ST0-135 Symantec Network Access Control 12.1 Technical Asses Set 7

Which Symantec Network Access Control technology can prevent a device from connecting to the network and receiving an IP address? 


Options are :

  • Self Enforcement
  • LAN Enforcer
  • DHCP Enforcer
  • Integrated Enforcer

Answer : LAN Enforcer

When testing 802.1x environments, which logs can an administrator use to confirm whether the credentials provided by a user are accepted or rejected? 


Options are :

  • RADIUS Server Event logs
  • Symantec Audit logs
  • Enforcer Server logs
  • Symantec Compliance logs

Answer : RADIUS Server Event logs

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Exam Set 3

What should an administrator do to ensure that the results of Host Integrity do not affect the traffic through Gateway Enforcer?   


Options are :

  • Configure the Gateway to permit all clients that have the correct policy number
  • Configure the Gateway to permit all clients that have non-Windows operating systems.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the Enforcer fails.
  • Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails

Answer : Configure the Host Integrity policy so that the Host Integrity check can pass even though the requirement fails

Which Enforcer command line interface command must be entered before the 'upload' command can be used?   


Options are :

  • configure
  • log
  • debug
  • spm

Answer : debug

A security manager needs to ensure a client station complies with Host Integrity checks for

software applications and network setting. The checks are complex that require conditional

checking. Which two types of checks enable conditional checking? (Select two.)

A. network connectivity

B. firewall

C. process

D. software validation

E. antivirus



Options are :

  • C,D
  • A,B
  • B,C
  • B,E

Answer : B,E

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 8

By default, what are the required connection settings for a serial connection to an Enforcer appliance? 


Options are :

  • Data Bits: 8; Parity: even; Stop Bits: 1
  • Data Bits: 8; Parity: none; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 1
  • Data Bits: 8; Parity: odd; Stop Bits: 2

Answer : Data Bits: 8; Parity: none; Stop Bits: 1

An organization has installed a LAN Enforcer. Remediation resources are on the production VLAN. Which method provides remediation resources to the clients assigned to the quarantine VLAN?   


Options are :

  • Configure static routes from the Enforcer command line interface to the remediation server
  • Configure static routes in the Host Integrity policy for the quarantine VLAN.
  • Configure static routes on a router to the remediation server(s).
  • Configure static routes from the Enforcer group to the remediation server.

Answer : Configure static routes on a router to the remediation server(s).

An administrator needs to add a legal banner to the On-Demand Welcome page. Where is the banner page modified?   


Options are :

  • on the Gateway Enforcer
  • on the Symantec Endpoint Protection Manager Apache Web server
  • on the Integrated Enforce
  • on the Symantec Endpoint Protection Manager in admin > server tab

Answer : on the Symantec Endpoint Protection Manager in admin > server tab

250-352 Administration of Storage Foundation and HA 6.0 Test Set 4

How does a LAN Enforcer allow devices, such as IP phones, without a 802.1X supplicant running?   


Options are :

  • User authentication
  • IP authentication
  • MAC Authentication Bypass
  • Trusted Vendor exception

Answer : MAC Authentication Bypass

What is the default context in which programs are run when using the patch requirement in a Host Integrity policy? 


Options are :

  • domain-user context
  • administrator context
  • local-user context
  • system context

Answer : system context

Which report should an administrator run to learn why a client failed a Host Integrity check?   


Options are :

  • Clients by Compliance Failure Summary
  • Compliance Failure Status
  • Non-compliant Clients by Location
  • Compliance Failure Details

Answer : Compliance Failure Details

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

A Host Integrity Antivirus Requirement has been configured, and the Host Integrity policy has been assigned and enabled. The requirement was defined as "Any supported antivirus application". In which case must a specific product be defined?   


Options are :

  • Signature check results need to be included for alerting.
  • Users need to be able to cancel the Host Integrity remediation.
  • Product names need to be included in reports in the logs
  • A particular antivirus software needs to be installed and started if the check fails.

Answer : A particular antivirus software needs to be installed and started if the check fails.

What is a Host Integrity rule template?   


Options are :

  • an empty custom requirement supplied by Symantec
  • a read-only predefined custom requirement supplied by Symantec
  • a predefined custom requirement supplied by Symantec
  • a template used to insert a new predefined requirement for selection

Answer : a predefined custom requirement supplied by Symantec

An Enforcer fails to register with the Symantec Endpoint Protection Manager, yet the administrator can ping the Symantec Endpoint Protection Manager from the Enforcer. What is most likely incorrect with the SPM configuration command? 


Options are :

  • spm-domain parameter
  • key parameter
  • client-group parameter
  • group parameter

Answer : key parameter

250-371 Administration Symantec Net Backup 7.5 Windows Exam Set 8

How does the Gateway Enforcer function on the network?   


Options are :

  • Layer 3 bridging operation from external interface to internal interface
  • Layer 2 routing operation from external interface to internal interface
  • Layer 3 bridging operation from internal to external interface
  • Layer 2 bridging operation from external interface to internal interface

Answer : Layer 2 bridging operation from external interface to internal interface

A laptop is connected to the Internet from a non-corporate connection. The Symantec Network Access Control client is in the "Remote" location defined by an administrator. The client has no access to corporate network resources. The Symantec Network Access Control client reports that Host Integrity has failed due to out-of-date virus definitions for a third-party antivirus. The user is unable to access the corporate remediation servers to remediate this definition issue. How can a Symantec Network Access Control administrator avoid this situation in the future?   


Options are :

  • Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions
  • Apply a location specific LiveUpdate policy for the quarantine location to provide alternate remediation options LiveUpdate definitions.
  • Apply third party antivirus definitions when Host Integrity fails
  • Apply Host Integrity policy to a quarantine location

Answer : Apply a location specific Host Integrity policy to the location to provide alternate remediation options for the third-party antivirus definitions

Devices such as printers and IP phones may also need access to the network. Where In the Integrated Enforcer Console can access for these devices be enabled? 


Options are :

  • Mac Address Bypass list
  • Excluded device list
  • Trusted vendor list
  • Excluded supplicant list

Answer : Trusted vendor list

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 10

A Host Integrity policy has been created on the Policies page of the Symantec Endpoint Protection Manager to validate the patch level of the endpoints. The intent of the policy is to restrict network access to only remediation resources when an endpoint fails the Host Integrity rule. The administrator assigned the policy to the appropriate client group and ensured it is enabled. What additional configuration steps are needed to fulfill the desired result? 


Options are :

  • Configure the Network Lockdown by enabling the Quarantine option
  • Configure the Firewall policy by enabling the Quarantine option
  • Configure the Quarantine Location by assigning a restrictive firewall policy
  • Configure the Network Lockdown settings by assigning a restrictive firewall policy.

Answer : Configure the Quarantine Location by assigning a restrictive firewall policy

An administrator configured On-Demand access and finds that clients are displaying in the default group in the Symantec Endpoint Protection Manager. What is likely causing this to happen?   


Options are :

  • An On-Demand group needs to be created.
  • The On-Demand client failed Host Integrity.
  • The endpoint lost communication with Gateway Enforcer.
  • The database is corrupt.

Answer : An On-Demand group needs to be created.

Which enforcement method requires the Symantec Endpoint Protection Client to be installed with the firewall enabled? 


Options are :

  • DHCP Enforcement
  • Gateway Enforcement
  • LAN Enforcement
  • Self-enforcement

Answer : Self-enforcement

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 4

For which two items can users create exceptions? (Choose two.)

A. TruScan Proactive Threat Scan

B. Client Firewall

C. Tamper Protection

D. Security Risks



Options are :

  • B,C
  • A,B
  • A,D
  • C,D

Answer : A,D

ST0-10X Veritas Storage Foundation 5 for Unix Practice Exam Set 2

Which information can Risk Tracer record when an infection to a Windows 2003 share comes from

a remote computer on the LAN? (Choose two.)

A. NETBIOS computer name

B. Gateway address

C. MAC address

D. IP address



Options are :

  • B,C
  • A,D
  • A,B
  • C,D

Answer : A,D

Which Auto-Protect types are configurable?   


Options are :

  • File System, Internet Email, Microsoft Outlook, GroupWise
  • Application, File System, Internet Email, Lotus Notes
  • File System, Internet Email, Lotus Notes, Microsoft Outlook
  • Application, File System, Microsoft Outlook, Sendmail

Answer : File System, Internet Email, Lotus Notes, Microsoft Outlook

In a firewall rule, what is the only trigger type that uses a fingerprint?   


Options are :

  • Blank Rule
  • Host
  • Application
  • Service

Answer : Application

ST0-135 Symantec Network Access Controls Technical Exam Set 1

What is the primary purpose for implementing a client firewall?   


Options are :

  • to detect threats
  • to block connections
  • to restrict URLs
  • to authenticate sites

Answer : to block connections

A Centralized Exception Policy can be created for which items?   


Options are :

  • files, known risks, and devices
  • folders, files, and registry entries
  • folders, extensions, and known risks
  • files, extensions, and registry entries

Answer : folders, extensions, and known risks

Lifeline Supply Company acquired a small company with two hundred employees. Multiple firewall

rules, based on collections of client addresses, are required to allow the new organization access

to company resources.

What should be created to minimize the amount of time needed to create rules?


Options are :

  • a new Management Server List
  • a new Host Group
  • a new Centralized Exception
  • a new Network Service

Answer : a new Host Group

ST0-247 Symantec Cluster Server 6.1 for UNIX Technical Test Set 3

What are three valid actions for an Antivirus and Antispyware policy when a Security Risk (e.g.,

spyware, adware, hacking tools, remote control) is detected? (Choose three.)

A. quarantine the suspect code

B. block the source IP

C. delete the suspect file

D. log the detection only

E. repair the infected file


Options are :

  • A,B,C
  • A,C,D
  • B,C,D
  • C,D,E

Answer : A,C,D

What is a function of the Symantec Network Access Control firewall?   


Options are :

  • blocks the execution of client applications
  • enforces RFC compliance of network protocols
  • protects against viruses in packet flows
  • restricts network-level drivers from executing

Answer : restricts network-level drivers from executing

When Auto-Protect is enabled, protection is optional for which type of file access?   


Options are :

  • Delete
  • Backup
  • Restore
  • Write

Answer : Backup

ST0-135 Symantec Network Access Technical Assesment Exam Set 5

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions