- Home
- Symantec
- Endpoint Security Complete - Administration R2
- Symantec.250-580.v2025-07-03.q72
- Question 31
Valid 250-580 Dumps shared by ExamDiscuss.com for Helping Passing 250-580 Exam! ExamDiscuss.com now offer the newest 250-580 exam dumps, the ExamDiscuss.com 250-580 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 250-580 dumps with Test Engine here:
Access 250-580 Dumps Premium Version
(152 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 31/72
Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?
Correct Answer: D
Intrusion Preventionis the protection technology within Symantec Endpoint Protection that can detectbotnet command and control (C&C) traffic. By analyzing network traffic patterns and identifying knownC&C communication characteristics, Intrusion Prevention can block suspicious network connections indicative of botnet activity.
* How Intrusion Prevention Detects Botnet Traffic:
* Intrusion Prevention monitors outbound and inbound traffic for signatures associated with botnet C&C protocols.
* It can block connections to known malicious IPs or domains, effectively disrupting the communication between the botnet client and its controller.
* Why Other Options Are Incorrect:
* Insight(Option A) focuses on file reputation rather than network traffic.
* SONAR(Option B) detects behavior-based threats on the endpoint but not specifically C&C traffic.
* Risk Tracer(Option C) identifies the source of detected threats but does not directly detect botnet network traffic.
References: Intrusion Prevention is a key component in detecting and blocking botnet C&C traffic, preventing compromised endpoints from communicating with attackers.
* How Intrusion Prevention Detects Botnet Traffic:
* Intrusion Prevention monitors outbound and inbound traffic for signatures associated with botnet C&C protocols.
* It can block connections to known malicious IPs or domains, effectively disrupting the communication between the botnet client and its controller.
* Why Other Options Are Incorrect:
* Insight(Option A) focuses on file reputation rather than network traffic.
* SONAR(Option B) detects behavior-based threats on the endpoint but not specifically C&C traffic.
* Risk Tracer(Option C) identifies the source of detected threats but does not directly detect botnet network traffic.
References: Intrusion Prevention is a key component in detecting and blocking botnet C&C traffic, preventing compromised endpoints from communicating with attackers.
- Question List (72q)
- Question 1: What methods should an administrator utilize to restore comm...
- Question 2: What EDR feature provides endpoint activity recorder data fo...
- Question 3: A company uses a remote administration tool that is detected...
- Question 4: Which security control performs a cloud lookup on files down...
- Question 5: What feature is used to get a comprehensive picture of infec...
- Question 6: What does the Endpoint Communication Channel (ECC) 2.0 allow...
- Question 7: An administrator needs to identify infected computers that r...
- Question 8: What is the maximum number of endpoints a single SEDR Manage...
- Question 9: Which type of security threat is used by attackers to exploi...
- Question 10: Which two (2) instances could cause Symantec Endpoint Protec...
- Question 11: What is the timeout for the file deletion command in SEDR?...
- Question 12: An organization runs a weekly backup using the Backup and Re...
- Question 13: How does an administrator view all devices impacted by a sus...
- Question 14: Which report template type should an administrator utilize t...
- Question 15: How would an administrator specify which remote consoles and...
- Question 16: The Security Status on the console home page is failing to a...
- Question 17: Which type of security threat continues to threaten endpoint...
- Question 18: An administrator notices that some entries list that the Ris...
- Question 19: What SEP feature is leveraged when configuring custom IPS?...
- Question 20: If an administrator enables the setting to manage policies f...
- Question 21: What Threat Defense for Active Directory feature disables a ...
- Question 22: What does SONAR use to reduce false positives?...
- Question 23: Which of the following are considered entities in SES Comple...
- Question 24: Administrators at a company share a single terminal for conf...
- Question 25: What does a ranged query return or exclude?...
- Question 26: What type of policy provides a second layer of defense, afte...
- Question 27: What is the maximum number of SEPMs a single Management Plat...
- Question 28: Which security threat stage seeks to gather valuable data an...
- Question 29: A user is unknowingly about to connect to a malicious websit...
- Question 30: Which Firewall rule components should an administrator confi...
- Question 31: Which protection technology can detect botnet command and co...
- Question 32: Which Incident View widget shows the parent-child relationsh...
- Question 33: From which source can an administrator retrieve the SESC Net...
- Question 34: Performance on a SEPM is less than expected and generates in...
- Question 35: What is a feature of Cynic?
- Question 36: What does an end-user receive when an administrator utilizes...
- Question 37: Which communication method is utilized within SES to achieve...
- Question 38: An administrator changes the Virus and Spyware Protection po...
- Question 39: What does an Endpoint Activity Recorder (EAR) full dump cons...
- Question 40: An Incident Responder has determined that an endpoint is com...
- Question 41: An administrator decides to migrate an SES Complete hybrid e...
- Question 42: An organization has a virtualized environment that is utiliz...
- Question 43: An Application Control policy includes an Allowed list and a...
- Question 44: What is the function of Symantec Insight?...
- Question 45: What must be entered before downloading a file from ICDm?...
- Question 46: What information is required to calculate storage requiremen...
- Question 47: When a SEPM is enrolled in ICDm, which policy can only be ma...
- Question 48: A Symantec Endpoint Protection (SEP) administrator receives ...
- Question 49: An organization recently experienced an outbreak and is cond...
- Question 50: Which two (2) security controls are utilized by an administr...
- Question 51: What are the two (2) locations where an Incident Responder s...
- Question 52: Which action must a Symantec Endpoint Protection administrat...
- Question 53: The SES Intrusion Prevention System has blocked an intruder'...
- Question 54: Which SES advanced feature detects malware by consulting a t...
- Question 55: What does a medium-priority incident indicate?...
- Question 56: How should an administrator set up an alert to be notified w...
- Question 57: Which technology can prevent an unknown executable from bein...
- Question 58: Which term or expression is utilized when adversaries levera...
- Question 59: Which SEP feature is required for using the SEDR Isolate fun...
- Question 60: Using a hybrid environment, if a SEPM-managed endpoint canno...
- Question 61: An organization is considering a single site for their Syman...
- Question 62: Which designation should an administrator assign to the comp...
- Question 63: Which statement demonstrates how Symantec EDR hunts and dete...
- Question 64: What happens when a device fails a Host Integrity check?...
- Question 65: SES includes an advanced policy versioning system. When an a...
- Question 66: Which of the following is a benefit of choosing a hybrid SES...
- Question 67: Which two (2) scan range options are available to an adminis...
- Question 68: What account type must the AD Gateway Service Account be ass...
- Question 69: Where in the Attack Chain does Threat Defense for Active Dir...
- Question 70: Why is Active Directory a part of nearly every targeted atta...
- Question 71: Why is it important for an Incident Responder to copy malici...
- Question 72: Which SES security control protects a user against data leak...
