All About Precise 250-438 Brain Dumps

NEW QUESTION 1
Which two detection technology options ONLY run on a detection server? (Choose two.)

• A. Form Recognition
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Exact Data Matching (EDM)
• E. Vector Machine Learning (VML)

Answer: BD

Explanation:
Reference: https://support.symantec.com/en_US/article.INFO5070.html

NEW QUESTION 2
DRAG DROP
What is the correct installation sequence for the components shown here, according to the Symantec Installation Guide? Place the options in the correct installation sequence.
Select and Place:

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 3
How do Cloud Detection Service and the Enforce server communicate with each other?

• A. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 8100.
• B. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 443.
• C. Cloud Detection Service initiates communication with Enforce, which is expecting connections on port 1443.
• D. Enforce initiates communication with Cloud Detection Service, which is expecting connections on port 443.

Answer: D

NEW QUESTION 4
A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

• A. Change the “Ignore requests Smaller Than” value to 1
• B. Add the filename to the Inspect Content Type field
• C. Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”
• D. Uncheck trial mode under the ICAP tab

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/id-SF0B0161467_v120691346/Configuring-Network-Prevent-for-Web-Server?locale=EN_US

NEW QUESTION 5
What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

• A. Smart Response on the Incident page
• B. Automated Response on the Incident Snapshot page
• C. Smart Response on an Incident List report
• D. Automated Response on an Incident List report

Answer: B

NEW QUESTION 6
Which Network Prevent action takes place when the Network Incident list shows the message is “Modified”?

• A. Remove attachments from an email
• B. Obfuscate text in the body of an email
• C. Add one or more SMTP headers to an email
• D. Modify content from the body of an email

Answer: C

NEW QUESTION 7
Which two automated response rules will be active in policies that include Exact Data Matching (EDM) detection rule? (Choose two.)

• A. Endpoint Discover: Quarantine File
• B. All: Send Email Notification
• C. Endpoint Prevent: User Cancel
• D. Endpoint Prevent: Block
• E. Network Protect: Quarantine File

Answer: AD

NEW QUESTION 8
What detection server is used for Network Discover, Network Protect, and Cloud Storage?

• A. Network Protect Storage Discover
• B. Network Discover/Cloud Storage Discover
• C. Network Prevent/Cloud Detection Service
• D. Network Protect/Cloud Detection Service

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-Network-Discover-Cloud-Storage-Discover-Server-configuration?locale=EN_US

NEW QUESTION 9
Which option correctly describes the two-tier installation type for Symantec DLP?

• A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
• B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
• C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
• D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers

NEW QUESTION 10
What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

• A. Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller
• B. Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller
• C. Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.
• D. Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v23042736_v125428396/Stopping-an-Enforce-Server-on-Windows?locale=EN_US

NEW QUESTION 11
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked. What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

• A. Disable and re-enable the Endpoint Prevent policy to activate the changes
• B. Double-check that the correct device ID or class has been entered for each device
• C. Verify Application File Access Control (AFAC) is configured to monitor the specific application
• D. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

Answer: D

NEW QUESTION 12
A company needs to secure the content of all Mergers and Acquisitions Agreements However, the standard text included in all company literature needs to be excluded. How should the company ensure that this standard text is excluded from detection?

• A. Create a Whitelisted.txt file after creating the Vector Machine Learning (VML) profile.
• B. Create a Whitelisted.txt file after creating the Exact Data Matching (EDM) profile
• C. Create a Whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
• D. Create a Whitelisted.txt file before creating the Exact Data Matching (EDM) profile

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v27161240_v120691346/White-listing-file-contents-to-exclude-from-partial-matching?locale=EN_US

NEW QUESTION 13
Why is it important for an administrator to utilize the grid scan feature?

• A. To distribute the scan workload across multiple network discover servers
• B. To distribute the scan workload across the cloud servers
• C. To distribute the scan workload across multiple endpoint servers
• D. To distribute the scan workload across multiple detection servers

Answer: D

Explanation:
If you plan to use the grid scanning feature to distribute the scanning workload across multiple detection servers, retain the default value (1)

NEW QUESTION 14
Refer to the exhibit. Which type of Endpoint response rule is shown?

• A. Endpoint Prevent: User Notification
• B. Endpoint Prevent: Block
• C. Endpoint Prevent: Notify
• D. Endpoint Prevent: User Cancel

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v27595430_v120691346/Configuring-the-Endpoint-Prevent:-Block-action?locale=EN_US

NEW QUESTION 15
Which tool must a DLP administrator run to certify the database prior to upgrading DLP?

• A. Lob_Tablespace Reclamation Tool
• B. Upgrade Readiness Tool
• C. SymDiag
• D. EnforceMigrationUtility

Answer: B

Explanation:
Reference: https://support.symantec.com/en_US/article.DOC10667.html

NEW QUESTION 16
Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

• A. The OCR engine must be installed on detection server other than the Enforce server.
• B. The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.
• C. The OCR engine must be directly on the Enforce server.
• D. The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122760174_v120691346/Setting-up-OCR-Servers?locale=EN_US

NEW QUESTION 17
Where in the Enforce management console can a DLP administrator change the “UI.NO_SCAN.int” setting to disable the “Inspecting data” pop-up?

• A. Advanced Server Settings from the Endpoint Server Configuration
• B. Advanced Monitoring from the Agent Configuration
• C. Advanced Agent Settings from the Agent Configuration
• D. Application Monitoring from the Agent Configuration

Answer: C

Explanation:
Reference: https://www.symantec.com/connect/forums/dlp-pop-examining-content

NEW QUESTION 18
Which two detection technology options run on the DLP agent? (Choose two.)

• A. Optical Character Recognition (OCR)
• B. Described Content Matching (DCM)
• C. Directory Group Matching (DGM)
• D. Form Recognition
• E. Indexed Document Matching (IDM)

Answer: BE

NEW QUESTION 19
Which server target uses the “Automated Incident Remediation Tracking” feature in Symantec DLP?

• A. Exchange
• B. File System
• C. Lotus Notes
• D. SharePoint

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/DLP15.0/DLP/v83981880_v120691346/Troubleshooting-automated-incident-remediation-tracking?locale=EN_US

NEW QUESTION 20
What detection technology supports partial row matching?

• A. Vector Machine Learning (VML)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Exact Data Matching (EDM)

Answer: D

Explanation:
Reference: https://www.slideshare.net/iftikhariqbal/technology-overview-symantec-data-loss-prevention-dlp

NEW QUESTION 21
What detection server type requires a minimum of two physical network interface cards?

• A. Network Prevent for Web
• B. Network Prevent for Email
• C. Network Monitor
• D. Cloud Detection Service (CDS)

Answer: A

NEW QUESTION 22
Which option is an accurate use case for Information Centric Encryption (ICE)?

• A. The ICE utility encrypts files matching DLP policy being copied from network share through use of encryption keys.
• B. The ICE utility encrypts files matching DLP policy being copied to removable storage through use of encryption keys.
• C. The ICE utility encrypts files matching DLP policy being copied to removable storage on an endpoint use of certificates.
• D. The ICE utility encrypts files matching DLP policy being copied from network share through use of certificates

Answer: B

Explanation:
Reference: https://help.symantec.com/cs/ICE1.0/ICE/v126756321_v120576779/Using-ICE-with-Symantec-Data-Loss-Preventionabout_dlp?locale=EN_US

NEW QUESTION 23
Which channel does Endpoint Prevent protect using Device Control?

• A. Bluetooth
• B. USB storage
• C. CD/DVD
• D. Network card

Answer: B

Explanation:
Reference: https://support.symantec.com/en_US/article.HOWTO80865.html#v36651044

NEW QUESTION 24
Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

• A. An absence of a trained incident response team
• B. A disgruntled employee for a job with a competitor
• C. Merger and Acquisition activities
• D. Lack of training and awareness
• E. Broken business processes

Answer: BD

NEW QUESTION 25
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

• A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected.
• B. Modify the agent config.db to include the file
• C. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
• D. Modify the agent configuration and select the option “Retain Original Files”

Answer: A

NEW QUESTION 26
......