NEW QUESTION 1
A DLP administrator has performed a test deployment of the DLP 15.0 Endpoint agent and now wants to uninstall the agent. However, the administrator no longer remembers the uninstall password. What should the administrator do to work around the password problem?

• A. Apply a new global agent uninstall password in the Enforce management console.
• B. Manually delete all the Endpoint agent files from the test computer and install a new agent package.
• C. Replace the PGPsdk.dll file on the agent’s assigned Endpoint server with a copy from a different Endpoint server
• D. Use the UninstallPwdGenerator to create an UninstallPasswordKey.

Answer: D

NEW QUESTION 2
Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?

• A. Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.
• B. Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.
• C. Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.
• D. Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.

Answer: A

Explanation:
Reference: https://www.symantec.com/connect/articles/sslkeytool-utility-and-server-certificates

NEW QUESTION 3
An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.
Which detection method should the organization use to meet this requirement?

• A. Exact Data Matching (EDM)
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Vector Machine Learning (VML)

Answer: D

NEW QUESTION 4
Which statement accurately describes where Optical Character Recognition (OCR) components must be installed?

• A. The OCR engine must be installed on detection server other than the Enforce server.
• B. The OCR server software must be installed on one or more dedicated (non-detection) Linux servers.
• C. The OCR engine must be directly on the Enforce server.
• D. The OCR server software must be installed on one or more dedicated (non-detection) Windows servers.

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122760174_v120691346/Setting-up-OCR-Servers?locale=EN_US

NEW QUESTION 5
A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What does the DLP administrator need to configure to generate this report?

• A. Custom attributes
• B. Status attributes
• C. Sender attributes
• D. User attributes

Answer: A

NEW QUESTION 6
What is the correct order for data in motion when a customer has integrated their CloudSOC and DLP solutions?

• A. User > CloudSOC Gatelet > DLP Cloud Detection Service > Application
• B. User > Enforce > Application
• C. User > Enforce > CloudSOC > Application
• D. User > CloudSOC Gatelet > Enforce > Application

Answer: C

NEW QUESTION 7
Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

• A. Network Discover
• B. Cloud Service for Email
• C. Endpoint Prevent
• D. Network Protect

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v15600645_v125428396/Configuring-Network-Protect-for-file-shares?locale=EN_US

NEW QUESTION 8
What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

• A. Smart Response on the Incident page
• B. Automated Response on the Incident Snapshot page
• C. Smart Response on an Incident List report
• D. Automated Response on an Incident List report

Answer: B

NEW QUESTION 9
Why would an administrator set the Similarity Threshold to zero when testing and tuning a Vector Machine Learning (VML) profile?

• A. To capture the matches to the Positive set
• B. To capture the matches to the Negative set
• C. To see the false negatives only
• D. To see the entire range of potential matches

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v45067125_v120691346/Adjusting-the-Similarity-Threshold?locale=EN_US

NEW QUESTION 10
A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team. Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

• A. select database version from <database name>;
• B. select * from db$version;
• C. select * from v$version;
• D. select db$ver from <database name>;

Answer: C

Explanation:
Reference: https://www.symantec.com/connect/forums/new-install-oracle-returns-error

NEW QUESTION 11
A company needs to secure the content of all Mergers and Acquisitions Agreements However, the standard text included in all company literature needs to be excluded. How should the company ensure that this standard text is excluded from detection?

• A. Create a Whitelisted.txt file after creating the Vector Machine Learning (VML) profile.
• B. Create a Whitelisted.txt file after creating the Exact Data Matching (EDM) profile
• C. Create a Whitelisted.txt file before creating the Indexed Document Matching (IDM) profile
• D. Create a Whitelisted.txt file before creating the Exact Data Matching (EDM) profile

Answer: C

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v27161240_v120691346/White-listing-file-contents-to-exclude-from-partial-matching?locale=EN_US

NEW QUESTION 12
What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

• A. Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller
• B. Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller
• C. Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.
• D. Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v23042736_v125428396/Stopping-an-Enforce-Server-on-Windows?locale=EN_US

NEW QUESTION 13
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?

• A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected.
• B. Modify the agent config.db to include the file
• C. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
• D. Modify the agent configuration and select the option “Retain Original Files”

Answer: A

NEW QUESTION 14
A DLP administrator is checking the System Overview in the Enforce management console, and all of the detection servers are showing as “unknown”. The Vontu services are up and running on the detection servers. Thousands of .IDC files are building up in the Incidents directory on the detection servers. There is good network connectivity between the detection servers and the Enforce server when testing with the telnet command.
How should the administrator bring the detection servers to a running state in the Enforce management console?

• A. Restart the Vontu Update Service on the Enforce server
• B. Ensure the Vontu Monitor Controller service is running in the Enforce server
• C. Delete all of the .BAD files in the Incidents folder on the Enforce server
• D. Restart the Vontu Monitor Service on all the affected detection servers

Answer: B

NEW QUESTION 15
Which option correctly describes the two-tier installation type for Symantec DLP?

• A. Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.
• B. Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.
• C. Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.
• D. Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Answer: D

Explanation:
Reference: https://www.symantec.com/connect/forums/deployment-enforce-and-detection-servers

NEW QUESTION 16
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?

• A. There is insufficient disk space on the Network Monitor server.
• B. The Network Monitor server’s certificate is corrupt or missing.
• C. The Network Monitor server’s license file has expired.
• D. The Enforce and Network Monitor servers are running different versions of DLP.

Answer: D

NEW QUESTION 17
Which two factors are common sources of data leakage where the main actor is well-meaning insider? (Choose two.)

• A. An absence of a trained incident response team
• B. A disgruntled employee for a job with a competitor
• C. Merger and Acquisition activities
• D. Lack of training and awareness
• E. Broken business processes

Answer: BD

NEW QUESTION 18
What are two reasons an administrator should utilize a manual configuration to determine the endpoint location? (Choose two.)

• A. To specify Wi-Fi SSID names
• B. To specify an IP address or range
• C. To specify the endpoint server
• D. To specify domain names
• E. To specify network card status (ON/OFF)

Answer: BD

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v18349332_v125428396/Setting-the-endpoint-location?locale=EN_US

NEW QUESTION 19
Which detection server is available from Symantec as a hardware appliance?

• A. Network Prevent for Email
• B. Network Discover
• C. Network Monitor
• D. Network Prevent for Web

Answer: D

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v122938258_v120691346/Setting-up-the-DLP-S500-Appliance?locale=EN_US

NEW QUESTION 20
A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported. What should the administrator do to allow incidents to be generated against this file?

• A. Change the “Ignore requests Smaller Than” value to 1
• B. Add the filename to the Inspect Content Type field
• C. Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”
• D. Uncheck trial mode under the ICAP tab

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.0/DLP/id-SF0B0161467_v120691346/Configuring-Network-Prevent-for-Web-Server?locale=EN_US

NEW QUESTION 21
What detection technology supports partial contents matching?

• A. Indexed Document Matching (IDM)
• B. Described Content Matching (DCM)
• C. Exact Data Matching (EDM)
• D. Optical Character Recognition (OCR)

Answer: A

Explanation:
Reference: https://help.symantec.com/cs/dlp15.1/DLP/v115965297_v125428396/Mac-agent-detection-technologies?locale=EN_US

NEW QUESTION 22
Where should an administrator set the debug levels for an Endpoint Agent?

• A. Setting the log level within the Agent List
• B. Advanced configuration within the Agent settings
• C. Setting the log level within the Agent Overview
• D. Advanced server settings within the Endpoint server

Answer: C

Explanation:
Reference: https://support.symantec.com/en_US/article.TECH248581.html

NEW QUESTION 23
Which two detection technology options ONLY run on a detection server? (Choose two.)

• A. Form Recognition
• B. Indexed Document Matching (IDM)
• C. Described Content Matching (DCM)
• D. Exact Data Matching (EDM)
• E. Vector Machine Learning (VML)

Answer: BD

Explanation:
Reference: https://support.symantec.com/en_US/article.INFO5070.html

NEW QUESTION 24
......