Term
| How can Discover scans be optimized in the future, once a full scan has been performed? |
|
Definition
| Use an incremental scan to only include previously unscanned or recently changed items |
|
|
Term
| Which two products in the Symantec DLP Suite are required to quarantine confidential files inappropriately on a NAS share? |
|
Definition
| Network Discover and Network Protect |
|
|
Term
| What two types of products are leveraged for Network Prevent Integration? |
|
Definition
| Mail Transfer Agent and Web Proxy Server |
|
|
Term
| How can you exclude specific text from an Indexed Document Matching (IDM) profile? |
|
Definition
| Create a whitelisted.txt file before creating the IDM profile |
|
|
Term
| An organization needs to determine if anyone other than the CEO is e-mailing PDF documents that contain the phrase "Revenue Operating Report". How many rules and exceptions must be created to write this policy with the fewest possible false positives? |
|
Definition
| One rule with two conditions and one user exception |
|
|
Term
| How can you determine if a certain percentage or more of a sensitive document is leaving an organization? |
|
Definition
| Using minimum document exposure |
|
|
Term
| How can you make a policy detect a group of users based on Active Directory group membership? |
|
Definition
| Using "Sender/receiver matches Group based on Directory Server Group". |
|
|
Term
| A company is using an EDM profile that is updated weekly, but customers are added daily. What type of rule will protect the new customers until the profile is updated? |
|
Definition
| A separate rule that uses Data Identifiers |
|
|
Term
| Where does a Data Loss Prevention Administrator recycle the File Reader process on a detection server? |
|
Definition
|
|
Term
| Where can a Data Loss Prevention Administrator view the number of messages per protocol that have been monitored for a given time period? |
|
Definition
|
|
Term
| An administrator has received the system event: "Table space is almost full." How should the administrator resolve the issue? |
|
Definition
| Create additional table space for the Oracle database |
|
|
Term
| Which feature allows the sending of reports, based on groups of incidents associated to individuals, on an automated schedule? |
|
Definition
|
|
Term
| According to Symantec's risk reduction model, which type of detection should be used during the Baseline phase? |
|
Definition
|
|
Term
| According to Symantec's risk reduction model, what is noticed during the notification phase of risk reduction? |
|
Definition
| A significant decrease in the number of incidents |
|
|
Term
| According to Symantec's risk reduction model, what are the four phases, in order? |
|
Definition
| Baseline, Remediation, Notification, Prevention/Protection |
|
|
Term
| When and how is the license for Symantec DLP 11 applied during installation? |
|
Definition
| By uploading the license file when prompted by the installer |
|
|
Term
| How should reports be configured in the system for secure distribution ? |
|
Definition
|
|
Term
| What is the maximum number of port lets can be used in a dashboard? |
|
Definition
|
|
Term
| If the Network Monitor is discarding an increasing number of packets throughout the day, what change should be made to reduce the number of discarded packets? |
|
Definition
| Uncheck unnecessary protocols from the Monitor configuration page |
|
|
Term
| Which feature will allow an incident responder to begin to determine where an attachment has created other violations? |
|
Definition
|
|
Term
| Where can the list of Keyword validators included with a Data Identifier be found? |
|
Definition
| User Interface - Edit Policy > Edit Rule > More Info |
|
|
Term
| When doing a DAR scan, where can you find details such as the total run time of the scan and the number of errors encountered? |
|
Definition
|
|
Term
| What are the two primary benefits of the data owner remediation process? |
|
Definition
| Batch notification for incident remediation, and automated scheduled notification for the owner |
|
|
Term
| Under incident actions, if the lookup attributes option is missing, what section in the Plugins.properties file is misconfigured? |
|
Definition
| Plugin Execution chain is undefined. |
|
|
Term
| In which two ways can the listening port for a detection server be modified? |
|
Definition
| In the Enforce UI under System > Overview, and by editing the Communication.properties file on the detection server |
|
|
Term
What two activities are included in the
Remediation phase of Symantec's risk reduction model? |
|
Definition
| Business Unit Interviews and fixing broken business processes |
|
|
Term
| What action must a Data Loss Prevention Analyst take after modifying protocol filters? |
|
Definition
| recycle Vontu services on any Network Monitor using the affected protocols |
|
|
Term
| When will a file be duplicated during an Endpoint Discover scan? |
|
Definition
| When a file is quarantined |
|
|
Term
| When implementing Network Monitor in an Enterprise environment, which should be implemented first, outbound or inbound traffic? |
|
Definition
|
|
Term
| Which Data Loss Prevention feature can prevent an unauthorized tool from accessing confidential data? |
|
Definition
|
|
Term
| Define a Symantec DLP three tier installation. |
|
Definition
| The Oracle Database, Enforce server, and a detection server all installed on separate machines. |
|
|
Term
| Which detection server has the ability to block FTP upload requests? |
|
Definition
|
|
Term
| For greater accuracy, what is the minimum recommended number of columns in a data source for use in an EDM profile? |
|
Definition
|
|
Term
| Which Symantec DLP product can replace a confidential document with a marker file explaining why the document was removed? |
|
Definition
|
|
Term
| Which detection method is used for fingerprinting and protecting unstructured data, such as merger and acquisition documents? |
|
Definition
|
|
Term
| What two methods are available to notify users when SMTP e-mails are blocked by SMTP Prevent? |
|
Definition
| MTA generated delivery status notification and Symantec Response Rule generated notification |
|
|
Term
| When installing an Endpoint Server, at what point does it register with the Enforce Server? |
|
Definition
| After adding the server from within the Enforce interface |
|
|
Term
| What are the five steps, in order, of the Symantec Data Loss Prevention policy lifecycle? |
|
Definition
| identify threat, build policy, test policy, tune policy, deploy policy |
|
|
Term
| When should Network Discover Scanners be used? |
|
Definition
| To scan data repositories that require special access methods to be readable |
|
|
Term
| Name two ways of collecting log information from Enforce Servers. |
|
Definition
| Use the log collection and configuration tool, and navigate manually to the log directory of the Enforce Server installation |
|
|
Term
| Which two conditions can be specified when creating an incident access condition in a role? |
|
Definition
| A custom attribute, and a policy group |
|
|
Term
| If a scanner fails to return results upon completion of the scan process. Which file should be removed to eliminate previous scan issues? |
|
Definition
|
|
Term
| How do you retrieve Agent logs from the Enforce Server? |
|
Definition
| Use the pull logs agent task |
|
|
Term
| How are logs copied to the Enforce Server? |
|
Definition
| Using the Log Collection tool |
|
|
Term
| When adding an application for Application Monitoring, which field provides the option to verify the information that has been entered? |
|
Definition
|
|
Term
| When an administrator manually indexes an Exact Data Match profile through the GUI, which log file should be checked for error messages? |
|
Definition
|
|
Term
| Which response rule condition allows a policy manager to configure an Automated Response rule to execute while a user is traveling? |
|
Definition
|
|
Term
| What can cause an increase in DLP agent footprint? |
|
Definition
|
|
Term
| Which incidents will appear when the Network Prevent Action is set to Modified? |
|
Definition
| Incidents in which an SMTP/HTTP incident was changed |
|
|
Term
| If Endpoint Prevent and Endpoint Discover are competing for resources on an endpoint computer, how does the system resolve the conflict? |
|
Definition
| Endpoint Discover pauses any scans if resources are needed. |
|
|
Term
| Will the agent status remain green an the Agents Events page while the machine is shut down? |
|
Definition
|
|
Term
| What can be used to identify a prioritized exposure score for file shares? |
|
Definition
|
|
Term
| What should be used to exclude all messages sent to a specific domain across all policies? |
|
Definition
|
|
Term
| Which file needs to be edited to increase the log level for the Vontu Monitor service? |
|
Definition
| \\Vontu\Protect\config\VontuMonitor.conf |
|
|
Term
| What is the benefit of using Flex Response for Network Discover? |
|
Definition
| Customizable incident remediation actions can be manually executed |
|
|
Term
| What is the function of the Remote Indexer? |
|
Definition
| To create EDM profiles on a remote server |
|
|
Term
| Which setting allows a user to stop the file reader process from the user interface? |
|
Definition
|
|
Term
| Which incident severity level should be set as the default? |
|
Definition
| The lowest level the policy writer wants to assign |
|
|
Term
| Which product enables an incident responder to identify who has access to a confidential files on a public share? |
|
Definition
|
|
Term
| Which two requirements must be met in order to successfully use Network Monitor on a Windows based Detection Server? |
|
Definition
| WinPCAP must be installed on the system and there must be two network interfaces must be available |
|
|
Term
| Which report will allow you view the risk for users? |
|
Definition
|
|
Term
| What should be used to detect existing source code information for a customer? |
|
Definition
|
|
Term
| Which two database versions are supported by Symantec DLP 11? |
|
Definition
| Oracle 10g and Oracle 11g |
|
|
Term
| Which Vontu service is responsible for starting and controlling the user interface? |
|
Definition
|
|
Term
| Where can a Data Loss Prevention administrator configure the throttling option for a DLP agent? |
|
Definition
| Agent Configuration Section |
|
|
Term
| Which product must run on a physical server? |
|
Definition
|
|
Term
| How does a Data Loss Prevention administrator verify the health of a Network Monitor server? |
|
Definition
| By checking Incident Queue and Message Wait Time on the System Overview page |
|
|
Term
| What is the default result when importing a policy template? |
|
Definition
| The template will be listed under Imported Templates |
|
|
Term
| Which command line utility will generate custom authentication keys to improve the security of the data that is transmitted between the Enforce server and detection servers? |
|
Definition
|
|
Term
| Which two options can an incident responder select when deleting incidents? |
|
Definition
| Delete the incident completely or delete the original message and retain the incident |
|
|
Term
| In which two places in the user interface are Smart Response rules invoked? |
|
Definition
| incident list reports, Incident Snapshot reports |
|
|
Term
| Which three file types should be excluded from initial scans according to Symantec best practices? |
|
Definition
|
|
Term
| Which two components can perform a scan of a workstation? |
|
Definition
| DLP Agents and a Discover Server |
|
|
Term
| How can an administrator validate that once a policy is updated and saved it has been enabled on a specific detection server? |
|
Definition
| Check to see whether the policy was loaded under System > Servers > Events |
|
|
Term
| If a Discover Scanner is unable to communicate back to the Discover Server, where will the files be stored? |
|
Definition
| Scanner's outgoing folder |
|
|
Term
| Which two remediation actions are available for Network Protect? |
|
Definition
|
|
Term
| Which Network Discover option is used to determine whether confidential data exists without having to scan the entire target? |
|
Definition
|
|
Term
| A Data Loss Prevention administrator notices that several errors occurred during a Network Discover scan. Which report can the administrator use to determine exactly which errors occured and when? |
|
Definition
| Full Activity report for that particular scan |
|
|
Term
| What must a policy manager do when working with Exact Data Matching indexes if the source data schema changes? |
|
Definition
| Create a new data profile |
|
|
Term
| Which two policy management actions can result in a reduced number of incidents for a given traffic flow? |
|
Definition
| Adding data owner exceptions, increasing condition match counts |
|
|
Term
| What will allow keyword pairs to be evaluated independently? |
|
Definition
| Keyword Proximity Matching |
|
|
Term
| What must be configured on a user's role in order for incident history to be included in a report? |
|
Definition
|
|
Term
| If DLP is configured to use Active Directory Authentication, how should the user log into the interface in the sysadmin role? |
|
Definition
|
|
Term
| Which product includes support for the Citrix Xenapp virtualization platform? |
|
Definition
|
|
Term
| Where should the Network Discover server be placed in a corporate network architecture? |
|
Definition
| Inside the corporate network |
|
|
Term
| Which DLP Agent task is unique to the Symantec Management Platform and is unavailable through the Enforce console? |
|
Definition
|
|
Term
| If you want to have a report of all incidents generated by a particular region, summarized by department,what must be populated? |
|
Definition
|
|
Term
| What will allow someone to see how a company is complying with policies over time? |
|
Definition
| Policy trend report, summarized by policy, then by quarter |
|
|
Term
| Which Network incident report shows where employees are most often sending e-mails in violation of policies? |
|
Definition
|
|
Term
| When reviewing an SMTP incident snapshot, which reporting feature would a Data Loss Prevention administrator use to quickly find recent incidents with the same subject and sender? |
|
Definition
|
|
Term
| When deploying the Symantec DLP 12 solution to multiple servers, which mix of Operating Systems is supported? |
|
Definition
| Any mix of supported Linux and Windows Operating Systems is allowed. 32 bit servers are no longer supported as of the 12.0 release |
|
|
Term
| How is a policy applied to Network Discover scans? |
|
Definition
| by assigning policy groups to the scan target |
|
|
Term
| On which protocols does Symantec DLP 11 use port-based protocol recognition? |
|
Definition
| user-defined TCP protocols |
|
|
Term
| Which Oracle utility can be run from the Enforce server to test connectivity between Enforce and the Oracle database? |
|
Definition
|
|
Term
| Which software components need to be deployed in order to use native Sharepoint scanning available in Symantec DLP 11? |
|
Definition
| Network Discover DLP Solution installed on a Share Point WFE (Web Front End) server |
|
|
Term
| Which application or destination is selected for endpoint monitoring by default? |
|
Definition
|
|
Term
| What should a Data Loss Prevention administrator do when the license file expires? |
|
Definition
| Reference a new file on the System Settings page |
|
|
Term
| Which command line diagnostic tool will give the Data Loss Prevention administrator the OS versions for all detection servers? |
|
Definition
| Environment Check Utility |
|
|
Term
| Which feature enables data extraction with incident data from the Enforce Platform based on report ID? |
|
Definition
|
|
Term
| Which Network Monitor Operating System can handle a minimum of 500Mbps of outbound network traffic with native packet capture? |
|
Definition
|
|
Term
| Which server encrypts the message when using a Modify SMTP Message response rule? |
|
Definition
|
|
Term
| To which file system folder does PAcket Capture write reconstructed SMTP messages? |
|
Definition
|
|
Term
| Which tool is provided by default to edit a database on an endpoint? |
|
Definition
|
|
Term
| What is the purpose of the cg.ead endpoint database? |
|
Definition
| To tune and change debugging levels |
|
|
Term
| Why would all of the processes be missing from the Server Detail display? |
|
Definition
| The Advanced Process Control setting on the System Settings page has been deselected |
|
|
Term
| Which Symantec Data Loss Prevention components can be deployed in a hosted service provider? |
|
Definition
| Network Prevent for web and e-mail |
|
|
Term
| Which two detection condition types match on all Envelope, Subject, Body, and Attachments components? |
|
Definition
| Keyword and Data Identifier |
|
|
Term
| In addition to creating an Automated Response Rule, what action must a policy manager take for the rule to execute? |
|
Definition
| Add the response rule to the appropriate policy |
|
|
Term
| Which Detection Server requires two physical network interface cards? |
|
Definition
|
|
Term
| When configuring endpoint agents, what does the File Recovery Area location setting determine? |
|
Definition
| The temporary backup location of blocked files |
|
|
Term
| According to Symantec's four phases of risk reduction model, what should occur during the baselining phase? |
|
Definition
| Monitor incidents and tune the policy to reduce false positives |
|
|
Term
| What does Network Monitor use to identify SMTP network traffic going to a non standard port? |
|
Definition
|
|
Term
| A client needs to create a custom role that limits a user to incidents generated by a single policy group. Which role configuration tab is used to configure this function? |
|
Definition
|
|
Term
| Which feature moves confidential data to a secure location when scanning endpoint targets? |
|
Definition
|
|
Term
| Which two functions does Data Owner Exception provide? |
|
Definition
| Allows data owners to send and receive their own data, prevents confidential from being sent to the wrong recipient |
|
|
Term
| When manually installing an endpoint agent, how can you hide the agent from registering itself in the Windows Control Panel? |
|
Definition
| add ARPSYSTEMCOMPONENT="1" to the installer batch file |
|
|
Term
| Which Symantec Data Loss Prevention service should be started first on the Enforce Server? |
|
Definition
|
|
Term
| What is the correct utility for generating new certificates used for securing communication between the Enforce and detection servers? |
|
Definition
|
|
Term
| Which file on the endpoint machine stores messages that are temporarily cached when using two-tier policies such as IDM and EDM? |
|
Definition
|
|
Term
| A policy implemented to block sensitive information from being posted to Facebook generates incidents but allows the content to be posted. What should be done to resolve this issue? |
|
Definition
|
|
Term
| An Endpoint Prevent Notify response rule is defined in Korean, English, and Chinese (in that order). Which pop-up language will a user in the Japanese Windows locale user see? |
|
Definition
|
|
Term
| Which four currently supported ICAP proxies can Web Prevent work with to inspect and block content? |
|
Definition
| Bluecoat, McAfee, Cisco Ironport/Scan Safe, and Websense |
|
|
Term
| Which functionality must a Mail Transfer Agent (MTA) have in order to integrate with an E-mail Prevent Server? |
|
Definition
| The MTA is strict ESMTP compliant |
|
|
Term
| An approved endpoint device has been added as an exception to a policy that blocks the transfer of sensitive data. Data transfers to this approved device is still being blocked, how may this be resolved? |
|
Definition
| Verify that the proper device ID or class has been entered |
|
|
Term
| Which True Match detection method can be evaluated at the agent level? |
|
Definition
| Described Content Matching (DCM) |
|
|
Term
| An Endpoint Prevent customer has a department with a high turn over rate. How should a Data Loss Prevention administrator write a policy that applies only to that department? |
|
Definition
| Create a user group for the department and associate it to the policy |
|
|
