ST0-135 Symantec Network Access Control 12 Technical Exam Set 3

What happens if the Enforcer group is unspecified when entering the spm command in the Enforcer command line interface?


Options are :

  • It fails to register the Enforcer.
  • It places the Enforcer in the Default group.
  • It registers the Enforcer without a group.
  • It creates a group using the Enforcer hostname. (Correct)

Answer : It creates a group using the Enforcer hostname.

An organization's administrator configures a LAN Enforcer to function with the HubNet SX1337 layer two managed switch that uses 802.1x. While attempting to select switch models, the administrator finds that HubNet is unlisted and so selects "Other". After configuring the rest of the properties, the administrator finds that the Enforcer is sending dynamic VLAN assignments to the correct IP address; however, the switch is failing to switch VLANs. Which required setting with the "Other" switch model selection did the administrator overlook?


Options are :

  • action switch to V-LAN quarantine
  • send custom RADIUS attributes to Enforcer
  • action switch to V-LAN production
  • send custom RADIUS attributes to switch (Correct)

Answer : send custom RADIUS attributes to switch

What is the default context in which programs are run when using the patch requirement in a Host Integrity policy?


Options are :

  • domain-user context
  • administrator context
  • system context (Correct)
  • local-user context

Answer : system context

Which information do the Enforcer System logs contain?


Options are :

  • client connections
  • Enforcer kernel modules
  • configuration changes (Correct)
  • connection attempts

Answer : configuration changes

What is a Host Integrity rule template?


Options are :

  • a read-only predefined custom requirement supplied by Symantec
  • an empty custom requirement supplied by Symantec
  • a predefined custom requirement supplied by Symantec (Correct)
  • a template used to insert a new predefined requirement for selection

Answer : a predefined custom requirement supplied by Symantec

Which enforcement method requires the Symantec Endpoint Protection Client to be installed with the firewall enabled?


Options are :

  • Gateway Enforcement
  • DHCP Enforcement
  • LAN Enforcement
  • Self-enforcement (Correct)

Answer : Self-enforcement

Devices such as printers and IP phones may also need access to the network. Where In the Integrated Enforcer Console can access for these devices be enabled?


Options are :

  • Mac Address Bypass list
  • Excluded supplicant list
  • Trusted vendor list (Correct)
  • Excluded device list

Answer : Trusted vendor list

How does the Gateway Enforcer function on the network?


Options are :

  • Layer 2 bridging operation from external interface to internal interface (Correct)
  • Layer 2 routing operation from external interface to internal interface
  • Layer 3 bridging operation from external interface to internal interface
  • Layer 3 bridging operation from internal to external interface

Answer : Layer 2 bridging operation from external interface to internal interface

What must be completed before registering an Enforcer appliance with the Symantec Endpoint Protection Manager?


Options are :

  • Perform initial configuration. (Correct)
  • Re-image appliance
  • Set time zone and shared-secret.
  • Set initial IP address and shared-secret.

Answer : Perform initial configuration.

Which Enforcer command line interface command must be entered before the 'upload' command can be used?


Options are :

  • configure
  • spm
  • debug (Correct)
  • log

Answer : debug

When a client fails Host Integrity check, it may be restricted only to the resources necessary to become compliant. In the Integrated Enforcer, where are these resources added?


Options are :

  • Symantec Centralized Quarantine Server
  • Centralized Exceptions Policy
  • Automatic Quarantine Configuration (Correct)
  • Symantec Endpoint Protection Manager list

Answer : Automatic Quarantine Configuration

In addition to the Host Integrity policy, which policy is required to enforce network access using the Self-enforcement method?


Options are :

  • Device Control policy
  • Application Control policy
  • Centralized Exception policy
  • Firewall policy (Correct)

Answer : Firewall policy

When testing 802.1x environments, which logs can an administrator use to confirm whether the credentials provided by a user are accepted or rejected?


Options are :

  • Enforcer Server logs
  • Symantec Audit logs
  • Symantec Compliance logs
  • RADIUS Server Event logs (Correct)

Answer : RADIUS Server Event logs

A virus outbreak is occurring in an organization's network where a registry setting is changed to prevent the control panel from opening. Which two Symantec Network Access Control custom options can the organization's administrator use to remediate the condition caused by the virus? (Select two.)


Options are :

  • Create a custom Host Integrity requirement that reverts the registry setting. (Correct)
  • Create a custom firewall rule to prevent remote registry access.
  • Create a custom Host Integrity script that removes the virus's executable. (Correct)
  • Create a custom Host Integrity policy that kills the control panel process.
  • Create a custom firewall rule to block access to the registry by the virus

Answer : Create a custom Host Integrity requirement that reverts the registry setting. Create a custom Host Integrity script that removes the virus's executable.

How does a LAN Enforcer allow devices, such as IP phones, without a 802.1X supplicant running?


Options are :

  • MAC Authentication Bypass (Correct)
  • Trusted Vendor exception
  • IP authentication
  • User authentication

Answer : MAC Authentication Bypass

When using Symantec Network Access Control Integrated Enforcer, which two additional components are required for guest access with Host Integrity checking? (Select two.)


Options are :

  • Symantec Endpoint Protection Manager (Correct)
  • LAN Enforcer
  • Microsoft Active Directory Domain Controller
  • Gateway Enforcer (Correct)
  • Microsoft IAS Server

Answer : Symantec Endpoint Protection Manager Gateway Enforcer

Which two functions can Symantec Network Access Control Host Integrity check for and automate to reduce Help Desk calls for IT support? (Select two.)


Options are :

  • query Insight reputation for a new file download
  • ensure required software applications such as Altiris are running (Correct)
  • detect and prevent keystroke loggers from running
  • start services that have been stopped by users (Correct)
  • encrypt wireless communications for local administrative users

Answer : ensure required software applications such as Altiris are running start services that have been stopped by users

A laptop is connected to the Internet from a non-corporate connection. The Symantec Network Access Control client is in the "Remote" location defined by an administrator. The client has no access to corporate network resources. The Symantec Network Access Control client reports that Host Integrity has failed due to out-of-date virus definitions for a third-party antivirus. The user is unable to access the corporate remediation servers to remediate this definition issue. How can a Symantec Network Access Control administrator avoid this situation in the future?


Options are :

  • Apply third party antivirus definitions when Host Integrity fails.
  • Apply a location specific LiveUpdate policy for the quarantine location to provide alternate remediation options LiveUpdate definitions.
  • Apply Host Integrity policy to a quarantine location.
  • Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions. (Correct)

Answer : Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions.

How can an administrator ensure that LAN Enforcer appliances have the same settings?


Options are :

  • Create LAN Enforcer group in Symantec Endpoint Protection Manager Console and add both Enforcers.
  • Connect to LAN Enforcer and specify the same group Enforcer name with configure > spm > group. (Correct)
  • Configure Replication in Symantec Endpoint Protection Manager and mark the checkbox to include LAN Enforcers.
  • Edit the synchronization.conf on both Enforcers to contain address of each Enforcer

Answer : Connect to LAN Enforcer and specify the same group Enforcer name with configure > spm > group.

What should be considered when developing a Host Integrity policy?


Options are :

  • the third-party deployment packages that will need to be deployed for endpoints that are excluded from the Host Integrity policy
  • the users that will be permitted to interact with remediation resources and processes
  • the specific elements to assess patch levels on non-Windows systems and the script logic for remediation
  • the order in which the requirements are checked and the operation required for remediation (Correct)

Answer : the order in which the requirements are checked and the operation required for remediation

What should an administrator do to obtain additional information about Host Integrity checking for a newly implemented Host Integrity policy?


Options are :

  • Enable debug logging on the enforcer.
  • Create a customized computer status report on the management server.
  • Enable the reporting of additional log events on the client systems.
  • Set verbose logging on the Host Integrity policy. (Correct)

Answer : Set verbose logging on the Host Integrity policy.

In an Enforcer command line interface, which filter is used to capture communication traffic between an Enforcer and a Symantec Endpoint Protection Manager?


Options are :

  • spm (Correct)
  • auth
  • client
  • query

Answer : spm

A Help Desk technician determines that a client's Host Integrity event indicates it is failing a requirement, but the client's computer is still able to access the network, even after rerunning the check several times. Why will the client's Host Integrity status still pass?


Options are :

  • The administrator has configured the operating system to ignore Host Integrity even when it fails.
  • The log search must be rerun to update the status.
  • The policy has been configured to pass even if the requirement fails. (Correct)
  • The requirement logic is malfunctioning.

Answer : The policy has been configured to pass even if the requirement fails.

At the Enforcer (debug)# prompt, which command enables the most detailed level of debugging?


Options are :

  • level verbose
  • level engineer (Correct)
  • level fine
  • level error

Answer : level engineer

Which custom requirement utility allows an administrator the ability to choose an informative icon to display to the end user?


Options are :

  • run a program
  • log message (Correct)
  • show message dialog
  • run a script

Answer : log message

On which product can Symantec Network Access Control functionality be enabled?


Options are :

  • Symantec AntiVirus 10.2
  • Symantec Endpoint Protection 12.1
  • Symantec Client Security 3.1 (Correct)
  • Symantec Critical System Protection 5.2

Answer : Symantec Client Security 3.1

When a Gateway Enforcer is being deployed, which port needs to be kept open between the clients and the Enforcer?


Options are :

  • TCP 39999
  • TCP 1812
  • UDP 39999 (Correct)
  • UDP 1812

Answer : UDP 39999

Which two event details are included in a standard Host Integrity log file? (Select two.)


Options are :

  • error messages (Correct)
  • enforcer status
  • state of each requirement
  • checked parameter
  • client Host Integrity status (Correct)

Answer : error messages client Host Integrity status

Which two network connectivity testing commands are available in the Enforcer command line interface? (Select two.)


Options are :

  • Traceroute (Correct)
  • Nslookup
  • Ping (Correct)
  • Snoop
  • NBNS query

Answer : Traceroute Ping

A Helpdesk technician is examining the logs for a particular client when he notices something odd. A Host Integrity event is listed for a client as failing a requirement, but that client machine is still able to access the network even after having the check rerun several times. Why would the client's Host Integrity status still pass?


Options are :

  • The administrator has configured the OS to ignore Host Integrity even when it fails. (Correct)
  • The administrator has configured that requirement to allow the Host Integrity policy to pass even if it fails.
  • The requirement logic is malfunctioning and the Helpdesk technician should notify the administrator to contact the vendor.
  • It is likely to be a problem with the recording of the status. The log search must be rerun to update the status.

Answer : The administrator has configured the OS to ignore Host Integrity even when it fails.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions