ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 2

What is always replicated when replicating data between Symantec Network Access Control Managers?   


Options are :

  • content, install packages, logs
  • groups, logs, policies
  • administrators, groups, policies
  • policies, domains, install packages

Answer : administrators, groups, policies

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

Which three policies are created when you migrate from Symantec AntiVirus Corporate Edition

(SAVCE)? (Choose three.)

A. Application and Device Control

B. LiveUpdate

C. Centralized Exceptions

D. Antivirus and Antispyware

E. Intrusion Prevention


Options are :

  • A,E,C
  • A,C,D
  • B,C,D
  • A,B,C

Answer : B,C,D

Which tool is used to access the command line interface over the network?   


Options are :

  • SSH
  • RDP
  • Telnet
  • serial

Answer : SSH

An organization needs a Symantec Network Access Control solution that will ensure an endpoint

is compliant with Host Integrity policy before granting access to the organization's production

network.

In addition to the LAN Enforcer, which two items are required to meet the requirements? (Select

two.)

A. 802.1x capable switch

B. Symantec Endpoint Protection Manager

C. remote access device

D. Central Quarantine server


Options are :

  • A,D
  • B,C
  • C,D
  • A,B

Answer : A,B

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 6

Which command does an administrator use to halt On-Demand access after logging into a Gateway Enforcer? 


Options are :

  • on-demand halt
  • on-demand terminate
  • on-demand stop
  • on-demand disable

Answer : on-demand disable

Lifeline Supply Company employs 900 individuals at their location. Their data center is running Microsoft Exchange 2007 and an Oracle database. They are currently running different versions of Symantec Antivirus Corporate Edition managed through the Symantec System Center. They plan to migrate to Symantec Network Access Control and the IT director has to consider cost to benefit ratios given budgetary restrictions. Which site design best fits this company's cost to benefit ratio requirements? 


Options are :

  • single site design with the embedded database and one Symantec Network Access Control Manager
  • single site design with clustered Microsoft SQL databases and multiple Symantec Network Access Control Managers
  • single site design with one Microsoft SQL database and multiple Symantec Network Access Control Managers
  • single site design with the embedded database and multiple Symantec Network Access Control Managers

Answer : single site design with the embedded database and one Symantec Network Access Control Manager

Which two features are available only when multiple Symantec Network Access Control Managers

are deployed? (Choose two.)

A. data compression

B. failover

C. load balancing

D. quarantine collection


Options are :

  • A,D
  • C,D
  • B,C
  • A,B

Answer : B,C

ST0-135 Symantec Network Access Technical Assesment Exam Set 4

An organization needs to run a customer saved script using a Host Integrity policy.

Which variable should the administrator use to execute the script?


Options are :

  • %F%
  • %script%
  • $NameOfScript where NameOfScript = the name of the script
  • $PathToScript where PathToScript = the location of the script

Answer : %F%

The administrator at Lifeline Supply Company wants to use the Symantec Network Access Control Manager to upgrade clients to the latest Maintenance Release. What must be done to distribute the delta install packages to the client? 


Options are :

  • export new install packages to deploy with the Altiris Integration Component
  • deploy the maintenance release with the Migration and Deployment tools
  • enable the product update settings in the LiveUpdate Policy
  • add a new Client Install Package with the maintenance release

Answer : add a new Client Install Package with the maintenance release

Which command can be issued from the command line interface to restart the Enforcer appliance?   


Options are :

  • init 0
  • shutdown
  • reboot
  • restart

Answer : reboot

250-253 Administration of Veritas Cluster Server 6.0 Test Set 3

When a client fails Host Integrity check, it may be restricted only to the resources necessary to become compliant. In the Integrated Enforcer, where are these resources added?   


Options are :

  • Symantec Centralized Quarantine Server
  • None
  • Symantec Endpoint Protection Manager list
  • Automatic Quarantine Configuration
  • Centralized Exceptions Policy

Answer : Automatic Quarantine Configuration

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 8

Which information do the Enforcer System logs contain?   


Options are :

  • client connections
  • connection attempts
  • configuration changes
  • Enforcer kernel modules

Answer : configuration changes

When a compliance log event indicates a failed signature file check, to which predefined requirement does this event relate? 


Options are :

  • file condition
  • antivirus and antispyware condition
  • firewall condition
  • registry condition

Answer : antivirus and antispyware condition

Which two considerations are important when implementing a Host Integrity policy to remediate

operating system patch conditions? (Select two.)

A. if the patch is subject to dependencies or prerequisites

B. if the patch is the correct version for the antivirus software and firewall

C. if the patch is for 32- or 64-bit operating systems

D. if the patch is for a Windows or Linux system

E. if the patch is for an On-Demand client



Options are :

  • A,B
  • A,C
  • B,C
  • A,D

Answer : A,C

ST0-247 Symantec Cluster Server 6.1 for UNIX Certifate Exam Set 7

What must be completed before registering an Enforcer appliance with the Symantec Endpoint Protection Manager? 


Options are :

  • Re-image appliance.
  • Set time zone and shared-secret.
  • Set initial IP address and shared-secret
  • Perform initial configuration.

Answer : Perform initial configuration.

When is Host Integrity checking enabled on a Symantec Network Access Control client?   


Options are :

  • during the heartbeat authentication process with the Enforcer
  • when the Symantec Network Access Control client is updated by LiveUpdate for content
  • when the Host Integrity policy is configured and distributed to the client
  • automatically when an upgrade to Symantec Network Access Control is applied

Answer : when the Host Integrity policy is configured and distributed to the client

What happens if the Enforcer group is unspecified when entering the spm command in the Enforcer command line interface? 


Options are :

  • It places the Enforcer in the Default group.
  • It registers the Enforcer without a group.
  • It fails to register the Enforcer
  • It creates a group using the Enforcer hostname.

Answer : It creates a group using the Enforcer hostname.

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 2

Which two ways does the Gateway Enforcer support authentication for On-Demand clients?

(Select two.)

A. RADIUS Authentication

B. RSA Secure ID

C. Symantec Endpoint Protection Database

D. NDS Authentication

E. Gateway Enforcer Local Database



Options are :

  • B,C
  • C,D
  • A,E
  • A,B

Answer : A,E

How can an administrator ensure that LAN Enforcer appliances have the same settings?   


Options are :

  • Create LAN Enforcer group in Symantec Endpoint Protection Manager Console and add both Enforcers
  • Configure Replication in Symantec Endpoint Protection Manager and mark the checkbox to include LAN Enforcers.
  • Edit the synchronization.conf on both Enforcers to contain address of each Enforcer
  • Connect to LAN Enforcer and specify the same group Enforcer name with configure > spm > group

Answer : Connect to LAN Enforcer and specify the same group Enforcer name with configure > spm > group

Which command parameter provides a valid method for establishing the shared secret between the Enforcer appliance and the Symantec Endpoint Protection Manager?   


Options are :

  • keygen
  • keymap
  • keyhash
  • keyreg

Answer : keyhash

250-352 Administration of Storage Foundation and HA 6.0 Test Set 6

Which two functions can Symantec Network Access Control Host Integrity check for and automate

to reduce Help Desk calls for IT support? (Select two.)

A. detect and prevent keystroke loggers from running

B. ensure required software applications such as Altiris are running

C. encrypt wireless communications for local administrative users

D. start services that have been stopped by users

E. query Insight reputation for a new file download


Options are :

  • B,D
  • B,C
  • A,B
  • C,D

Answer : B,D

In addition to the Host Integrity policy, which policy is required to enforce network access using the Self-enforcement method?   


Options are :

  • Centralized Exception policy
  • Firewall policy
  • Device Control policy
  • Application Control policy

Answer : Firewall policy

A virus outbreak is occurring in an organization's network where a registry setting is changed to

prevent the control panel from opening. Which two Symantec Network Access Control custom

options can the organization's administrator use to remediate the condition caused by the virus?

(Select two.)

A. Create a custom Host Integrity script that removes the virus's executable.

B. Create a custom firewall rule to block access to the registry by the virus.

C. Create a custom Host Integrity policy that kills the control panel process.

D. Create a custom firewall rule to prevent remote registry access.

E. Create a custom Host Integrity requirement that reverts the registry setting.



Options are :

  • B,C
  • C,D
  • A,E
  • A,B

Answer : A,E

251-312 Administration of Symantec Backup Exec 12 for Exam Set 8

Which two command line entries will register an Enforcer with the Symantec Endpoint Protection

Manager? (Select two.)

A. configure spm {[ip <ipaddress>] | [subnet mask <netmask>] | [http <port-number>] | [key <keyname>]}

B. configure spm {[ip <ipaddress>] | [client_group <group-name>] | [http <port-number>] | [key

<key-name>]}

C. configure spm {[ip <ipaddress>] | [group <group-name>] | [http <port-number>] | [key <keyname>]}

D. configure spm {[ip <ipaddress>] | [domain <domain-name>] | [https <port-number>] | [key

<shared-key>]}

E. configure spm {[ip <ipaddress>] | [http <port-number>] | [key <key-name>]}


Options are :

  • A,B
  • B,C
  • C,D
  • A,D
  • C,E
  • None of the Above

Answer : C,E

An administrator is configuring a LAN enforcement and is not sure if the switch is communicating with the Enforcer. The administrator needs to look at the traffic in real time. Which command should the administrator use?   


Options are :

  • snoop -d -i -v
  • capture filter all verbose start
  • tcpdump -i eth0 -vv
  • show kernel live

Answer : capture filter all verbose start

An organization's administrator configures a LAN Enforcer to function with the HubNet SX1337 layer two managed switch that uses 802.1x. While attempting to select switch models, the administrator finds that HubNet is unlisted and so selects "Other". After configuring the rest of the properties, the administrator finds that the Enforcer is sending dynamic VLAN assignments to the correct IP address; however, the switch is failing to switch VLANs. Which required setting with the "Other" switch model selection did the administrator overlook?   


Options are :

  • action switch to V-LAN quarantine
  • action switch to V-LAN production
  • send custom RADIUS attributes to switch
  • send custom RADIUS attributes to Enforcer

Answer : send custom RADIUS attributes to switch

ST0-237 Symantec Loss Prevention Technical Practice Exam Set 4

Which two components run Host Integrity checking? (Select two.)

A. Symantec Endpoint Protection client

B. Symantec Network Access Control LAN Enforcer

C. Symantec Network Access Control On-Demand client

D. Symantec Network Access Control Gateway Enforcer



Options are :

  • C,D
  • B,C
  • A,C
  • A,B

Answer : A,C

When using Symantec Network Access Control Integrated Enforcer, which two additional

components are required for guest access with Host Integrity checking? (Select two.)

A. LAN Enforcer

B. Gateway Enforcer

C. Symantec Endpoint Protection Manager

D. Microsoft IAS Server

E. Microsoft Active Directory Domain Controller


Options are :

  • B,C
  • B,D
  • A,E
  • A,B

Answer : B,C

What should be considered when developing a Host Integrity policy?   


Options are :

  • the third-party deployment packages that will need to be deployed for endpoints that are excluded from the Host Integrity policy
  • the order in which the requirements are checked and the operation required for remediation
  • the users that will be permitted to interact with remediation resources and processes
  • the specific elements to assess patch levels on non-Windows systems and the script logic for remediation

Answer : the order in which the requirements are checked and the operation required for remediation

ST0-085 Symantec Security Information Manager 4.7 Technical Set 6

In addition to the local database on LAN Enforcer and an upstream RADIUS server, which method is possible for MAC Authentication Bypass?   


Options are :

  • SQL to Oracle database
  • SQL to Great Bay database
  • LDAP to Active Directory
  • LDAP to Great Bay database

Answer : LDAP to Great Bay database

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions