Which SEP technologies are used by ATP to enforce the blacklisting of files?

A. Application and Device Control

B. SONAR and Bloodhound

C. System Lockdown and Download Insight

D. Intrusion Prevention and Browser Intrusion Prevention

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

A. Rejoin healthy endpoints back to the network

B. Blacklist any suspicious files found in the environment

C. Submit any suspicious files to Cynic

D. Isolate infected endpoints to a quarantine network

E. Delete threat artifacts from the environment

Which threat is an example of an Advanced Persistent Threat (APT)?

A. Loyphish

B. Aurora

C. ZeroAccess

D. Michelangelo

Which two widgets can an Incident Responder use to isolate breached endpoints from the Incident details page? (Choose two.)

A. Affected Endpoints

B. Dashboard

C. Incident Graph

D. Events View

E. Actions Bar

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

A. Close any open shares

B. Identify the threat and understand how it spreads

C. Create subnets or VLANs and configure the network devices to restrict traffic

D. Set executables on network drives as read only

E. Identify affected clients

An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants to use operators in the expression.

Which tokens accept one or more of the available operators when building an expression?

A. All tokens

B. Domainname, Filename, and Filehash

C. Filename, Filehash, and Registry

D. Domainname and Filename only

An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command.

How is it possible that the search returned results?

A. The search runs and returns results in ATP and then displays them in SEPM.

B. This is only an endpoint search.

C. This is a database search; a command is NOT sent to SEPM for this type of search.

D. The browser cached result from a previous search with the same criteria.

What are the prerequisite products needed when deploying ATP: Endpoint, Network, and Email?

A. SEP and Symantec Messaging Gateway

B. SEP, Symantec Email Security.cloud, and Security Information and Event Management (SIEM)

C. SEP and Symantec Email Security.cloud

D. SEP, Symantec Messaging Gateway, and Symantec Email Security.cloud

Which access credentials does an ATP Administrator need to set up a deployment of ATP: Endpoint, Network, and Email?

A. Email Security.cloud credentials for email correlation, credentials for the Symantec Endpoint Protection Manager (SEPM) database, and a System Administrator login for the SEPM

B. Active Directory login to the Symantec Endpoint Protection Manager (SEPM) database, and an Email Security.cloud login with full access

C. Symantec Endpoint Protection Manager (SEPM) login and ATP: Email login with service permissions

D. Credentials for the Symantec Endpoint Protection Manager (SEPM) database, and an administrator login for Symantec Messaging Gateway

Which level of privilege corresponds to each ATP account type? Match the correct account type to the corresponding privileges.

Select and Place: