FreeCram
  1. Home
  2. Symantec
  3. Administration of Symantec Advanced Threat Protection 3.0
  4. Symantec.250-441.v2018-11-27.q41
  5. Question 31
<< Prev Question Next Question >>

Question 31/41

An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (41q)
Question 1: Which stage of an Advanced Persistent Threat (APT) attack do...
Question 2: Which best practice does Symantec recommend with the Endpoin...
Question 3: An Incident Responder has reviewed a STIX report and now wan...
Question 4: What is the main constraint an ATP Administrator should cons...
Question 5: Why is it important for an Incident Responder to review Rela...
Question 6: What occurs when an endpoint fails its Host Integrity check ...
Question 7: Malware is currently spreading through an organization's net...
Question 8: What does a Quarantine Firewall policy enable an ATP Adminis...
Question 9: Which default port does ATP use to communicate with the Syma...
Question 10: Which prerequisite is necessary to extend the ATP: Network s...
Question 11: Which attribute is required when configuring the Symantec En...
Question 12: Which National Institute of Standards and Technology (NIST) ...
Question 13: A medium-sized organization with 10,000 users at Site A and ...
Question 14: Which section of the ATP console should an ATP Administrator...
Question 15: An Incident Responder notices traffic going from an endpoint...
Question 16: An Incident Responder documented the scope of a recent outbr...
Question 17: An Incident Responder discovers an incident where all system...
Question 18: What is the minimum amount of RAM required for a virtual dep...
Question 19: How should an ATP Administrator configure Endpoint Detection...
Question 20: An ATP Administrator has deployed ATP: Network, Endpoint, an...
Question 21: Which final steps should an Incident Responder take before u...
Question 22: How can an Incident Responder generate events for a site tha...
Question 23: What is the role of Cynic within the Advanced Threat Protect...
Question 24: Where can an Incident Responder view Cynic results in ATP?...
Question 25: An ATP Administrator set up ATP: Network in TAP mode and has...
Question 26: Which two widgets can an Incident Responder use to isolate b...
Question 27: Which two tasks should an Incident Responder complete when r...
Question 28: Which threat is an example of an Advanced Persistent Threat ...
Question 29: Which two database attributes are needed to create a Microso...
Question 30: Which action should an Incident Responder take to remediate ...
Question 31: An Incident Responder is going to run an indicators of compr...
Question 32: Which stage of an Advanced Persistent Threat (APT) attack do...
Question 33: An Incident Responder wants to run a database search that wi...
Question 34: Which threat is an example of an Advanced Persistent Threat ...
Question 35: Which two user roles allow an Incident Responder to blacklis...
Question 36: Which two actions can an Incident Responder take in the Cyni...
Question 37: An Incident Responder wants to investigate whether msscrt.pd...
Question 38: How does an attacker use a zero-day vulnerability during the...
Question 39: Why is it important for an Incident Responder to analyze an ...
Question 40: What is the earliest stage at which a SQL injection occurs d...
Question 41: Which threat is an example of an Advanced Persistent Threat ...