ST0-135 Symantec Network Access Control 12 Technical Exam Set 2

An unmanaged guest endpoint is permitted onto the production VLAN with 802.1x enabled on the switch port and a guest VLAN is configured. The guest endpoint is sent to a guest VLAN. What is the reason this is occurring?


Options are :

  • The switch action table is configured improperly. (Correct)
  • The switch is incompatible with the Symantec Endpoint Protection client.
  • The switch failed to receive the endpoint user authentication.
  • The Wireless AutoConfig service on the client has stopped.

Answer : The switch action table is configured improperly.

An organization that is deploying Symantec products needs to use network access control, antivirus and spyware, proactive threat protection, and network threat protection software. Which Symantec client(s) should be installed on the organization's workstations?


Options are :

  • Symantec Network Access Control client
  • Symantec Endpoint Protection client (Correct)
  • Symantec Network Access Control and Symantec Endpoint Protection clients
  • Symantec Endpoint Protection and the Symantec On-Demand clients

Answer : Symantec Endpoint Protection client

From which log can an administrator determine that the Enforcer has successfully registered with the Symantec Endpoint Protection Manager?


Options are :

  • System Logs: Enforcer Client
  • Compliance: Enforcer Server (Correct)
  • System Logs: Enforcer Activity
  • Compliance: Enforcer Traffic

Answer : Compliance: Enforcer Server

Symantec Network Access Control can be implemented standalone or as an integrated module of Symantec Endpoint Protection. What is the only policy that exists in both standalone and integrated implementations


Options are :

  • Firewall
  • LiveUpdate (Correct)
  • Host Integrity
  • Centralized Exceptions

Answer : LiveUpdate

What is the purpose of enabling the "Admin Defined Remediation Delay" setting?


Options are :

  • It permits the local user at the endpoint to delay remediation of a Host Integrity violation. (Correct)
  • It requires that a remediation be delayed before the condition causing the Host Integrity violation can be resolved.
  • It defines the time to delay before checking if the remediation was successful.
  • It permits only the administrator to delay remediations when logging into and out of compliance systems.

Answer : It permits the local user at the endpoint to delay remediation of a Host Integrity violation.

Which enforcement method requires the least amount of effort to implement, can restrict network traffic if desired, and has the least impact on the customer network?


Options are :

  • LAN Enforcement
  • Integrated Microsoft DHCP Enforcement
  • Self Enforcement (Correct)
  • Gateway Enforcement

Answer : Self Enforcement

Which two are requirements for checking a guest endpoint for Host Integrity compliance and enabling access to an Internet only VLAN that does not have a Gateway Enforcer inline? (Select two.)


Options are :

  • Gateway Enforcer web authentication configured
  • Gateway Enforcer in a guest VLAN (Correct)
  • Symantec Integrated Enforcer
  • Symantec On-Demand client with EAP authentication (Correct)
  • Symantec On-Demand client without EAP authentication

Answer : Gateway Enforcer in a guest VLAN Symantec On-Demand client with EAP authentication

Which number must a port number match when configuring an Enforcer so that it communicates with the Symantec Endpoint Protection Manager?


Options are :

  • the Web Services Port number
  • the Server Port number
  • the Client Communications Port number (Correct)
  • the Server Control Port number

Answer : the Client Communications Port number

Which two enforcement modes can be configured on the Symantec 6100 appliance? (Select two.)


Options are :

  • Gateway Enforcer (Correct)
  • DHCP Enforcer
  • Integrated DHCP Enforcer
  • Self Enforcement
  • LAN Enforcer (Correct)

Answer : Gateway Enforcer LAN Enforcer

What can be used in a Host Integrity policy to check for products that Symantec omits from built-in checks?


Options are :

  • predefined requirements
  • pre-configured checks
  • custom requirements (Correct)
  • modifiable requirements

Answer : custom requirements

Which command parameter provides a valid method for establishing the shared secret between the Enforcer appliance and the Symantec Endpoint Protection Manager?


Options are :

  • keymap
  • keyreg
  • keyhash (Correct)
  • keygen

Answer : keyhash

A Host Integrity policy has been created on the Policies page of the Symantec Endpoint Protection Manager to validate the patch level of the endpoints. The intent of the policy is to restrict network access to only remediation resources when an endpoint fails the Host Integrity rule. The administrator assigned the policy to the appropriate client group and ensured it is enabled. What additional configuration steps are needed to fulfill the desired result?


Options are :

  • Configure the Network Lockdown by enabling the Quarantine option.
  • Configure the Quarantine Location by assigning a restrictive firewall policy (Correct)
  • Configure the Firewall policy by enabling the Quarantine option
  • Configure the Network Lockdown settings by assigning a restrictive firewall policy.

Answer : Configure the Quarantine Location by assigning a restrictive firewall policy

Which two components run Host Integrity checking? (Select two.)


Options are :

  • Symantec Network Access Control Gateway Enforcer
  • Symantec Endpoint Protection client (Correct)
  • Symantec Network Access Control On-Demand client (Correct)
  • Symantec Critical System Protection client
  • Symantec Network Access Control LAN Enforcer

Answer : Symantec Endpoint Protection client Symantec Network Access Control On-Demand client

Which report should an administrator run to learn why a client failed a Host Integrity check?


Options are :

  • Compliance Failure Status
  • Compliance Failure Details (Correct)
  • Clients by Compliance Failure Summary
  • Non-compliant Clients by Location

Answer : Compliance Failure Details

A security manager needs to ensure a client station complies with Host Integrity checks for software applications and network setting. The checks are complex that require conditional checking. Which two types of checks enable conditional checking? (Select two.)


Options are :

  • firewall (Correct)
  • network connectivity
  • software validation
  • process
  • antivirus (Correct)

Answer : firewall antivirus

An Enforcer fails to register with the Symantec Endpoint Protection Manager, yet the administrator can ping the Symantec Endpoint Protection Manager from the Enforcer. What is most likely incorrect with the SPM configuration command?


Options are :

  • key parameter (Correct)
  • spm-domain parameter
  • client-group parameter
  • group parameter

Answer : key parameter

Which two considerations are important when implementing a Host Integrity policy to remediate operating system patch conditions? (Select two.)


Options are :

  • if the patch is subject to dependencies or prerequisites (Correct)
  • if the patch is the correct version for the antivirus software and firewall
  • if the patch is for 32- or 64-bit operating systems (Correct)
  • if the patch is for an On-Demand client
  • if the patch is for a Windows or Linux system

Answer : if the patch is subject to dependencies or prerequisites if the patch is for 32- or 64-bit operating systems

By default, what are the required connection settings for a serial connection to an Enforcer appliance?


Options are :

  • Data Bits: 8; Parity: odd; Stop Bits: 1
  • Data Bits: 8; Parity: none; Stop Bits: 1 (Correct)
  • Data Bits: 8; Parity: even; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 2

Answer : Data Bits: 8; Parity: none; Stop Bits: 1

Which Symantec Network Access Control technology can prevent a device from connecting to the network and receiving an IP address?


Options are :

  • DHCP Enforcer
  • Integrated Enforcer
  • LAN Enforcer (Correct)
  • Self Enforcement

Answer : LAN Enforcer

When a compliance log event indicates a failed signature file check, to which predefined requirement does this event relate?


Options are :

  • antivirus and antispyware condition (Correct)
  • file condition
  • registry condition
  • firewall condition

Answer : antivirus and antispyware condition

In addition to the local database on LAN Enforcer and an upstream RADIUS server, which method is possible for MAC Authentication Bypass?


Options are :

  • SQL to Great Bay database
  • LDAP to Active Directory
  • LDAP to Great Bay database (Correct)
  • SQL to Oracle database

Answer : LDAP to Great Bay database

An administrator needs to add a legal banner to the On-Demand Welcome page. Where is the banner page modified?


Options are :

  • on the Symantec Endpoint Protection Manager Apache Web server
  • on the Symantec Endpoint Protection Manager in admin > server tab
  • on the Gateway Enforcer (Correct)
  • on the Integrated Enforcer

Answer : on the Gateway Enforcer

An organization has installed a LAN Enforcer. Remediation resources are on the production VLAN. Which method provides remediation resources to the clients assigned to the quarantine VLAN?


Options are :

  • Configure static routes in the Host Integrity policy for the quarantine VLAN.
  • Configure static routes from the Enforcer group to the remediation server.
  • Configure static routes from the Enforcer command line interface to the remediation server
  • Configure static routes on a router to the remediation server(s). (Correct)

Answer : Configure static routes on a router to the remediation server(s).

An administrator configured On-Demand access and finds that clients are displaying in the default group in the Symantec Endpoint Protection Manager. What is likely causing this to happen?


Options are :

  • The On-Demand client failed Host Integrity.
  • The database is corrupt.
  • An On-Demand group needs to be created. (Correct)
  • The endpoint lost communication with Gateway Enforcer.

Answer : An On-Demand group needs to be created.

Which two command line entries will register an Enforcer with the Symantec Endpoint Protection Manager? (Select two.)


Options are :

  • configure spm {[ip ] | [subnet mask ] | [http ] | [key ]}
  • configure spm {[ip ] | [group ] | [http ] | [key ]} (Correct)
  • configure spm {[ip ] | [domain ] | [http ] | [key ]}
  • configure spm {[ip] | [http ] | [key
  • configure spm {[ip ] | [client_group ] | [http ] | [key ]}

Answer : configure spm {[ip ] | [group ] | [http ] | [key ]} configure spm {[ip] | [http ] | [key

Which two ways does the Gateway Enforcer support authentication for On-Demand clients? (Select two.)


Options are :

  • RSA Secure ID
  • NDS Authentication
  • Symantec Endpoint Protection Database
  • Gateway Enforcer Local Database (Correct)
  • RADIUS Authentication (Correct)

Answer : Gateway Enforcer Local Database RADIUS Authentication

When is Host Integrity checking enabled on a Symantec Network Access Control client?


Options are :

  • when the Symantec Network Access Control client is updated by LiveUpdate for content
  • during the heartbeat authentication process with the Enforcer
  • when the Host Integrity policy is configured and distributed to the client (Correct)
  • automatically when an upgrade to Symantec Network Access Control is applied

Answer : when the Host Integrity policy is configured and distributed to the client

What should an administrator do to ensure that the results of Host Integrity do not affect the traffic through Gateway Enforcer?


Options are :

  • Configure the Gateway to permit all clients that have the correct policy number.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the Enforcer fails.
  • Configure the Gateway to permit all clients that have non-Windows operating systems.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails. (Correct)

Answer : Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails.

A Host Integrity Antivirus Requirement has been configured, and the Host Integrity policy has been assigned and enabled. The requirement was defined as "Any supported antivirus application". In which case must a specific product be defined?


Options are :

  • Signature check results need to be included for alerting.
  • A particular antivirus software needs to be installed and started if the check fails. (Correct)
  • Users need to be able to cancel the Host Integrity remediation.
  • Product names need to be included in reports in the logs.

Answer : A particular antivirus software needs to be installed and started if the check fails.

An administrator is configuring a LAN enforcement and is not sure if the switch is communicating with the Enforcer. The administrator needs to look at the traffic in real time. Which command should the administrator use?


Options are :

  • snoop -d -i -v
  • tcpdump -i eth0 -vv
  • capture filter all verbose start (Correct)
  • show kernel live

Answer : capture filter all verbose start

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions