250-438 Free Questions – Administration of Symantec Data Loss Prevention 15

1. How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

2. What is the correct configuration for “BoxMonitor.Channels”that will allow the server to start as a Network Monitor server?

3. Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.

What is a possible cause for the Network Monitor server being in this state?

4. Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)

5. A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.

What is the probable reason that the User Risk Summary report is blank?

6. How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitoring by Application File Access Control?

7. A software company wants to protect its source code, including new source code created between scheduled indexing runs.

Which detection method should the company use to meet this requirement?

8. What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

9. What detection server is used for Network Discover, Network Protect, and Cloud Storage?

10. Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?