ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 3

Which Symantec Network Access Control technology can prevent a device from connecting to the network and receiving an IP address? 


Options are :

  • Self Enforcement
  • LAN Enforcer (Correct)
  • DHCP Enforcer
  • Integrated Enforcer

Answer : LAN Enforcer

When testing 802.1x environments, which logs can an administrator use to confirm whether the credentials provided by a user are accepted or rejected? 


Options are :

  • RADIUS Server Event logs (Correct)
  • Symantec Audit logs
  • Enforcer Server logs
  • Symantec Compliance logs

Answer : RADIUS Server Event logs

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 1

What should an administrator do to ensure that the results of Host Integrity do not affect the traffic through Gateway Enforcer?   


Options are :

  • Configure the Gateway to permit all clients that have the correct policy number
  • Configure the Gateway to permit all clients that have non-Windows operating systems.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the Enforcer fails.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails (Correct)

Answer : Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails

Which Enforcer command line interface command must be entered before the 'upload' command can be used?   


Options are :

  • configure
  • log
  • debug (Correct)
  • spm

Answer : debug

A security manager needs to ensure a client station complies with Host Integrity checks forsoftware applications and network setting. The checks are complex that require conditionalchecking. Which two types of checks enable conditional checking? (Select two.)A. network connectivityB. firewallC. processD. software validationE. antivirus



Options are :

  • C,D
  • A,B
  • B,C
  • B,E (Correct)

Answer : B,E

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 8

By default, what are the required connection settings for a serial connection to an Enforcer appliance? 


Options are :

  • Data Bits: 8; Parity: even; Stop Bits: 1
  • Data Bits: 8; Parity: none; Stop Bits: 1 (Correct)
  • Data Bits: 8; Parity: odd; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 2

Answer : Data Bits: 8; Parity: none; Stop Bits: 1

An organization has installed a LAN Enforcer. Remediation resources are on the production VLAN. Which method provides remediation resources to the clients assigned to the quarantine VLAN?   


Options are :

  • Configure static routes from the Enforcer command line interface to the remediation server
  • Configure static routes in the Host Integrity policy for the quarantine VLAN.
  • Configure static routes on a router to the remediation server(s). (Correct)
  • Configure static routes from the Enforcer group to the remediation server.

Answer : Configure static routes on a router to the remediation server(s).

An administrator needs to add a legal banner to the On-Demand Welcome page. Where is the banner page modified?   


Options are :

  • on the Gateway Enforcer
  • on the Symantec Endpoint Protection Manager Apache Web server
  • on the Integrated Enforce
  • on the Symantec Endpoint Protection Manager in admin > server tab (Correct)

Answer : on the Symantec Endpoint Protection Manager in admin > server tab

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 3

How does a LAN Enforcer allow devices, such as IP phones, without a 802.1X supplicant running?   


Options are :

  • User authentication
  • IP authentication
  • MAC Authentication Bypass (Correct)
  • Trusted Vendor exception

Answer : MAC Authentication Bypass

What is the default context in which programs are run when using the patch requirement in a Host Integrity policy? 


Options are :

  • domain-user context
  • administrator context
  • local-user context
  • system context (Correct)

Answer : system context

Which report should an administrator run to learn why a client failed a Host Integrity check?   


Options are :

  • Clients by Compliance Failure Summary
  • Compliance Failure Status
  • Non-compliant Clients by Location
  • Compliance Failure Details (Correct)

Answer : Compliance Failure Details

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 2

A Host Integrity Antivirus Requirement has been configured, and the Host Integrity policy has been assigned and enabled. The requirement was defined as "Any supported antivirus application". In which case must a specific product be defined?   


Options are :

  • Signature check results need to be included for alerting.
  • Users need to be able to cancel the Host Integrity remediation.
  • Product names need to be included in reports in the logs
  • A particular antivirus software needs to be installed and started if the check fails. (Correct)

Answer : A particular antivirus software needs to be installed and started if the check fails.

What is a Host Integrity rule template?   


Options are :

  • an empty custom requirement supplied by Symantec
  • a read-only predefined custom requirement supplied by Symantec
  • a predefined custom requirement supplied by Symantec (Correct)
  • a template used to insert a new predefined requirement for selection

Answer : a predefined custom requirement supplied by Symantec

An Enforcer fails to register with the Symantec Endpoint Protection Manager, yet the administrator can ping the Symantec Endpoint Protection Manager from the Enforcer. What is most likely incorrect with the SPM configuration command? 


Options are :

  • spm-domain parameter
  • key parameter (Correct)
  • client-group parameter
  • group parameter

Answer : key parameter

250-400 Administration of Altiris Client Management Suite Set 4

How does the Gateway Enforcer function on the network?   


Options are :

  • Layer 3 bridging operation from external interface to internal interface
  • Layer 2 routing operation from external interface to internal interface
  • Layer 3 bridging operation from internal to external interface
  • Layer 2 bridging operation from external interface to internal interface (Correct)

Answer : Layer 2 bridging operation from external interface to internal interface

A laptop is connected to the Internet from a non-corporate connection. The Symantec Network Access Control client is in the "Remote" location defined by an administrator. The client has no access to corporate network resources. The Symantec Network Access Control client reports that Host Integrity has failed due to out-of-date virus definitions for a third-party antivirus. The user is unable to access the corporate remediation servers to remediate this definition issue. How can a Symantec Network Access Control administrator avoid this situation in the future?   


Options are :

  • Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions (Correct)
  • Apply a location specific LiveUpdate policy for the quarantine location to provide alternate remediation options LiveUpdate definitions.
  • Apply third party antivirus definitions when Host Integrity fails
  • Apply Host Integrity policy to a quarantine location

Answer : Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions

Devices such as printers and IP phones may also need access to the network. Where In the Integrated Enforcer Console can access for these devices be enabled? 


Options are :

  • Mac Address Bypass list
  • Excluded device list
  • Trusted vendor list (Correct)
  • Excluded supplicant list

Answer : Trusted vendor list

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 10

A Host Integrity policy has been created on the Policies page of the Symantec Endpoint Protection Manager to validate the patch level of the endpoints. The intent of the policy is to restrict network access to only remediation resources when an endpoint fails the Host Integrity rule. The administrator assigned the policy to the appropriate client group and ensured it is enabled. What additional configuration steps are needed to fulfill the desired result? 


Options are :

  • Configure the Network Lockdown by enabling the Quarantine option
  • Configure the Firewall policy by enabling the Quarantine option
  • Configure the Quarantine Location by assigning a restrictive firewall policy (Correct)
  • Configure the Network Lockdown settings by assigning a restrictive firewall policy.

Answer : Configure the Quarantine Location by assigning a restrictive firewall policy

An administrator configured On-Demand access and finds that clients are displaying in the default group in the Symantec Endpoint Protection Manager. What is likely causing this to happen?   


Options are :

  • An On-Demand group needs to be created. (Correct)
  • The On-Demand client failed Host Integrity.
  • The endpoint lost communication with Gateway Enforcer.
  • The database is corrupt.

Answer : An On-Demand group needs to be created.

Which enforcement method requires the Symantec Endpoint Protection Client to be installed with the firewall enabled? 


Options are :

  • DHCP Enforcement
  • Gateway Enforcement
  • LAN Enforcement
  • Self-enforcement (Correct)

Answer : Self-enforcement

250-371 Administration Symantec NetBackup 7.5 for Windows Set 4

What is the purpose of enabling the "Admin Defined Remediation Delay" setting?   


Options are :

  • It permits only the administrator to delay remediations when logging into and out of compliance systems.
  • It permits the local user at the endpoint to delay remediation of a Host Integrity violation (Correct)
  • It requires that a remediation be delayed before the condition causing the Host Integrity violation can be resolved.

Answer : It permits the local user at the endpoint to delay remediation of a Host Integrity violation

251-312 Administration of Symantec Backup Exec 12 for Exam Set 6

When re-imaging the Enforcer via the serial connection, which step must be performed first?   


Options are :

  • Assign a valid IP address to the Enforcer.
  • Enable Telnet on the remote terminal
  • Enable console redirection in the appliance BIOS (Correct)
  • Set up remote terminal type for VT-UTF8.

Answer : Enable console redirection in the appliance BIOS

How can devices, such as printers or IP telephones, be excluded from being blocked by the Symantec Network Access Control Integrated Enforcer? 


Options are :

  • Configure a Trusted Vendor list on the Symantec Endpoint Protection Manager.
  • Configure MAC Authentication Bypass on the Symantec Network Access Control Integrated Enforcer
  • Configure MAC Authentication Bypass on the Symantec Endpoint Protection Manager.
  • Configure a Trusted Host list on the Symantec Endpoint Protection Manager. (Correct)

Answer : Configure a Trusted Host list on the Symantec Endpoint Protection Manager.

Besides a LAN Enforcer, which two components are required for transparent mode? (Select two.)A. Symantec Endpoint Protection ManagerB. VPN remote access deviceC. RADIUS server upstream of LAN EnforcerD. 802.1x capable switchE. ACLs and a firewall enabled in the Enforcer


Options are :

  • A,B
  • A,D (Correct)
  • B,E
  • C,D

Answer : A,D

251-312 Administration of Symantec Backup Exec 12 for Exam Set 6

Which Symantec product can have Symantec Network Access Control functionality enabled?   


Options are :

  • Symantec AntiVirus 10.2
  • Symantec Client Security 3.0
  • Symantec Endpoint Protection 12.1 (Correct)
  • Symantec Critical System Protection 5.2

Answer : Symantec Endpoint Protection 12.1

What are two primary purposes of Symantec Network Access Control? (Select two.)A. install new operating systems to client workstationsB. update policies on the Symantec Endpoint Protection ManagerC. prevent out-of-compliance systems from impacting production resourcesD. check endpoint computers' Host Integrity compliance periodically



Options are :

  • B,C
  • A,D
  • A,B
  • C,D (Correct)

Answer : C,D

After the Symantec Endpoint Protection Manager is installed, what is the correct sequence of steps for implementing the On-Demand client? 


Options are :

  • Configure On-Demand and then install DHCP Integrated Enforcer
  • Configure On-Demand and then install Gateway Enforcer
  • Install DHCP Integrated Enforcer and then configure On-Demand
  • Install Gateway Enforcer and then configure On-Demand (Correct)

Answer : Install Gateway Enforcer and then configure On-Demand

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 9

How many additional client packages become available when a Symantec Endpoint Protection Manager has been upgraded with Symantec Network Access Control? 


Options are :

  • 3
  • 2 (Correct)
  • 0
  • 1

Answer : 2

Where are Symantec Network Access Control client packages found on the Symantec Endpoint Protection Manager? 


Options are :

  • Clients > Install Packages
  • Policies > Policy Components
  • Admin > Install Packages (Correct)
  • Client > Policies

Answer : Admin > Install Packages

Symantec Network Access Control can be implemented standalone or as an integrated module of Symantec Endpoint Protection. What is the only policy that exists in both standalone and integrated implementations 


Options are :

  • Host Integrity
  • Firewall
  • Centralized Exceptions
  • LiveUpdate (Correct)

Answer : LiveUpdate

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions