An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)

A. To have less raw data to analyze

B. To evaluate the data, including information from other systems

C. To access expanded historical data

D. To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)

E. To determine the best cleanup method

Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)

A. Database version

B. Database IP address

C. Database domain name

D. Database hostname

E. Database name

Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?

A. Reports

B. Settings

C. Action Manager

D. Policies

Which two tasks should an Incident Responder complete when recovering from an incident? (Choose two.)

A. Rejoin healthy endpoints back to the network

B. Blacklist any suspicious files found in the environment

C. Submit any suspicious files to Cynic

D. Isolate infected endpoints to a quarantine network

E. Delete threat artifacts from the environment

An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode.

What should the Incident Responder do to stop the traffic to the IRC channel?

A. Isolate the endpoint with a Quarantine Firewall policy

B. Blacklist the IRC channel IP

C. Blacklist the endpoint IP

D. Isolate the endpoint with an application control policy

An ATP Administrator has deployed ATP: Network, Endpoint, and Email and now wants to ensure that all connections are properly secured.

Which connections should the administrator secure with signed SSL certificates?

A. ATP and the Symantec Endpoint Protection Manager (SEPM) ATP and SEP clients Web access to the GUI

B. ATP and the Symantec Endpoint Protection Manager (SEPM) ATP and SEP clients ATP and Email Security.cloud Web access to the GUI

C. ATP and the Symantec Endpoint Protection Manager (SEPM)

D. ATP and the Symantec Endpoint Protection Manager (SEPM) Web access to the GUI

Which stage of an Advanced Persistent Threat (APT) attack do attackers send information back to the home base?

A. Capture

B. Incursion

C. Discovery

D. Exfiltration

Refer to the exhibit. An Incident Responder wants to see what was detected on a specific day by the IPS engine.

Which item must the responder choose from the drop-down menu?

A. Insight

B. Cynic

C. Vantage

D. Blacklist

In which scenario would it be beneficial for an organization to eradicate a threat from the environment by deleting it?

A. The Incident Response team is identifying the scope of the infection and is gathering a list of infected systems.

B. The Incident Response team is reviewing detections in the risk logs and assigning a High-Security Antivirus and Antispyware policy in the Symantec Endpoint Protection Manager (SEPM).

C. The Incident Response team completed their analysis of the threat and added it to a blacklist.

D. The Incident Response team is analyzing the file to determine if it is a threat or a false positive.

Which level of privilege corresponds to each ATP account type? Match the correct account type to the corresponding privileges.

Select and Place: