- Home
- Symantec
- Endpoint Security Complete - Administration R2
- Symantec.250-580.v2025-07-03.q72
- Question 63
Valid 250-580 Dumps shared by ExamDiscuss.com for Helping Passing 250-580 Exam! ExamDiscuss.com now offer the newest 250-580 exam dumps, the ExamDiscuss.com 250-580 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 250-580 dumps with Test Engine here:
Access 250-580 Dumps Premium Version
(152 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 63/72
Which statement demonstrates how Symantec EDR hunts and detects IoCs in the environment?
Correct Answer: A
Symantec Endpoint Detection and Response (EDR) hunts and detects Indicators of Compromise (IoCs) by searching the EDR database and other data sources directly. This direct search approach allows EDR to identify malicious patterns or artifacts that may signal a compromise.
* How EDR Hunts IoCs:
* By querying the EDR database along with data from connected sources, administrators can identify signs of potential compromise across the environment. This includes endpoint logs, network traffic, and historical data within the EDR platform.
* The platform enables security teams to look for specific IoCs, such as file hashes, IP addresses, or registry modifications associated with known threats.
* Why Other Options Are Less Suitable:
* Viewing PowerShell processes (Option B) or detecting memory exploits with SEP (Option C) are specific techniques but do not represent the comprehensive IoC-hunting approach.
* Detonating suspicious files in sandboxes (Option D) is more of a behavioral analysis method rather than direct IoC hunting.
References: Direct database and data source searches are core to EDR's hunting capabilities, as outlined in Symantec's EDR operational guidelines.
* How EDR Hunts IoCs:
* By querying the EDR database along with data from connected sources, administrators can identify signs of potential compromise across the environment. This includes endpoint logs, network traffic, and historical data within the EDR platform.
* The platform enables security teams to look for specific IoCs, such as file hashes, IP addresses, or registry modifications associated with known threats.
* Why Other Options Are Less Suitable:
* Viewing PowerShell processes (Option B) or detecting memory exploits with SEP (Option C) are specific techniques but do not represent the comprehensive IoC-hunting approach.
* Detonating suspicious files in sandboxes (Option D) is more of a behavioral analysis method rather than direct IoC hunting.
References: Direct database and data source searches are core to EDR's hunting capabilities, as outlined in Symantec's EDR operational guidelines.
- Question List (72q)
- Question 1: What methods should an administrator utilize to restore comm...
- Question 2: What EDR feature provides endpoint activity recorder data fo...
- Question 3: A company uses a remote administration tool that is detected...
- Question 4: Which security control performs a cloud lookup on files down...
- Question 5: What feature is used to get a comprehensive picture of infec...
- Question 6: What does the Endpoint Communication Channel (ECC) 2.0 allow...
- Question 7: An administrator needs to identify infected computers that r...
- Question 8: What is the maximum number of endpoints a single SEDR Manage...
- Question 9: Which type of security threat is used by attackers to exploi...
- Question 10: Which two (2) instances could cause Symantec Endpoint Protec...
- Question 11: What is the timeout for the file deletion command in SEDR?...
- Question 12: An organization runs a weekly backup using the Backup and Re...
- Question 13: How does an administrator view all devices impacted by a sus...
- Question 14: Which report template type should an administrator utilize t...
- Question 15: How would an administrator specify which remote consoles and...
- Question 16: The Security Status on the console home page is failing to a...
- Question 17: Which type of security threat continues to threaten endpoint...
- Question 18: An administrator notices that some entries list that the Ris...
- Question 19: What SEP feature is leveraged when configuring custom IPS?...
- Question 20: If an administrator enables the setting to manage policies f...
- Question 21: What Threat Defense for Active Directory feature disables a ...
- Question 22: What does SONAR use to reduce false positives?...
- Question 23: Which of the following are considered entities in SES Comple...
- Question 24: Administrators at a company share a single terminal for conf...
- Question 25: What does a ranged query return or exclude?...
- Question 26: What type of policy provides a second layer of defense, afte...
- Question 27: What is the maximum number of SEPMs a single Management Plat...
- Question 28: Which security threat stage seeks to gather valuable data an...
- Question 29: A user is unknowingly about to connect to a malicious websit...
- Question 30: Which Firewall rule components should an administrator confi...
- Question 31: Which protection technology can detect botnet command and co...
- Question 32: Which Incident View widget shows the parent-child relationsh...
- Question 33: From which source can an administrator retrieve the SESC Net...
- Question 34: Performance on a SEPM is less than expected and generates in...
- Question 35: What is a feature of Cynic?
- Question 36: What does an end-user receive when an administrator utilizes...
- Question 37: Which communication method is utilized within SES to achieve...
- Question 38: An administrator changes the Virus and Spyware Protection po...
- Question 39: What does an Endpoint Activity Recorder (EAR) full dump cons...
- Question 40: An Incident Responder has determined that an endpoint is com...
- Question 41: An administrator decides to migrate an SES Complete hybrid e...
- Question 42: An organization has a virtualized environment that is utiliz...
- Question 43: An Application Control policy includes an Allowed list and a...
- Question 44: What is the function of Symantec Insight?...
- Question 45: What must be entered before downloading a file from ICDm?...
- Question 46: What information is required to calculate storage requiremen...
- Question 47: When a SEPM is enrolled in ICDm, which policy can only be ma...
- Question 48: A Symantec Endpoint Protection (SEP) administrator receives ...
- Question 49: An organization recently experienced an outbreak and is cond...
- Question 50: Which two (2) security controls are utilized by an administr...
- Question 51: What are the two (2) locations where an Incident Responder s...
- Question 52: Which action must a Symantec Endpoint Protection administrat...
- Question 53: The SES Intrusion Prevention System has blocked an intruder'...
- Question 54: Which SES advanced feature detects malware by consulting a t...
- Question 55: What does a medium-priority incident indicate?...
- Question 56: How should an administrator set up an alert to be notified w...
- Question 57: Which technology can prevent an unknown executable from bein...
- Question 58: Which term or expression is utilized when adversaries levera...
- Question 59: Which SEP feature is required for using the SEDR Isolate fun...
- Question 60: Using a hybrid environment, if a SEPM-managed endpoint canno...
- Question 61: An organization is considering a single site for their Syman...
- Question 62: Which designation should an administrator assign to the comp...
- Question 63: Which statement demonstrates how Symantec EDR hunts and dete...
- Question 64: What happens when a device fails a Host Integrity check?...
- Question 65: SES includes an advanced policy versioning system. When an a...
- Question 66: Which of the following is a benefit of choosing a hybrid SES...
- Question 67: Which two (2) scan range options are available to an adminis...
- Question 68: What account type must the AD Gateway Service Account be ass...
- Question 69: Where in the Attack Chain does Threat Defense for Active Dir...
- Question 70: Why is Active Directory a part of nearly every targeted atta...
- Question 71: Why is it important for an Incident Responder to copy malici...
- Question 72: Which SES security control protects a user against data leak...
