Sizing the Symantec Endpoint Protection Environment • Installing the SEPM • Benefiting from a SEPM Disaster Recovery Plan • Managing Replication and Failover Discovering Endpoint Client Implementation and Strategies • Implementing the Best Method to Deploy Windows, Mac, and Linux Endpoints • Migrating a SEP 12.1.6 client to SEP 14 Symantec Endpoint Protection 14.x: Configure and Protect The Symantec Endpoint Protection 14.x: Configure and Protect course is designed for the network, IT security, and systems administration professionals in a Security Operations position who are tasked with configuring optimum security settings for endpoints protected by Symantec Endpoint Protection 14. This class brings context and examples of attacks and tools used by cybercriminals. Introduction • Course environment • Lab environment Securing Endpoints against Network-Based Attacks Introducing Network Threats  Describing how Symantec Endpoint Protection protects each layer of the network stack  Discovering the tools and methods used by attackers  Describing the stages of an attack Protecting against Network Attacks and Enforcing Corporate Policies using the Firewall Policy  Preventing network attacks  Examining Firewall Policy elements  Evaluating built-in rules  Creating custom firewall rules  Enforcing corporate security policy with firewall rules  Blocking network attacks using protection and stealth settings  Configuring advanced firewall feature Blocking Threats with Intrusion Prevention  Introducing Intrusion Prevention technologies  Configuring the Intrusion Prevention policy  Managing custom signatures  Monitoring Intrusion Prevention events Introducing File-Based Threats  Describing threat types  Discovering how attackers disguise their malicious applications  Describing threat vectors  Describing Advanced Persistent Threats and a typical attack scenario  Following security best practices to reduce risks Preventing Attacks with SEP Layered Security  Virus and Spyware protection needs and solutions  Describing how Symantec Endpoint Protection protects each layer of the network stack  Examining file reputation scoring  Describing how SEP protects against zero-day threats and threats downloaded through files and email  Describing how endpoints are protected with the Intelligent Threat Cloud Service  Describing how the emulator executes a file in a sandbox and the machine learning engines role and function Securing Windows Clients  Platform and Virus and Spyware Protection policy overview  Tailoring scans to meet an environments needs  Ensuring real-time protection for clients  Detecting and remediating risks in downloaded files  Identifying zero-day and unknown threats  Preventing email from downloading malware  Configuring advanced options  Monitoring virus and spyware activity Securing Mac Clients  Touring the SEP for Mac client  Securing Mac clients  Monitoring Mac clients Securing Linux Clients  Navigating the Linux client  Tailoring Virus and Spyware settings for Linux clients  Monitoring Linux clients Controlling endpoint integrity and compliance Providing Granular Control with Host Integrity  Ensuring client compliance with Host Integrity  Configuring Host Integrity  Troubleshooting Host Integrity  Monitoring Host Integrity Controlling Application and File Access  Describing Application Control and concepts  Creating application rulesets to restrict how applications run  Monitoring Application Control events Restricting Device Access for Windows and Mac Clients  Describing Device Control features and concepts for Windows and Mac clients  Enforcing access to hardware using Device Control  Discovering hardware access policy violations with reports, logs, and notifications Hardening Clients with System Lockdown  What is System Lockdown?  Determining to use System Lockdown in Whitelist or Blacklist mode  Creating whitelists for blacklists  Protecting clients by testing and Implementing System Lockdown. Enforcing Adaptive Security Posture Customizing Policies based on Location  Creating locations to ensure the appropriate level of security when logging on remotely  Determining the criteria and order of assessment before assigning policies  Assigning policies to locations  Monitoring locations on the SEPM and SEP client Managing Security Exceptions  Creating file and folder exceptions for different scan types  Describing the automatic exclusion created during installation  Managing Windows and Mac exclusions  Monitoring security exceptions Symantec Endpoint Protection 14.x: Manage and Administer The Symantec Endpoint Protection 14.x: Manage and Administer course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with the day-to-day operation of the SEPM management console. The class covers configuring sever-client communication, domains, groups, and locations and Active Directory integration. You also learn how Symantec Endpoint Protection uses LiveUpdate servers and Group Update Providers to deliver content to clients. In addition, you learn how to respond to incidents using monitoring and reporting Course Objectives By the completion of this course, you will be able to: • Describe how the Symantec Endpoint Protection Manager (SEPM) communicates with clients and make appropriate changes as necessary. • Design and create Symantec Endpoint Protection group structures to meet the needs of your organization. • Respond to threats using SEPM monitoring and reporting. • Analyze the content delivery system (LiveUpdate). • Reduce bandwidth consumption using the best method to deliver content updates to clients. • Configure Group Update Providers. • Create location aware content updates . • Use Rapid Release definitions to remediate a virus outbreak. Monitoring and Managing Endpoints Managing Console Access and Delegating Responsibility • Creating administrator accounts • Managing administrators and delegating responsibility Managing Client-to-SEPM Communication • Analyzing client-to-SEPM communication • Restoring communication between clients and SEPM • Verifying clients are online with the SEPM Managing the Client Architecture and Active Directory Integration • Describing the interaction between sites, domains, and groups • Managing groups, locations, and policy inheritance • Assigning policies to multiple locations • Importing Active Directory Organizational Units • Controlling access to client user interface settings Managing Clients and Responding to Threats • Identifying and verifying the protection status for all computers • Monitoring for health status and anomalies • Responding to incidents Monitoring the Environment and Responding to Threats • Monitoring critical log data • Identifying new incidents • Responding to incidents • Proactively respond to incidents Creating Incident and Health Reports • Reporting on your environments security status • Reporting on the health of your environment Enforcing Content Updates on Endpoints using the Best Method Introducing Content Updates using LiveUpdate  Describing the LiveUpdate ecosystem  Configuring LiveUpdate sources  Troubleshooting LiveUpdate  Examining the need for an internal LiveUpdate Administration server  Describe the high-level steps to configure an internal LiveUpdate server Analyzing the SEPM Content Delivery System  Describing content updates  Configuring LiveUpdate on the SEPM and clients  Monitoring a LiveUpdate session  Managing content on the SEPM  Monitoring content distribution for clients Managing Group Update Providers  Identifying the advantages of using group update providers  Adding group update providers  Adding multiple and explicit group update providers  Identifying and monitoring group update providers  Examining group update provider health and status Configuring Location Aware Content Updates  Examining location awareness  Configuring location aware content updates  Monitoring location aware content updates Managing Certified and Rapid Release Definitions  Managing Certified SEPM definitions from Symantec Security Response  Managing Certified Windows client definitions from Symantec Security Response  Managing Rapid Release definitions from Symantec Security Response  Managing Certified and Rapid Release definitions from Symantec Security Response for Mac and Linux clients  Using static definitions in scripts to obtain content | |||||||||||||||||||||||||||
Administration of Symantec Endpoint Protection 14 Symantec Administration information | |||||||||||||||||||||||||||
Other Symantec exams250-251 Administration of HA Solutions for UNIX (VCS 5.0)250-351 Administration of HA Solutions for Windows using VCS 5.0 250-406 Administration of Clearwell eDiscovery Platform 7.x 250-407 Prepare for Symantec Symantec Client Management Suite 7.x 850-001 Cloud Security 1.0 250-428 Administration of Symantec Endpoint Protection 14 | |||||||||||||||||||||||||||
We are doing great struggle to provide you with actual 250-428 dumps with actual questions and answers, along explanations. Each Q&A on killexams.com has been showed by means of 250-428 certified experts. They are tremendously qualified and confirmed humans, who have several years of professional experience recognized with the 250-428 assessments. They check the question according to actual test. | |||||||||||||||||||||||||||
Symantec 250-428 Administration of Symantec Endpoint Protection 14 https://killexams.com/pass4sure/exam-detail/250-428 Question: 112 What happens when the license expires in Symantec Endpoint Protection 14 enterprise Edition? A. Live Update stops. B. Group Update Providers (GUP) stop. C. Symantec Insight is disabled. D. Content updates continue. Answer: D Question: 113 A company plans to install six Symantec Endpoint Protection Managers (SEPMs) spread evenly across two sites. The administrator needs to direct replication activity to SEPM3 server in Site 1 and SEPM4 in Site 2. Which two actions should the administrator take to direct replication activity to SEPM3 and SEPM4? (Select two.) A. Install SEPM3 and SEPM4 after the other SEPMs B. Install the SQL Server databases on SEPM3 and SEPM4 C. Ensure SEPM3 and SEPM4 are defined as the top priority server in the Site Settings D. Ensure SEPM3 and SEPM4 are defined as remote servers in the replication partner configuration E. Install IT Analytics on SEPM3 and SEPM4 Answer: C, D Question: 114 An administrator plans to implement a multi-site Symantec Endpoint Protection (SEP) deployment. The administrator needs to determine whether replication is viable without needing to make network firewall changes or change defaults in SEP. Which port should the administrator verify is open on the path of communication between the two proposed sites? A. 1433 B. 2967 C. 8014 D. 8443 Answer: D Question: 115 An administrator uses the scorch criteria displayed in the image below. Which results ore returned from the query? A. Only VMware Servers in the Default Group B. All Windows 2012 Servers in the Default Group C. Only Windows 2012 Servers that are Virtualized in the Default Group D. All Windows 2012 Servers and all Virtualized Servers in the Default Group Answer: D Question: 116 Where can an administrator obtain the Sylink.xml file? A. C:\Program Files\Symantec\Symantec Endpoint Protection\ folder on the client B. C:\Program Files\Symantec\Symantec Endpoint Protection\Manager\data\inbox\agent\ folder on the Symantec Endpoint Protection Manager C. by selecting the client group and exporting the communication settings in the Symantec Endpoint Protection Manager Console D. by selecting the location and exporting the communication settings in the Symantec Endpoint Protection Manager Console Answer: C Question: 117 An administrator needs to configure Secure Socket Layer (SSL) communication for clients. In the httpd.conf file, located on the Symantec Endpoint Protection Manager (SEPM), the administrator removes the hashmark (#) from the text string displayed below. #Include conf/ssl/sslForcClients.conf< Which two tasks must the administrator perform to complete the SSL configuration? (Select two.) A. edit site.properties and change the port to 443 B. restart the Symantec Endpoint Protection Manager Webserver service C. change the default certificates on the SEPM and reboot D. change the Management Server List and enable HTTPs E. change the port in Clients > Group > Policies > Settings > Communication Settings and force the clients to reconnect Answer: B, D Question: 118 In which two areas can host groups be used? (Select two.) A. Locations B. obtain Insight C. IPS D. Application and Device Control E. Firewall Answer: C, E Question: 119 A Symantec Endpoint Protection (SEP) administrator creates a firewall policy to block FTP traffic and assigns the policy to all of the SEP clients. The network monitoring team informs the administrator that a client system is making an FTP connection to a server. While investigating the problem from the SEP client GUI, the administrator notices that there are zero entries pertaining to FTP traffic in the SEP Traffic log or Packet log. While viewing the Network Activity dialog, there is zero inbound/outbound traffic for the FTP process. What is the most likely reason? A. The block rule is below the blue line. B. The server has an IPS exception for that traffic. C. Peer-to-peer authentication is allowing the traffic. D. The server is in the IPS policy excluded hosts list. Answer: D Question: 120 You have just started a relayout operation in a live test environment, and you want to limit the impact of your work on concurrent testing activities. You also want to accommodate the need to constrain a relayout job’s performance impact on concurrent activities. What would you do to perform this task? A. Use the "set iodelay" option of vxtask to throttle the VxVM task. B. Use the "set iowait" option of vxtask to throttle the VxVM task. C. Use the "set slow" option of vxtask to throttle the VxVM task. D. Use the "set nice" option of vxtask to throttle the VxVM task. Answer: C For More exams visit https://killexams.com/vendors-exam-list Kill your exam at First Attempt....Guaranteed! | |||||||||||||||||||||||||||
Preparing for the Evaluation PeriodPlease be aware that classes need to meet minimum enrollment, have at least one instructor listed, and not be on an exceptions list (more information available in the CTEC Guidelines section) in order to be evaluated. Individuals listed as Course Coordinator in CAESAR are not considered instructors and also not evaluated. All instructors and TAs who should be evaluated need to be listed in CAESAR. If they are not listed in CAESAR on the primary scheduled component (i.e. lecture rather than discussions), they will not be included on the evaluation form. Please make sure to review all instructor/TA assignments for your department's classes to ensure the correct individuals are evaluated, and to prevent issues with missing instructors/TAs. Accessing Reports as an AdministratorTo access available individual admin reports for instructors and TAs in your department (security access required), select from the following options:
To access available individual reports published to students for instructors outside of your department, sign in to CAESAR as an administrator and navigate to "Search CTECs" or "Search CTECs FLUID". To request administrative access to department instructor reports (only recommended for those who should also have Student Records access), please submit the Request New or Additional Administrative Access to CAESAR form (select "CTEC Department Reports"). Contact ctec@northwestern.edu with any questions.
Cognos BI - Aggregate Reports Aggregate reports (the data can be queried across terms, courses, instructors, etc.) for instructors and TAs are available through Cognos BI. The data available in BI include numerical response averages to core standard questions, and do not include department specific or qualitative questions. Those with Administrative access to CAESAR should have access to pull BI reports. Full instructor reports can currently only be pulled individually through CAESAR or Blue. Spring 2020 Reports Per the recommendation of the Provost office, deans, and faculty senate, Spring 2020 reports are not published to administrators and may not be used to inform faculty hiring, tenure, and promotion decisions. This is your page for information, help, and resources related to the impact latest events have had on you as an employee here at Sac State. Information changes rapidly, so this webpage should serve as your one-stop shop for information, curated from all of our campus partners. The Virtual Calming Room is a resource for you to redefine your self-care and highlights the need and commitment for tools and strategies to cope with on-going stress. We recognize that many members of campus community are currently experiencing pain and trauma caused by racism and bias, as well as the ongoing stress of the pandemic. We hope that these resources and tools provide some assistance. Energy Information Administration (EIA) Administrator Joseph DeCarolis and Assistant Administrator for Energy Analysis Angelina LaRose discussed energy supply and demand and analyzed global trends at an event hosted by the Center for Strategic and International Studies (CSIS). subjects included industrial energy consumption, natural gas, electric vehicle adoption and oil consumption trends. close Our network team administers the connectivity components of our campus technology infrastructure. We ensure that networks - such as eduroam, the official campus wi-fi - are secure, performing as expected, and can communicate across the internet. If you're looking to add, modify, or change your network service, we're ready to partner with you on solutions. What We DoWi-Fi ManagementTo meet growing campus needs, we continually Excellerate the performance, coverage and security of our campus wireless network, eduroam. We also ensure that all equipment, software, and technologies work as expected. Device ConnectivityConnectivity services ensure that devices on campus are properly configured, perform as expected, and securely communicate with campus technology resources. This includes the following types of devices:
Network Service ManagementPorts and JacksAlso known as Ethernet ports, these physical connection points are essential in allowing your workstation and office phone to be a part of the campus network. We install and maintain these connection points to make sure that network service is consistently delivered throughout campus. DNS, DHCP, and IP Addresses (DDI)DNS, DHCP and IP address management (DDI) allows devices and services to identify and communicate with each another, similar to how we have names, locations, and phone numbers. We plan and manage the assignment of these resources so that you can find and get to where you need. Request a Network Service Change
The use of network distribution devices on CSUS network is not allowed. These devices include hubs, repeaters, switches, routers, firewalls, and wireless access points. While these devices might work just fine when used in a home office environment, they are not intended for use as part of a large network such as CSUS network and may have adverse effects on the security and reliability of your devices. The supported method of connecting multiple machines to CSUS network is to have a dedicated network drop installed for each machine. This gives you greater reliability and a higher quality of network service than using a hub, and it will not cause service problems for other users of the network. Options for adding devices that require network connectivity are:
Information Resources and Technology (IR&T) reserves the right to turn off network service to illegal devices (and any machines connected to such a device) in order to keep the network running smoothly for everyone. Underground Service Alert Utility MarkingOur Network team often partners with the Underground Service Alert to ensure common goals for safe digging and excavations. By marking underground network or power lines, we can help prevent damage to our campus network infrastructure. The undergraduate concentration in Management Information Systems (MIS) is geared towards preparing students for careers in a variety of IT-related fields. It provides students with hands-on knowledge of information technology and business process, in preparing them for a bright career in IS/IT that includes Systems Analyst, Information Systems Consultant, Network Administrator, Database Administrator, Web Developer, Programmer, IT Support and Help Desk Services. The MIS concentration coursework helps student:
Students whose primary interest is in MIS are encourage to take additional business elective courses for a second business concentration to help their careers.  View the Degree Pathway. For additional information contact the Manning School of Business. There are currently no Tribe Alerts. William & Mary is committed to providing a safe and secure environment for its students, faculty, employees and visitors to learn, teach, work and enjoy our beautiful campus and all it offers. In pursuit of that goal, the university takes a comprehensive approach to protecting the campus community and preparing for any emergency. Although a university campus is among the safest places you can be, we work every day to make our campus safer. Information provided here will help you familiarize yourself with William & Mary's emergency planning and to prepare yourself in case of an emergency. The ability to deal with any incident depends on good communication. The university is committed to informing the community of an emergency, disaster or potential disaster immediately upon determining the nature of the emergency. It is important, however, for you to take an active role in staying informed. Using the university's emergency notification system, the Emergency Management Team will notify the campus community of any confirmed emergency or dangerous situation that presents an immediate threat to the health or safety of the community. Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. Generated by cloudfront (CloudFront) Request ID: 1Nc4Q4I41mJjZAPnm3zoKPNuQJkjtJRW-uSzKir5R8souX4DWUEB6g== | |||||||||||||||||||||||||||
250-428 exam syllabus | 250-428 study help | 250-428 testing | 250-428 exam format | 250-428 exam contents | 250-428 thinking | 250-428 guide | 250-428 plan | 250-428 mock | 250-428 test | | |||||||||||||||||||||||||||
Killexams exam Simulator Killexams Questions and Answers Killexams Exams List Search Exams |