ST0-135 Symantec Network Access Control 12 Technical Exam Set 4

Which check can be performed using custom requirements to verify whether "a product is installed" on a client machine?


Options are :

  • check the IT documentation to see if the product is installed (Correct)
  • check the service snap-in to see if the product is installed
  • check the policy document to see if the product is installed
  • check the registry keys to see if the product is installed

Answer : check the IT documentation to see if the product is installed

What is the default time interval for Host Integrity checks?


Options are :

  • 2 minutes (Correct)
  • 30 minutes
  • Continuous
  • 5 minutes

Answer : 2 minutes

Which protocol is used to transfer packet captures from an Enforcer?


Options are :

  • SFTP
  • HTTP
  • TFTP (Correct)
  • FTP

Answer : TFTP

Which two are explanations of why auto-location switching may be useful for Host Integrity? (Select two.)


Options are :

  • It can select different Host Integrity checks, based on location (Correct)
  • It can choose different Firewall rule sets, based on location.
  • It can define different Remediation sources, based on location. (Correct)
  • It can enable different Antivirus features, based on location.
  • It can enable different LiveUpdate features, based on location.

Answer : It can select different Host Integrity checks, based on location It can define different Remediation sources, based on location.

A Host Integrity policy has a complex custom conditional check that has three IF THEN statements, two of which have ELSE statements. How many ENDIF statements are required?


Options are :

  • 5
  • 1
  • 3 (Correct)
  • 0

Answer : 3

What will happen if a user switches to a location with a different Host Integrity policy while a Host Integrity check is in progress?


Options are :

  • The client will stop the check and the user may get a timeout if attempting to reach remediation resources. (Correct)
  • The Host Integrity check always completes prior to moving between locations.
  • The client is permitted guest access to the quarantine network until the next scheduled Host Integrity check.
  • The Host Integrity check will fail and the client will be denied network access.

Answer : The client will stop the check and the user may get a timeout if attempting to reach remediation resources.

An administrator has upgraded a Symantec Endpoint Protection Manager to include Symantec Network Access Control. How should the administrator deploy compliance checking to existing Symantec Endpoint Protection clients?


Options are :

  • Edit the client feature set to include compliance checking.
  • Edit the 'Client Install Setting' to include compliance checking
  • Create compliance checking and add to the 'Location Specific Setting'.
  • Create compliance checking policies on a per location basis. (Correct)

Answer : Create compliance checking policies on a per location basis.

When would the Enforcer need to be reset to factory defaults?


Options are :

  • to purge all logs from the Enforcer
  • to upgrade the Enforcer
  • to purge any errors on the Enforcer
  • to change the type of Enforcer (Correct)

Answer : to change the type of Enforcer

During a disaster recovery process, after reinstalling the Symantec Endpoint Protection Manager, what is the next manual step?


Options are :

  • Restore the database. (Correct)
  • Restore the Server.xml file.
  • Restore the JKS keystore
  • Restore the certificates.

Answer : Restore the database.

An organization's security policy requires Host Integrity checks to run only when the client is connecting through a VPN concentrator whose internal interface is attached to a Gateway Enforcer. Which setting should be configured to only check Host Integrity on these external clients, but not check clients on the local network?


Options are :

  • Add the IP addresses of the internal clients that need not be checked to the "Trusted Internal IP Address Range".
  • Apply the Host Integrity agent to the external computers only.
  • Block port UDP 39999 on the client firewalls of the internal clients, so that they cannot be challenged by the Enforcer.
  • Select "Only do Host-Integrity checking through the Gateway or DHCP Enforcer". (Correct)

Answer : Select "Only do Host-Integrity checking through the Gateway or DHCP Enforcer".

How does Symantec Network Access Control handle location switching compared to Symantec Endpoint Protection?


Options are :

  • It excludes locations.
  • It handles locations in the same way. (Correct)
  • It uses locations instead of groups.
  • It uses a reverse logic structure.

Answer : It handles locations in the same way.

Which default port must a firewall administrator open to enable communication between an Enforcer and the Symantec Endpoint Protection Manager?


Options are :

  • 8443
  • 1812 (Correct)
  • 1433
  • 8080

Answer : 1812

When using a non-Symantec (third party) anti-virus solution, which two types of Symantec clients can be used? (Select two.)


Options are :

  • Symantec On-Demand client (Correct)
  • Symantec Dissolvable client for Linux
  • Symantec Network Access Control client (Correct)
  • Symantec Critical System Protection client
  • Symantec Compliance Center client

Answer : Symantec On-Demand client Symantec Network Access Control client

Which statement is true about Symantec Network Access Control compliance?


Options are :

  • It provides clients with the ability to configure and deliver content and product updates to other clients in the same topological location.
  • It ensures the management of a secure client endpoint through the creation and implementation of group policies. (Correct)
  • It ensures that endpoints, such as clients and servers, meet specific administratordefined requirements.
  • It provides services needed by a client to bring itself up to spec in order to gain access to network resources.

Answer : It ensures the management of a secure client endpoint through the creation and implementation of group policies.

Which two databases are supported when Symantec Endpoint Protection Manager is being configured? (Select two.)


Options are :

  • Microsoft SQL Express, SP1
  • Microsoft SQL Server 2005, SP2 (Correct)
  • Microsoft SQL Server 2008 (Correct)
  • Oracle Database 11g
  • MySQL Database 5.5

Answer : Microsoft SQL Server 2005, SP2 Microsoft SQL Server 2008

Which two default user accounts are created on an Enforcer? (Select two.)


Options are :

  • Root (Correct)
  • symadmin
  • user
  • Superuser
  • Admin (Correct)

Answer : Root Admin

An organization has deployed Symantec Network Access Control with LAN Enforcer. Historically, all clients were Windows based endpoints. Now, Linux endpoints that authenticate with Microsoft Active Directory will need to be authenticated through the LAN Enforcer. Which entry needs to be added to the Switch Profile Action table to open the port for Linux endpoints once they have been authenticated through Active Directory user credentials?


Options are :

  • Host Authentication: Pass, User Authentication: Pass, Policy Check: Pass, Action: Open Port
  • Host Authentication: Pass, User Authentication: Unavailable, Policy Check: Unavailable, Action: Close Port
  • Host Authentication: Unavailable, User Authentication:Pass, Policy Check: Unavailable, Action: Open Port (Correct)
  • Host Authentication: Fail, User Authentication: Fail, Policy Check: Ignore, Action: Close Port

Answer : Host Authentication: Unavailable, User Authentication:Pass, Policy Check: Unavailable, Action: Open Port

A managed endpoint continues to pass Host Integrity even though the endpoint is missing the required Microsoft Security Critical Updates as defined by the Host Integrity policy. An administrator has verified that all checks are active and will cause the endpoint to fail Host Integrity if non-compliant. What are two sources of information the administrator can check to troubleshoot this problem? (Select two.)


Options are :

  • Symantec Endpoint Protection Manager Console in the Monitors page (Correct)
  • Symantec Endpoint Protection Manager Console in the Admin page Domain tab
  • Symantec Endpoint Protection Manager Console in the Admin page Servers tab
  • Windows System Event Logs on the endpoint
  • Client Network Access Control Log on the endpoint (Correct)

Answer : Symantec Endpoint Protection Manager Console in the Monitors page Client Network Access Control Log on the endpoint

Which packets are periodically sent from an Enforcer to find other Enforcers on the network?


Options are :

  • Discover
  • ARP
  • Failover (Correct)
  • OSPF

Answer : Failover

The 802.1x protocol has three major components: Supplicant, Authenticator and Authentication Server. Which elements serve each of these components when Symantec Network Access Control is being configured to use LAN Enforcement?


Options are :

  • Supplicant: Microsoft Supplicant, Authenticator: Microsoft Active Directory Domain Controller, Authentication Server: Symantec Endpoint Protection Manager
  • Supplicant: Microsoft Supplicant, Authenticator: 802.1x Enabled Switch, Authentication Server: Symantec LAN Enforcer (Correct)
  • Supplicant: Network Access Control Client, Authenticator: Symantec Endpoint Protection Policy Manager, Authentication Server: Symantec LAN Enforcer
  • Supplicant: Symantec Endpoint Protection Client, Authenticator: Symantec LAN Enforcer, Authentication Server: Microsoft Active Directory Domain Controller

Answer : Supplicant: Microsoft Supplicant, Authenticator: 802.1x Enabled Switch, Authentication Server: Symantec LAN Enforcer

Which log contains IP address, connection attempt, port information, and the direction of the connection?


Options are :

  • Enforcer Traffic log (Correct)
  • Enforcer Kernel log
  • Enforcer Packet log
  • Enforcer Client log

Answer : Enforcer Traffic log

How can an administrator provide computers on a quarantine VLAN with access to remediation materials without using static routes?


Options are :

  • Create a static route from the quarantine VLAN to the Symantec Endpoint Protection Manager in the Enforcer command line interface.
  • Multi-home the remediation server and connect one NIC to a port assigned to the quarantine VLAN. (Correct)
  • Assign a virtual IP address to the NIC on the remediation server and add it to the quarantine VLAN
  • Put a wireless access point on the quarantine VLAN to provide wireless access to quarantined clients.

Answer : Multi-home the remediation server and connect one NIC to a port assigned to the quarantine VLAN.

Which components do Symantec Network Access Control and Symantec Endpoint Protection share?


Options are :

  • identical user interfaces and the same installer package
  • the same manager, database schema, and infrastructure mechanics
  • the same location awareness policy (Correct)
  • the same Host Integrity policy and Replication policy

Answer : the same location awareness policy

A guest is unable to download the On-Demand client. The guest is running Windows 7 64- bit and connecting with the Mozilla Firefox browser. The computer has 512 MB RAM and 50 MB free disk space. What is the likely cause of the problem?


Options are :

  • The guest's operating system is unsupported.
  • The guest's system has insufficient RAM.
  • The guest's system has insufficient disk space. (Correct)
  • The guest's browser is unsupported.

Answer : The guest's system has insufficient disk space.

How can access be permitted to remediation services when a client fails the Host Integrity check using a Gateway Enforcer?


Options are :

  • Add the client to the Allowed Client table on the Enforcer.
  • Add the IP addresses of the hosts to the Trusted Internal IP Address List. (Correct)
  • Add the client's IP address to the Trusted External IP Address List.
  • Add the client's MAC Address to the Mac Address Bypass table.

Answer : Add the IP addresses of the hosts to the Trusted Internal IP Address List.

What are the correct connection settings for a serial connection?


Options are :

  • Data Bits: 8; Parity: none; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 2 (Correct)
  • Data Bits: 8; Parity: even; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 1

Answer : Data Bits: 8; Parity: odd; Stop Bits: 2

A guest with a Macintosh laptop without Symantec Endpoint Protection installed connects to an organization's wireless access point to browse a website. The organization uses Symantec Network Access Control with the On-Demand agent feature turned on. Which behavior will the guest's laptop experience?


Options are :

  • It will be redirected to an HTTP download page. (Correct)
  • It will be given a quarantine IP address.
  • It will be permanently denied all access to the network.
  • It will be moved to a quarantine VLAN

Answer : It will be redirected to an HTTP download page.

An organization with a Gateway Enforcer behind a VPN concentrator that is performing NAT, determines that clients are being blocked. What is the most likely cause of the problem?


Options are :

  • The Enforcer is placed in the wrong physical location on the network.
  • The client is missing from the MAC Address Bypass list.
  • Static routes need to be added to the Symantec Endpoint Protection Manager to pass the client traffic
  • The IP address of the internal interface of the VPN connector needs to be added to the Trusted External IP Address list. (Correct)

Answer : The IP address of the internal interface of the VPN connector needs to be added to the Trusted External IP Address list.

On a LAN Enforcer, which command shows the switch action table decisions in real time?


Options are :

  • show auth live
  • show spm
  • show kernel live (Correct)
  • show action live

Answer : show kernel live

In a multi-site environment, which critical step must be manually taken prior to upgrading the Symantec Endpoint Protection Manager to the next major release?


Options are :

  • Upgrade the Symantec Endpoint Protection client software.
  • Enable Local Authentication
  • Turn off replication. (Correct)
  • Stop the Symantec Endpoint Protection Manager service.

Answer : Turn off replication.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions