Practical of 250-438 exam fees materials and testing material for Symantec certification for consumer, Real Success Guaranteed with Updated 250-438 pdf dumps vce Materials. 100% PASS Administration of Symantec Data Loss Prevention 15 exam Today!
Online Symantec 250-438 free dumps demo Below:
NEW QUESTION 1
Which two technologies should an organization utilize for integration with the Network Prevent products? (choose two.)
- A. Network Tap
- B. Network Firewall
- C. Proxy Server
- D. Mail Transfer Agent
- E. Encryption Appliance
Answer: CD
Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent
NEW QUESTION 2
Which service encrypts the message when using a Modify SMTP Message response rule?
- A. Network Monitor server
- B. SMTP Prevent
- C. Enforce server
- D. Encryption Gateway
Answer: D
Explanation:
Reference: https://www.symantec.com/connect/articles/network-prevent
NEW QUESTION 3
An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.
Which detection method should the organization use to meet this requirement?
- A. Exact Data Matching (EDM)
- B. Indexed Document Matching (IDM)
- C. Described Content Matching (DCM)
- D. Vector Machine Learning (VML)
Answer: D
NEW QUESTION 4
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?
- A. Apply a new global agent uninstall password in the Enforce management console.
- B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.
- C. Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server
- D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.
Answer: D
NEW QUESTION 5
What detection technology supports partial row matching?
- A. Vector Machine Learning (VML)
- B. Indexed Document Matching (IDM)
- C. Described Content Matching (DCM)
- D. Exact Data Matching (EDM)
Answer: D
Explanation:
Reference: https://www.slideshare.net/iftikhariqbal/technology-overview-symantec-data-loss-prevention-dlp
NEW QUESTION 6
Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?
- A. Network Discover
- B. Cloud Service for Email
- C. Endpoint Prevent
- D. Network Protect
Answer: D
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v15600645_v125428396/Configuring-Network-Protect-for-file-shares?locale=EN_US
NEW QUESTION 7
What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?
- A. Smart Response on the Incident page
- B. Automated Response on the Incident Snapshot page
- C. Smart Response on an Incident List report
- D. Automated Response on an Incident List report
Answer: B
NEW QUESTION 8
A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.
How should the administrator bring the detection servers to a running state in the Enforce management console?
- A. Restart the Vontu Update Service on the Enforce server
- B. Ensure the Vontu Monitor Controller service is running in the Enforce server
- C. Delete all of the .BAD files in the Incidents folder on the Enforce server
- D. Restart the Vontu Monitor Service on all the affected detection servers
Answer: B
NEW QUESTION 9
Which channel does Endpoint Prevent protect using Device Control?
- A. Bluetooth
- B. USB storage
- C. CD/DVD
- D. Network card
Answer: B
Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO80865.html#v36651044
NEW QUESTION 10
A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. What are the processes missing from the Server Detail page display?
- A. The Display Process Control setting on the Advanced Settings page is disabled.
- B. The Advanced Process Control setting on the System Settings page is deselected.
- C. The detection server Display Control Process option is disabled on the Server Detail page.
- D. The detection server PacketCapture process is displayed on the Server Overview page.
Answer: B
Explanation:
Reference: https://support.symantec.com/content/unifiedweb/en_US/article.TECH220250.html
NEW QUESTION 11
What detection technology supports partial contents matching?
- A. Indexed Document Matching (IDM)
- B. Described Content Matching (DCM)
- C. Exact Data Matching (EDM)
- D. Optical Character Recognition (OCR)
Answer: A
Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US
NEW QUESTION 12
A company needs to implement Data Owner Exception so that incidents are avoided when employees send or receive their own personal information.
What detection method should the company use?
- A. Indexed Document Matching (IDM)
- B. Vector Machine Learning (VML)
- C. Exact Data Matching (EDM)
- D. Described Content Matching (DCM)
Answer: C
Explanation:
Reference: https://help.symantec.com/cs/dlp15.5/DLP/v40148006_v128674454/About-Data-Owner-Exception?locale=EN_US
NEW QUESTION 13
A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should be compliance officer generate to obtain the compliance information?
- A. Policy report, filtered on date and summarized by policy
- B. Policy Trend report, summarized by policy, then quarter
- C. Policy report, filtered on quarter and summarized by policy
- D. Policy Trend report, summarized by policy, then severity
Answer: A
NEW QUESTION 14
A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?
- A. Change the “Ignore requests Smaller Than” value to 1
- B. Add the filename to the Inspect Content Type field
- C. Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”
- D. Uncheck trial mode under the ICAP tab
Answer: A
Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/id-SF0B0161467_v120691346/Configuring-Network-Prevent-for-Web-Server?locale=EN_US
NEW QUESTION 15
A DLP administrator is attempting to add a new Network Discover detection server from the Enforce management console. However, the only available options are Network Monitor and Endpoint servers. What should the administrator do to make the Network Discover option available?
- A. Restart the Symantec DLP Controller service
- B. Apply a new software license file from the Enforce console
- C. Install a new Network Discover detection server
- D. Restart the Vontu Monitor Service
Answer: C
NEW QUESTION 16
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked. What is the first action an administrator should take to enable data transfers to the approved endpoint devices?
- A. Disable and re-enable the Endpoint Prevent policy to activate the changes
- B. Double-check that the correct device ID or class has been entered for each device
- C. Verify Application File Access Control (AFAC) is configured to monitor the specific application
- D. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”
Answer: D
NEW QUESTION 17
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
- A. Only DLP administrators are permitted to access and view data for high risk users.
- B. The Enforce server has insufficient permissions for importing user attributes.
- C. User attribute data must be configured separately from incident data attributes.
- D. User attributes have been incorrectly mapped to Active Directory accounts.
Answer: D
NEW QUESTION 18
Which option correctly describes the two-tier installation type for Symantec DLP?
- A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
- B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
- C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
- D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.
Answer: D
Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers
NEW QUESTION 19
What is required on the Enforce server to communicate with the Symantec DLP database?
- A. Port 8082 should be opened
- B. CryptoMasterKey.properties file
- C. Symbolic links to .dbf files
- D. SQL*Plus Client
Answer: D
Explanation:
Reference: https://www.symantec.com/connect/articles/three-tier-installation-dlp-product
NEW QUESTION 20
A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards.
Which feature should a third party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?
- A. Export incidents using the CSV format
- B. Incident Reporting and Update API
- C. Incident Data Views
- D. A Web incident extraction report
Answer: B
NEW QUESTION 21
How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?
- A. Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.
- B. Add “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.
- C. Add “custom_app_.exe” as a filename exception to the Endpoint Prevent policy.
- D. Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.
Answer: A
Explanation:
Reference: https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page/GUID-0F81A895-0A46-4FF8-A869-0365D6620215.html
NEW QUESTION 22
What detection server is used for Network Discover, Network Protect, and Cloud Storage?
- A. Network Protect Storage Discover
- B. Network Discover/Cloud Storage Discover
- C. Network Prevent/Cloud Detection Service
- D. Network Protect/Cloud Detection Service
Answer: B
Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-Network-Discover-Cloud-Storage-Discover-Server-configuration?locale=EN_US
NEW QUESTION 23
......
P.S. Easily pass 250-438 Exam with 70 Q&As Thedumpscentre.com Dumps & pdf Version, Welcome to Download the Newest Thedumpscentre.com 250-438 Dumps: https://www.thedumpscentre.com/250-438-dumps/ (70 New Questions)