Online Access Free 250-441 Exam Questions

What should an Incident Responder do to mitigate a false positive?

• A.Add to Whitelist
• B.Submit to Cynic
• C.Submit to VirusTotal
• D.Run an indicators of compromise (IOC) search

Which two steps must an Incident Responder take to isolate an infected computer in ATP? (Choose two.)

• A.Close any open shares
• B.Create subnets or VLANs and configure the network devices to restrict traffic
• C.Identify affected clients
• D.Set executables on network drives as read only
• E.Identify the threat and understand how it spreads

An Incident Responder wants to investigate whether msscrt.pdf resides on any systems.
Which search query and type should the responder run?

• A.Endpoint search filename ="msscrt.pdf"
• B.Endpoint search filename like msscrt.pdf
• C.Database search msscrt.pdf
• D.Database search filename "msscrt.pdf"

How can an Incident Responder generate events for a site that was identified as malicious but has NOT triggered any events or incidents in ATP?

• A.Run an indicators of compromise (IOC) search in ATP manager.
• B.Assign a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).
• C.Add the site to a blacklist in ATP manager.
• D.Create a firewall rule in the Symantec Endpoint Protection Manager (SEPM) or perimeter firewall that blocks traffic to the domain.

Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?

• A.Discovery
• B.Incursion
• C.Exfiltration
• D.Capture