Symantec Endpoint Protection 14.x Admin R2 Technical Specialist (250-605) Free Practice Test

Question 1

What role does the Incident Timeline play in SEDR incident reporting?

A. It highlights outdated security definitions

B. It shows daily SEP policy compliance

C. It displays network performance over time

D. It provides a chronological view of all related threat events

Correct Answer: D

Question 2

When configuring client-server communication, which two configurations impact the responsiveness of SEP clients to administrative actions?
(Choose two)
Response:

A. Restart time of Windows Defender

B. Client heartbeat interval

C. SEPM domain name resolution

D. Push mode versus Pull mode communication

Correct Answer: B,D

Question 3

What are two ways to monitor applied Security Exceptions in a SEP environment?

A. Analyze Risk Logs for detection that was bypassed

B. Review Control logs in SEPM for blocked USB access

C. Use Reports in SEPM to generate an Exceptions Summary

D. Check the Client tab under Policy Components for exception visibility

Correct Answer: A,C

Question 4

When defining a Security Exception in SEPM, which action must be taken to ensure the exclusion is applied across multiple SEP groups?

A. Restart SEPM and all client services

B. Assign the policy to each group individually

C. Export the policy and import it into each group

D. Reboot all endpoints

Correct Answer: B

Question 5

What does the "Isolate Endpoint" response action in SEDR do?

A. It quarantines the user session

B. It uninstalls all SEP components

C. It stops all ongoing SEP scans

D. It prevents the endpoint from communicating with the network except to SEPM

Correct Answer: D

Question 6

Which two capabilities are offered by SEDR when performing endpoint threat investigations?
(Choose two)

A. Export of endpoint evidence to external SIEM tools

B. Timeline generation of threat-related events

C. User interface-based scan scheduling

D. Real-time process injection prevention

Correct Answer: A,B

Question 7

What must be done before a client can function as a Group Update Provider?

A. Add the client IP to the Symantec firewall rule set

B. Promote the client to a domain controller

C. Install the LiveUpdate Administrator (LUA) service on the client

D. Configure the client as a GUP in the LiveUpdate policy

Correct Answer: D

Question 8

What is the primary business objective of integrating Symantec Endpoint Detection and Response (SEDR) into an enterprise security environment?

A. To centralize data backup and disaster recovery

B. To manage endpoint licenses across domains

C. To detect, investigate, and respond to advanced persistent threats

D. To automate system patching across remote clients

Correct Answer: C

Question 9

What must be true for Memory Exploit Mitigation to provide protection on SEP clients?

A. The client must be in an unmanaged mode

B. Compatible applications must be running and the feature enabled in policy

C. The exploit protection must be added via command line switches

D. The client must be restarted every 24 hours

Correct Answer: B

Question 10

When monitoring location-based activity, what can administrators use in SEPM?
(Choose two)

A. Reports showing the active location of each client

B. Client logs to review triggered location switches

C. Policy Components tab to view real-time logs

D. Control Logs to verify device usage

Correct Answer: A,B

Welcome to TestSimulate

Symantec Endpoint Protection 14.x Admin R2 Technical Specialist (250-605) Free Practice Test