ST0-135 Symantec Network Access Control 12 Technical Exam Set 7

Which Symantec Network Access Control feature do you primarily use to prevent hackers from gaining backdoor access to client computers?


Options are :

  • Proactive Treat Protection
  • Firewall (Correct)
  • Antispyware
  • Host Integrity

Answer : Firewall

In which order are exceptions processed?


Options are :

  • antispyware then antivirus
  • Computer mode then User mode
  • administrator then user (Correct)
  • Intrusion Prevention then firewall

Answer : administrator then user

In a firewall rule, what is the only trigger type that uses a fingerprint?


Options are :

  • Blank Rule
  • Host
  • Application (Correct)
  • Service

Answer : Application

In Symantec Network Access Control, which default action is taken when security risks such as spyware, adware, hacking tools, remote access programs, and trackware are detected?


Options are :

  • delete the infected file
  • log the detection event only
  • block the source IP address
  • quarantine the file locally (Correct)

Answer : quarantine the file locally

Which three types of scans can be scheduled? (Choose three.)


Options are :

  • Rapid
  • Quick (Correct)
  • Full (Correct)
  • Absolute
  • Custom (Correct)

Answer : Quick Full Custom

Lifeline Supply Company acquired a small company with two hundred employees. Multiple firewall rules, based on collections of client addresses, are required to allow the new organization access to company resources. What should be created to minimize the amount of time needed to create rules?


Options are :

  • a new Host Group (Correct)
  • a new Centralized Exception
  • a new Network Service
  • a new Management Server List

Answer : a new Host Group

What effects does lowering the TruScan Proactive Threat Scan sensitivity level have?


Options are :

  • lower false positive, higher false negative (Correct)
  • lower false positive, lower false negative
  • higher false positive, lower false negative
  • higher false positive, higher false negative

Answer : lower false positive, higher false negative

What is a function of the Symantec Network Access Control firewall?


Options are :

  • protects against viruses in packet flows
  • blocks the execution of client applications
  • restricts network-level drivers from executing (Correct)
  • enforces RFC compliance of network protocols

Answer : restricts network-level drivers from executing

In the Symantec Network Access Control client interface, where can the user find the configuration options for TruScan Proactive Threat Scan?


Options are :

  • Antivirus and Antispyware Protection > Options > TruScan
  • Network Threat Protection > TruScan > Change Settings
  • Advanced Protection Settings > TruScan > Options
  • Proactive Threat Protection > Options > Change Settings (Correct)

Answer : Proactive Threat Protection > Options > Change Settings

The Symantec Network Access Control administrator wants end users to be notified when TruScan Proactive Threat Scan detects a potentially malicious application.Which action should be applied by the administrator so the end user will receive a single notification?


Options are :

  • Terminate
  • Ignore
  • Quarantine (Correct)
  • Log Only

Answer : Quarantine

Which information can Risk Tracer record when an infection to a Windows 2003 share comes from a remote computer on the LAN? (Choose two.)


Options are :

  • subnet mask
  • IP address (Correct)
  • MAC address
  • Gateway address
  • NETBIOS computer name (Correct)

Answer : IP address NETBIOS computer name

What are the three configurable actions in TruScan Proactive Threat Scan? (Choose three.)


Options are :

  • quarantine suspect process (Correct)
  • generate dump of system state
  • log suspect process only (Correct)
  • terminate the suspect process (Correct)
  • set a public SNMP trap
  • suspend the suspect process

Answer : quarantine suspect process log suspect process only terminate the suspect process

TruScan Proactive Threat Scan provides proactive, zero-day protection for which security risks and/or threats? (Choose four.)


Options are :

  • trackware (Correct)
  • viruses
  • rootkits
  • keyloggers (Correct)
  • Trojans (Correct)
  • worms (Correct)

Answer : trackware keyloggers Trojans worms

What are three valid actions for an Antivirus and Antispyware policy when a Security Risk (e.g., spyware, adware, hacking tools, remote control) is detected? (Choose three.)


Options are :

  • repair the infected file
  • block the source IP
  • quarantine the suspect code (Correct)
  • delete the suspect file (Correct)
  • log the detection only (Correct)

Answer : quarantine the suspect code delete the suspect file log the detection only

Which feature can be configured to increase or decrease resource consumption of scheduled scans?


Options are :

  • scan progress options
  • heartbeat interval
  • scan frequency
  • tuning options (Correct)

Answer : tuning options

On-demand scans can be run on which three items from the Symantec Network Access Control Manager Clients page? (Choose three.)


Options are :

  • organizational units
  • computers (Correct)
  • users (Correct)
  • groups (Correct)
  • domains

Answer : computers users groups

A Centralized Exception Policy can be created for which items?


Options are :

  • folders, extensions, and known risks (Correct)
  • files, extensions, and registry entries
  • folders, files, and registry entries
  • files, known risks, and devices

Answer : folders, extensions, and known risks

Which three steps must be taken in order to create a firewall policy that functions properly? (Choose three.)


Options are :

  • force the computer to restart
  • enable system lockdown
  • apply the policy to a group (Correct)
  • enable the policy (Correct)
  • establish rules for the policy (Correct)

Answer : apply the policy to a group enable the policy establish rules for the policy

When creating a firewall rule, which two logging options are allowed? (Choose two.)


Options are :

  • Security logs
  • Packet logs (Correct)
  • System logs
  • Audit logs
  • Traffic logs (Correct)

Answer : Packet logs Traffic logs

Lifeline Supply Company plans to migrate their Symantec AntiVirus Corporate Edition installation to Symantec Network Access Control. The present architecture has the following components: One Primary Server -- Windows 2000 Server SP4 One LiveUpdate Administrator -- Windows XP Two Secondary Servers -- Novell Netware 6.5 SP2 Two LiveUpdate Servers -- Windows 2000 Server Which component makes the case for maintaining a Symantec Antivirus Corporate Edition environment in parallel to Symantec Network Access Control 11.0 after migration has been completed?


Options are :

  • Windows XP
  • Novell Netware (Correct)
  • Windows 2000 Workstation
  • Windows 2000 Server

Answer : Novell Netware

What are the three actions a user can take during an in-progress scheduled scan? (Choose three.)


Options are :

  • stop (Correct)
  • sleep
  • pause (Correct)
  • snooze (Correct)
  • wait

Answer : stop pause snooze

Which statement is true about the default Antivirus and Antispyware policy setting for TruScan Proactive Threat Scan Sensitivity?


Options are :

  • Default Sensitivity is locked. (Correct)
  • Default Sensitivity level is set to 50.
  • Default Sensitivity level is unlocked
  • Default Sensitivity level is client configurable.

Answer : Default Sensitivity is locked.

You need to create a firewall rule that allows all communications during the week, but blocks all communications on the weekend. Which approach accomplishes this?


Options are :

  • create two rules: an allow rule for 12am to 12pm every day above a block rule for weekdays
  • create two rules: a block rule for Saturday and Sunday above an allow rule for every da (Correct)
  • create two rules: an allow rule for every day above a block time for 12 am to 12 am weekends
  • create two rules: an allow rule for every day above a block rule for weekends

Answer : create two rules: a block rule for Saturday and Sunday above an allow rule for every da

What is a characteristic of a custom requirement template?


Options are :

  • It is enabled from the properties tab of the policy manager. (Incorrect)
  • It is added to the advanced settings tab in a Host Integrity policy.
  • It is added to the requirements tab in a Host Integrity policy. (Correct)
  • It is assigned from the Clients tab by organizational group.

Answer : It is added to the requirements tab in a Host Integrity policy.

An organization wants to block endpoints at the network ingress from communicating with internal resources unless an antivirus application and a firewall application are running. The organization will also offer a download location for Symantec Endpoint Protection client if the required security applications are missing. The client should also automatically be sent to the download location when attempting to browse to a website if the required security applications are missing on the endpoint. Which solution should be used?


Options are :

  • Deploy an Integrated Enforcer that will give the clients an IP address that will be in the same subnet as the remediation resources.
  • Deploy a LAN Enforcer along with a remediation VLAN that has access to the remediation resources.
  • Deploy a Gateway Enforcer that automatically redirects clients to a custom website with links to both the On-Demand client and remediation resources. (Correct)
  • Deploy a LAN Enforcer that will redirect clients that do not have any of the required security applications to a website with the remediation resources.

Answer : Deploy a Gateway Enforcer that automatically redirects clients to a custom website with links to both the On-Demand client and remediation resources.

Where is failover configured to ensure LAN Enforcer High Availability?


Options are :

  • on the 802.1x aware switch (Correct)
  • on the LAN Enforcers
  • on the Radius server
  • on the Symantec Endpoint Protection Manager

Answer : on the 802.1x aware switch

An organization applies a Host Integrity policy that runs a custom script to check for an application patch for its proprietary accounting software. The Help Desk technician receives reports from the accounting department that at regular intervals a command prompt appears briefly on users' desktops and then disappears. What is the most likely cause?


Options are :

  • In the "Maximum waiting time for the program to complete" setting, "Do not wait" is selected.
  • In the custom requirement section, "Run the program in logged-in user context" is selected.
  • In the Host Integrity policy advanced settings, "Show verbose Host Integrity logging" is selected.
  • In the custom requirement section, "Show a new process window" is selected. (Correct)

Answer : In the custom requirement section, "Show a new process window" is selected.

What are the appropriate sequence of steps to deploy a template Host Integrity requirement?


Options are :

  • Configure Policy > Configure Options > Apply Policy
  • Import Policy > Configure Policy > Apply Policy (Correct)
  • Create Policy > Configure Policy > Apply Policy
  • Download Policy > Configure Policy > Apply Policy

Answer : Import Policy > Configure Policy > Apply Policy

An organization plans to install Symantec Network Access Control into an existing Symantec Endpoint Protection deployment. The primary goal of this is to prevent access to the internal network for both managed and unmanaged systems until a system has been validated to meet the organization's basic security and configuration requirements. The proposed design specifications call for: Single LAN Enforcer Unmanaged systems that will use the Network Access Control On-Demand client Managed systems that will use the Symantec Endpoint Protection client Use of the Self-enforcement method to achieve the primary goal Why does this plan fail to meet the primary goal?


Options are :

  • Self-enforcement uses Network Lockdown to restrict network access, while the OnDemand client uses the Firewall.
  • Self-enforcement uses the Firewall to restrict network access, while the On-Demand client uses the Gateway Enforcer. (Correct)
  • Self-enforcement uses the DHCP policy to restrict network access, while the OnDemand client uses the LAN Enforcer.
  • Self-enforcement uses Device Control to restrict network access, while the On-Demand client uses DHCP Enforcement.

Answer : Self-enforcement uses the Firewall to restrict network access, while the On-Demand client uses the Gateway Enforcer.

An organization needs a Symantec Network Access Control solution that will ensure an endpoint is compliant with Host Integrity policy before granting access to the organization's production network. In addition to the LAN Enforcer, which two items are required to meet the requirements? (Select two.)


Options are :

  • Symantec Endpoint Protection Manager (Correct)
  • ACLs and a firewall enabled in the Enforcer
  • 802.1x capable switch (Correct)
  • Central Quarantine server
  • remote access device

Answer : Symantec Endpoint Protection Manager 802.1x capable switch

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions